[fw-wiz] Re: Sun FTP Server and Firewall-1 4.1 (Richard Worwood)

From: Boni Bruno (bbruno@dsw.net)
Date: 11/13/02


From: Boni Bruno <bbruno@dsw.net>
To: firewall-wizards@honor.icsalabs.com
Date: Wed Nov 13 13:31:01 2002

FW-1 v 4.1 has configurable TCP timeout settings, just increase the
timeout setting in the firewall properties and you will be fine.

Regards,

-boni bruno

>
> Message: 1
> From: "Richard Worwood" <richardw@tdbnetworks.com>
> To: <richardw@tdbnetworks.com>
> Date: Tue, 12 Nov 2002 17:47:24 -0000
> Subject: [fw-wiz] Sun FTP Server and Firewall-1 4.1
>
> I've got a little problem with a customers network and a Solaris 8 box with
> the standard FTP server. The problem is as followes the Solaris box is
> behind a firewall running firewall-1 4.1 and functions fine as long as you
> don't allow to long a time to elapse between commands else the client
> appears to time out. The issue is that the definiation of "to long a time to
> elapse" is approximately 10 seconds.
>
> I've sniffed the client side of the network and found that in response to
> sending the new command to the server a reset is sent back by the server.
> However if I try and access the server locally or even through a standard
> routed connection all is fine and the conversation continues as usual.
> Unfortunately as of yet the customer hasn't permitted me to sniff on the
> server side of the firewall so I'm not certain the two conversations match.
>
> Any suggestions anyone can make will be greatfully received.
>
> Regards
>
> Richard
>
>
>
> --__--__--
>
> Message: 2
> Date: Wed, 13 Nov 2002 08:44:05 -0500
> From: Don Kendrick <don@netspys.com>
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Mainframes on the Net?
>
> OK...maybe a little of topic but this is the group that would know :)
>
> There is quite a push from our IBM friends to use the S/390 box for a
> web server using Websphere or Apache running under Linux (either as a
> VM or in it's own LPAR).
>
> Needless to say, I considered this to be a joke....putting the crown
> jewels on the net? Where's the multi-tiered architecture? Where's the
> "defense in depth?" Sure the S/390 has "never been hacked" (their
> words) but who has ever put it in a position to be hacked?
>
> They tell me that I don't understand LPARs. They're separate machines.
> You can still do your multi-tiered. It's just all on the same box. My
> fear, they are separate because of software, written by humans. If that
> is breeched, it's game, set and match.
>
> If they were separate boxes, they would have to communicate via some
> interface that I can monitor. This isn't true all on one box.
>
> Anyone have any experience with this fight? Am I out of line?
>
> Don
>
>
>
> --__--__--
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> End of firewall-wizards Digest