Re: Microsoft FTP through Firewall

From: JoeZ (jz@zabram.com.removethis)
Date: 06/06/02


From: jz@zabram.com.removethis (JoeZ)
Date: Thu, 06 Jun 2002 21:27:54 GMT

When the server comes back with

227 Entering Passive Mode (xxx,xxx,xxx,xxx,xxx,xxx)

is (xxx.xxx.xxx.xxx) it's private ip address? If so, that's the ip
address that the client will use to try to contact the server. Of
course, it won't work. What you need is either a firewall that can
"look deeper" into the PASV packet coming from the server and swap the
internal for external address (i believe PIX can (fixup ftp)), or an
FTP server that will allow you to specify the ip address you want to
use for PASV. As far as i know, Microsoft FTP can't do this, but i'm
still looking. I think Serv-U, among others, will allow you to.

Thanks, -JZ

On 7 May 2002 02:18:42 -0700, sam_collett@lycos.co.uk (Sam Collett)
wrote:

>Turning off passive ftp results in the following:
>
>257 "/www" is current directory.
> TYPE A
>200 Type set to A.
> PORT 212,196,170,80,4,117
>502 Command not implemented.
>
>Anyone have any idea where I can find Borderware documentation - ie
>for step by step instructions on setting up ftp with it?
>
>"Frank S" <fsexton@qwest.net> wrote in message news:<MJxA8.44394$N8.3365422@bin5.nnrp.aus1.giganews.com>...
>> Your client is trying to use the Passive mode. The Passive mode operates on
>> high ports (above 1024). Apparently they are closed. The default W2K (and
>> NT) ftp client operates in the standard mode (20 and 21).
>>
>> -Frank
>>
>> "Sam Collett" <sam_collett@lycos.co.uk> wrote in message
>> news:2030665d.0205030105.1295c392@posting.google.com...
>> > We are using Borderware as the firewall for a network. However I have
>> > not managed to get ftp to work through it correctly (the ftp server is
>> > on Windows 2000, using the built in one).
>> > I have opened up ports 20 and 21 and pointed them to the ftp server,
>> > and setup the proxy (using the Advanced Tab in the port settings) to
>> > be FTP. However it is not working as intended:
>> > The login process is successful, but falls over when I try to list the
>> > directory contents (ftpuser has full access rights):
>> >
>> > Connecting to (ftpserver).
>> > Connected to (ftpserver) -> IP: xxx.xxx.xxx.xxx PORT: 21.
>> > Socket connected waiting for login sequence.
>> > 220 ftpserver Microsoft FTP Service (Version 5.0).
>> > USER ftpuser
>> > 331 Password required for ftpuser.
>> > PASS (hidden)
>> > 230 User ftpuser logged in.
>> > SYST
>> > 215 Windows_NT version 5.0
>> > REST 100
>> > 350 Restarting at 100.
>> > REST 0
>> > 350 Restarting at 0.
>> > PWD
>> > 257 "/" is current directory.
>> > CWD /www
>> > 250 CWD command successful.
>> > PWD
>> > 257 "/www" is current directory.
>> > TYPE A
>> > 200 Type set to A.
>> > PASV
>> > 227 Entering Passive Mode (xxx,xxx,xxx,xxx,xxx,xxx)
>> > Opening data connection IP: xxx.xxx.xxx.xxx PORT: xxxxx.
>> > LIST
>> > 425 Can't open data connection.
>> >
>> > What is causing this problem? Has anyone successfully set up Microsoft
>> > FTP through Borderware Firewall?
>> > It works correctly on the local network, just not externally.
>> >
>> > TIA
>> >