[fw-wiz] Re: Sun FTP Server and Firewall-1 4.1 (Richard Worwood)

From: Boni Bruno (bbruno@dsw.net)
Date: 11/13/02

From: Boni Bruno <bbruno@dsw.net>
To: firewall-wizards@honor.icsalabs.com
Date: Wed Nov 13 13:31:01 2002

FW-1 v 4.1 has configurable TCP timeout settings, just increase the
timeout setting in the firewall properties and you will be fine.


-boni bruno

> Message: 1
> From: "Richard Worwood" <richardw@tdbnetworks.com>
> To: <richardw@tdbnetworks.com>
> Date: Tue, 12 Nov 2002 17:47:24 -0000
> Subject: [fw-wiz] Sun FTP Server and Firewall-1 4.1
> I've got a little problem with a customers network and a Solaris 8 box with
> the standard FTP server. The problem is as followes the Solaris box is
> behind a firewall running firewall-1 4.1 and functions fine as long as you
> don't allow to long a time to elapse between commands else the client
> appears to time out. The issue is that the definiation of "to long a time to
> elapse" is approximately 10 seconds.
> I've sniffed the client side of the network and found that in response to
> sending the new command to the server a reset is sent back by the server.
> However if I try and access the server locally or even through a standard
> routed connection all is fine and the conversation continues as usual.
> Unfortunately as of yet the customer hasn't permitted me to sniff on the
> server side of the firewall so I'm not certain the two conversations match.
> Any suggestions anyone can make will be greatfully received.
> Regards
> Richard
> --__--__--
> Message: 2
> Date: Wed, 13 Nov 2002 08:44:05 -0500
> From: Don Kendrick <don@netspys.com>
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Mainframes on the Net?
> OK...maybe a little of topic but this is the group that would know :)
> There is quite a push from our IBM friends to use the S/390 box for a
> web server using Websphere or Apache running under Linux (either as a
> VM or in it's own LPAR).
> Needless to say, I considered this to be a joke....putting the crown
> jewels on the net? Where's the multi-tiered architecture? Where's the
> "defense in depth?" Sure the S/390 has "never been hacked" (their
> words) but who has ever put it in a position to be hacked?
> They tell me that I don't understand LPARs. They're separate machines.
> You can still do your multi-tiered. It's just all on the same box. My
> fear, they are separate because of software, written by humans. If that
> is breeched, it's game, set and match.
> If they were separate boxes, they would have to communicate via some
> interface that I can monitor. This isn't true all on one box.
> Anyone have any experience with this fight? Am I out of line?
> Don
> --__--__--
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> End of firewall-wizards Digest

Relevant Pages

  • Re: CEICW fails at firewall config
    ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
  • Re: For Microsoft Partners and Customers Who Cant Download or Access
    ... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
  • Re: login attempts
    ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ...