Firewall Wizards mailing list archives
FTP Passive Traffic from PIX thru SEF to Serv-U
From: TSimons () Delphi-Tech com
Date: Mon, 15 Mar 2004 22:18:26 -0500
Hello All We recently had an issue with an ftp user behind a remote PIX firewall trying to connect to our FTP server. Apparently the SEF was pulling back the NAT wrapper off the traffic from the PIX and pulling out the private address on the remote side. Client-->[PIX/NAT]-->Internet-->[SEF/FTPd]-->Serv-U Is this a PIX problem? Here's the specific SEF log entry: Mar 05 15:13:13.443 FW1 ftpd[1684]: 353 Warning: PORT command referenced a destination (10.6.11.3) that doesn't match control channel (X.X.X.36): possible Bounce attack? To enforce strict PORT checking please set "ftpd.allow_address_mismatch=False" in the config.cf file X.X.X.36 is the outbound NAT'd IP address, not PAT 10.6.11.3 is the IP address inside the PIX This problem is isolated to this specific PIX, others are using the ftp server perfectly fine. Thanks, ~Todd __________________________________ Todd M. Simons Senior MIS Engineer Dell Tier 1 PA Technician Delphi Technology, Inc. New Brunswick, NJ Note: The contents of this email do not constitute a legally binding commitment. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- FTP Passive Traffic from PIX thru SEF to Serv-U TSimons (Mar 18)