Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Checkpoint Firewall - Linux Redhat ftp issue... unknown error

Status
Not open for further replies.
Denda

Denda

MIS
Oct 30, 2001
237
US
Hi all..
I'm about ready to pull my hair out on this one. I have created a standard ftp server on Red Hat (vsftpd). The ftp server sits in our DMZ (192.168.X.X- Nat'g 63.x.x.x) for our customers to just toss files on throughout the day.

We currently have a Mandrake ftp server sitting there (proftpd) and works fine, however we are growing out of it and that is why the new server.

I have the Red Hat firewall turned off for now and am receiving the following error message whether it's on or off from the outside trying to connect via ftp.. ftp:connect: unknown error.

Per Red Hat, it looks as though it is a firewall issue, I have it setup exactly like the current ftp server in our firewall (Checkpoint) and I can't think of anything else I could be missing. I have the NAT rule created and from within our network 10.53.X.X we can ftp to it with no problems. But get the unknown error on any attempt from the outside. Also FW-1 nor fw monitor logs any type of rejections or connection attempts for this specific server.

Anyone have any ideas?
 
Sort by date Sort by votes
What version of Checkpoint are you running?

From the log viewer do you see a ftp request hitting the firewall?

Running a tcpdump on the ftp server, do see the traffic hit that box?

Are you using the windows ftp client or a 3rd party one?

 
Upvote 0 Downvote
1) NG FP3
2) Nothing is being logged for this server for ftp
3) No traffic from the outside is not hitting the ftp server
4) Windows ftp client, this is a must. Use passv ftp is checked within internet options.
 
Upvote 0 Downvote
I assume you have logging turned on for the rule that would match inbound Ftp access to that server. If your not seeing the traffic in the firewall logs then other testing is required. If you add a rule to allow icmp from a outside address to the ftp server. Can you ping the public address to make sure your static translation is working? Also check your firewall to see if a arp entry is present.

 
Upvote 0 Downvote
yes, logging is turned on. I will test the ping as soon as my person on the outside gets able to and will report back. Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
742
nnaarrnn
nnaarrnn
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
324
hairlessupportmonkey
hairlessupportmonkey
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
272
hairlessupportmonkey
hairlessupportmonkey
mattbarkerlfc
  • Locked
  • Question
Checkpoint 2200 subnet overlap problem
Replies
0
Views
201
mattbarkerlfc
mattbarkerlfc
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
226
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top