08-29-2005 12:55 AM - edited 03-09-2019 12:16 PM
Hi!
We have an FWSM on ver. 2.3.1. We have Suse Linux systems on the non-secure (outside) side running which have to do YAST (OS sw update) from non-secure to secure. YAST uses ftp under the covers however Suse's ftp uses the EPSV option to indicate passive ftp which the FWSM ftp fixup does not understand. Thus the ftp data session fails because it is blocked by the firewall.
Any ideas how I can get this solved? I d hate to open tcp ports 1024-65536 to get the ftp data sessions through the FWSM.
NOTE: Since the ftp server is not under my control I cannot change that one to respond to EPSV with "command not understood" so this is not an option for me.
N.B.: Has anyone else come across that problem? I ve been googling thru the internet however I haven't found any report similar to mine.
Thx.
08-30-2005 01:17 AM
Hi,
I had the same problem with another firewall - and the only way to get it to work was to open all the high TCP ports.
EPSV is an IPv6 extension and AFAIK neither the FWSM not the PIX handle it statefully yet.
Kind Regards
Cathy
08-30-2005 01:53 AM
Cathy, thx.
That s what I feared I have to do (open all high ports).
Well at least for the Suse Linux update (YAST) we ve found another solution: we can force YAST to work over http rather than ftp thus we can workaround the EPSV issue.
Cheers Joachim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide