Thread: extended passive FTP blocked
View Single Post
  #1 (permalink)  
Old 2006-02-09
jeanse jeanse is offline
Junior Member
  
Join Date: 2006-01-26
Posts: 2
Rep Power: 0
jeanse has an average reputation (10+)
Default extended passive FTP blocked
Hi All,

Concerns: VPN-1/FW-1 NG R55
Problem: extended passive FTP blocked by firewall

Symptoms:

The client initiates an FTP connection (from port X to port 21).
When the client issues the 'ls' command, the server asks the client to enter extended passive mode. At the mean time, the server indicates a high port number Y to be used.
The client initiates a new connection from port X+1 to port Y.
This last connection is not recognized and is dropped by the 'cleanup' rule.

What has been done:

Allowing FTP or FTP-pasv or FTP-dir or FTP_mapped or FTP_port in the Rule Base does not help.
The port Y is not included in the table called tcp_services, and anyway option 'allow data to all defined services port' is checked.

Any help appreciated!
Thank you,

Jeanse
Reply With Quote