Advertisement

01.30.2004 at 01:47PM PST, ID: 20868503
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.8

Client FTP through Netmax behind PIX515E

Asked by jgilligan1 in Network Software Firewalls

Tags: , ,

Hello Everybody,

I've got a question which is a little involved but hopefully not too much. I'm something of a newbie at firewall setup but have got a question which is hopefully relatively simple.

Problem : We're looking to have a small group of win2k users who would like to FTP directly from their workstations to a Fedex Server on the internet (directlink) [personally I'm not crazy about allowing passive ftp through our pix but the users pay the bills.

Our network is laid out with the users going through a legacy netmax Prosuite proxy for HTTP proxy traffic.

I'm trying to enable passive FTP for our clients but I'm running into the following issue.

The netmax/proxy is behind a pix 515.

I've been working with the netmax folks who basically have provided some simple rules for (essentially a thinly masked version of
IPtables) which seem like they "should work" but our PIX allows only for only http (port 80) and https (port 443) traffic

part of the pix 515 instructions which seem applicable are

25.30.15.* address of sub-domain to world
25.30.15.55 - address of our netmax server to world.

fixup protocol 21
fixup protocol 80
fixup protocol 25
fixup protocol 443

access-list inbound permit tcp any 25.30.15.0 255.255.255.0 eq 80
access-list inbound permit tcp any 25.30.15.0 255.255.255.0 eq 443

But I believe that I need to open up many ports (read 20,21 and >1024) on the ip address where our netmax attaches directly to the pix.

I'm thinking that something like this might work to allow the netmax to work (if it's going to work at all) I'm thinking I need to open ports 20 & 21 and also allow most - if not all ports above 1024 - I'd be relying on the netmax to handle bad traffic above 1024 and I'm certain some exclusions could be included in here but basically I'm curious if this is it.

access-list inbound permit tcp any host 25.30.15.55 eq 20:21
access-list inbound permit tcp any host 25.30.15.55 eq 1024:65535

Please let me know if I need to provide more information or if anyone has had the distinction of doing this sort of thing in the past, any help would be greatly appreciated.

Thanks,

Joe G.Start Free Trial
 
Keywords: Client FTP through Netmax behind PIX5…
Title
1 Fixup Protocol
2 Windows VPN Connection through PIX …
3 PIX
4 PIX FTP Fixup
5 Iptables and FTP upload
6 Cannot ping anything on network while…
 
Loading Advertisement...
 
[+][-]01.31.2004 at 07:57AM PST, ID: 10242472

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.01.2004 at 12:16PM PST, ID: 10248207

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 04:43AM PST, ID: 10251966

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 04:47AM PST, ID: 10251992

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 05:15AM PST, ID: 10252125

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 05:16AM PST, ID: 10252128

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 05:44AM PST, ID: 10252314

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 06:05AM PST, ID: 10252447

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 06:05AM PST, ID: 10252450

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 06:36AM PST, ID: 10252679

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 06:38AM PST, ID: 10252703

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 07:56AM PST, ID: 10253272

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 09:31AM PST, ID: 10254068

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.02.2004 at 12:22PM PST, ID: 10255443

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.03.2004 at 02:04AM PST, ID: 10259759

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.06.2004 at 07:44AM PST, ID: 10290613

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.07.2004 at 08:21AM PST, ID: 10298355

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zone: Network Software Firewalls
Tags: ftp, passive, pix
Sign Up Now!
Solution Provided By: tim_holman
Participating Experts: 2
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32