Re: Connecting to FTP server through Winroute

From: Bargepole (jbhur@hotmail.com)
Date: 09/13/02


From: "Bargepole" <jbhur@hotmail.com>
Date: Fri, 13 Sep 2002 09:01:40 -0400


"Danial Bennett" <debennett2@netzero.net> wrote in message
news:b80852a5.0209120517.1083e2fc@posting.google.com...
> I am having problems connecting to an ftp server through my local
> winroute pro 4 machine. I am in contact daily with the administrator
> of this server and he has noted that he is behind a firewall but has
> had no problem connecting to it from other sites except one. I
> previously was able to connect to the same FTP before the
> administrator installed a different firewall. This FTP is on the
> standard port(21) and also uses MD5 (whatever that really means). The
> problem is that I cannot get a list of the content and eventually get
> a socket error. I do technically connect to the server and can
> actually get messages from SYSOP to verify connection. I have read a
> few posts that mention NAT..I am not familiar with a lot of these
> terms just yet (at least not enough to be 100% comfortable). Winroute
> on my end is basically only forwarding ports, DHCP, and acting as DNS.
> Any help would be greatly appreciated.

You may be required to force your FTP client to use the alternate mode to
the one you're using now. Depending on how the FTP server's network firewall
is configured or its capability, it may not allow the server to initiate
outbound connections, defeating PORT mode. Or, it may not perform adequate
stateful packet inspection, inhibiting inbound connections to the server
specified data port, thereby defeating PASV mode.

Try changing your FTP client to use PASV mode if you're now using PORT mode
for that site (or vice versa). If your client can't readily be forced to
specify a mode (like Internet Explorer), try a different client.

If, after changing the mode specified, you still can't connect and operate
on the server, there's probably a packet filter rule in Winroute that now
blocks the FTP traffic. For example, if you were successfully using PORT
mode before and switched your FTP client to force the FTP server to use PASV
mode, a Winroute packet filter rule that blocks all incoming SYN packets
would kill the FTP functionality.

As long as the FTP server's command port is TCP port 21, Winroute's stateful
inspection will automatically allow any client FTP communication from your
network to a server by default. You don't have to worry about port mappings.
However, you must be sure your packet filter rules allow the type of
communications you expect.



Relevant Pages

  • Re: Microsoft FTP Server problem on W2K?
    ... I have technical responsibility for this FTP implementation, ... Since PASV voids PORT, the client side ... connect to the server from" isn't implied by the text of the RFC. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Some questions
    ... > using my ftp software behind my router. ... > issued to server by the client. ... When PORT is used: ... > Can you give me a command line used in a browser to explain me what is the ...
    (comp.security.firewalls)
  • Re: Firewall and ftp service
    ... I'll say it again, FTP is eeeevul. ... > which redirects the traffic to my public ftp server. ... > should force the server to stay on port 21 for tha data connection, ... the client tells the server what port it will be ...
    (FreeBSD-Security)
  • Re: Firewall and ftp service
    ... FTP is eeeevul. ... >> which redirects the traffic to my public ftp server. ... > client connects to the server on port 21. ... the client tells the server what port it will be ...
    (FreeBSD-Security)
  • Re: ftp problem
    ... The remote end will have to have port 20 and 21 ... Check it with another ftp site to make sure. ... The remote FTP server is on a remote ... >> a client to be able to ftp out. ...
    (microsoft.public.windows.server.sbs)