[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: [FW1] ftp reject "reason: tried to open up other host port"

To: 'Angel Luis Perez Hernandez' <angel@workflow.es>, "fw-1-mailinglist@lists.us.checkpoint.com" <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: AW: [FW1] ftp reject "reason: tried to open up other host port"
From: Axel Hoffmann <axel.hoffmann@eckmann.de>
Date: Fri, 15 Oct 1999 17:03:10 +0200

Hi all,
like Angel suggested, I did a detailed sniffing of the rejected 
ftp-sessions. Here is what I got:

SOURCE	DEST	S-PORT	D-PORT	FLAG	DATA

This one worked:

Client		Server	1041		FTP			PORT 192,168,1,1,4,179
Server		Client	FTP		1041			200 PORT command successful
Client		Server	1041		FTP			RETR temp13
Server		Client	FTPDATA	1203		Syn	...
...
Server		Client	FTP		1041			226 Transfer complete.

This one didnt:

Client		Server	1041		FTP			PORT 192,168,1,1,4,180
Server		Client	FTP		1041		RST	WIN=0
:-(

So the PORT-commands are correct, it seems to be the "pre-defined 
services"-problem. As I mailed before I changed the macros in the base.def 
but obviously I missed something. DID ANYBODY SOLVE THE PROBLEM FOR A V.4 
FW-1?  HELPPPPP!!!

TIA

AXEL

> -----Ursprungliche Nachricht-----
> Von:	Angel Luis Perez Hernandez [SMTP:angel@workflow.es]
> Gesendet am:	Mittwoch, 13. Oktober 1999 18:26
> An:	Hoffmann, Axel; fw-1-mailinglist@lists.us.checkpoint.com
> Betreff:	RE: [FW1] ftp reject "reason: tried to open up other host port"
>
>
>     I'm afraid I'm not good at all with Inspect either. But I don't know
> what's happening to you. I didn't have to create the ftp-server-ports at
> all. I just uncommented the line in the base.def file. What I've learned
> from this is that this message comes from an incorrect "PORT" command. 
From
> the trace, have all of your "PORT" commands the address of the client? 
Don't
> you have any "PORT" command without an address? I mean, with a blank, a
> newline or anything different from an address. Don't you have "PORT"
> commands when you wouldn't expect one?
>
>     Regards
>     Angel
>
> ----- Original Message -----
> From: Axel Hoffmann <axel.hoffmann@eckmann.de>
> To: 'Angel Luis Perez Hernandez' <angel@workflow.es>
> Cc: <fw-1-mailinglist@lists.us.checkpoint.com>
> Sent: Wednesday, October 13, 1999 5:24 PM
> Subject: AW: [FW1] ftp reject "reason: tried to open up other host port"
>
>
> > Hi Angel,
> > I traced the connection (my customer did because his site is quite far
> > away) and all the connections seem to come from the same IP-Address. I 
did
> > the modifications suggested by phoneboy but I am not sure if it works. 
The
> > example from phoneboy is for a V3.0 FW and the definitions in V4.0 are
> > quite different. I am not so very good in inspect so I did as less
> > modifications as possible. Perhaps you can check if these modifications
> are
> > correct. I did the construction with "not" and "p<1024" because I dont
> know
> > the meaning of the parameter behind the "p".
> >
> > Here is my definition of "FTP-Server-Ports":
> >
> >
> > define FTP_NOTSERVER_TCP_PORT(p) {
> > (not
> > ( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, set sr12 p,
> >   set sr1 0, log bad_conn)
> > )
> > };
> >
> > and then in the definition of ftp I have (only in the active ftp 
section
> > because that is the one which is causing problems ):
> >
> >
> > #define ftp_accept_port \
> > r_cdir = 1, dport = SERV_ftp or origdport = SERV_ftp, tcp, \
> > IS_PORT_CMD, set sr1 FTPPORT(0), \
> > direction = 1 or FTPPORT_ANTICIPATE(sr1), \
> > set sr1 FTPPORT(FTPPORT_MATCH), sr1 != 0 or (WRONG_HOST_LOG,reject),\
> > FTP_NOTSERVER_TCP_PORT(sr1) or reject, \
> > direction = 0 or FTPPORT_ANTICIPATE(sr1), \
> > ( \
> > ftp_accept_port_enc(sr1) \
> > ) or ( \
> > ftp_accept_port_clear(sr1) \
> > ), \
> > accept_fwz_as_clear(r_ctype)
> >
> > Do I have to do anything else or doent it work at all?
> >
> > TIA
> >
> > Axel
> >
> >
> > Eckmann Netzwerkservice GmbH
> >
> > Sylvesterallee 2
> > 22525 Hamburg
> >
> > Tel.:040/54706-195
> > Fax:040/54706-111
> > E-Mail:axel.hoffmann@eckmann.de
> >
> > URL:www.eckmann.de
> >
> > > -----Ursprungliche Nachricht-----
> > > Von: Angel Luis Perez Hernandez [SMTP:angel@workflow.es]
> > > Gesendet am: Mittwoch, 13. Oktober 1999 09:59
> > > An: Hoffmann, Axel
> > > Betreff: RE: [FW1] ftp reject "reason: tried to open up other host 
port"
> > >
> > >     Have you tried tracing the connection? I tried the "FTPPORT"
> > > modification and didn't work, so I "sniffed" the connection and found
> > there
> > > was a NIC card in the PC and a "PORT" command with the NIC address 
was
> > being
> > > sent, and FW-1 showed it (logically) as "trying to open another host
> > port".
> > >
> > >     Look in the trace for the "PORT" commands and try to find if 
there
> > are
> > > any strange addresses in them or there is any "PORT" without address.
> > >
> > >     Regards
> > >     Angel Luis Perez
> > >
> > > ----- Original Message -----
> > > From: Axel Hoffmann <axel.hoffmann@eckmann.de>
> > > To: <michel.martin@mrn.gouv.qc.ca>; <msallen3@yahoo.com>;
> > > <fw-1-mailinglist@lists.us.checkpoint.com>
> > > Sent: Wednesday, October 13, 1999 9:10 AM
> > > Subject: AW: [FW1] ftp reject "reason: tried to open up other host 
port"
> > >
> > >
> > > >
> > > > Hi,
> > > > Thanks for the hint, but I already tried that.
> > > >
> > > > REGARDS;
> > > >
> > > > Axel Hoffmann
> > > >
> > > >
> > > > Ihre Meinung ist uns wichtig!
> > > > mitmachen und gewinnen unter http://www.eckmann.de
> > > >
> > > >
> > > > Eckmann Netzwerkservice GmbH
> > > >
> > > > Sylvesterallee 2
> > > > 22525 Hamburg
> > > >
> > > > Tel.:040/54706-195
> > > > Fax:040/54706-111
> > > > E-Mail:axel.hoffmann@eckmann.de
> > > >
> > > > URL:www.eckmann.de
> > > >
> > > > > -----Ursprungliche Nachricht-----
> > > > > Von: michel.martin@mrn.gouv.qc.ca
> [SMTP:michel.martin@mrn.gouv.qc.ca]
> > > > > Gesendet am: Dienstag, 12. Oktober 1999 20:03
> > > > > An: Hoffmann, Axel; msallen3@yahoo.com;
> > > fw-1-mailinglist@lists.us.checkpoint.com
> > > > > Betreff: RE: [FW1] ftp reject "reason: tried to open up other 
host
> > port"
> > > > >
> > > > >  << Datei: ATT00023.txt; charset = windows-1252 >>  << Datei:
> > FireWall-1
> > > FAQ- High Port TCP Services and FTP.url >>
> > > >
> > > >
> > > >
> > > >
> > >
> > ====================================================================  
====
> > ====
> > > ====
> > > >      To unsubscribe from this mailing list, please see the
> instructions
> > at
> > > >                http://www.checkpoint.com/services/mailing.html
> > > >
> > >
> > 
========================================================================
> > ====
> > > ====
> >
>
>
>
> 
========================================================================  
========
>      To unsubscribe from this mailing list, please see the instructions 
at
>                http://www.checkpoint.com/services/mailing.html
> 
========================================================================  
========



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Prev by Date: [FW1] SMTP Proxy FW-1
Next by Date: RE: [FW1] Easy question about SMTP to internal server
Prev by thread: AW: [FW1] ftp reject "reason: tried to open up other host port"
Next by thread: [iso-8859-1] Réf. : Re: [FW1] License
Index(es):
- Date
- Thread