Re: Ftp server behind a router issue

From: Ida (failed_at_rogers.com)
Date: 06/12/03


Date: Thu, 12 Jun 2003 01:51:18 GMT

First, I'd like to say something about DMZ. A firewall must protect the
resources and machines in DMZ. It means that DMZ is separated from Internet
by the firewall. I cannot image that a company which has a firewall puts its
http and ftp servers out of its firewall. I think there is some
misunderstanding between you and the support guy of DLink DI-604 firewall.

Second, most of the modern firewalls support ftp protocol because ftp
protocol is so a pupolar protocol. Therefore there must be a very simple way
to configure DLink DI-604 firewall for ftp protocol. Sorry, I am not
familiar with this firewall.

If your local ftp server uses a private IP address and DLink DI-604 firewall
does not understand ftp protocol, the passive mode does not work at all.
Because in this mode the response of PASV command contains the private IP
address of the ftp server. If your local ftp server uses a public IP
address, the passive mode may be a workaround.

In your case, you access your ftp server from Internet, maybe PORT command
works. When PORT command is used, the client tells ftp server where the
client is listening for the data channel via PORT command. Bacause ftp
client is from Internet, a public IP address is wrapped in PORT command
(PORT a1,a2,a3,a4,p1,p2), and sent to server. Then your local ftp server
binds 20/TCP as the local address, and connects to where the client tells
via PORT command.

To diagnose the problem, use the command line ftp because it tells you what
commands are sent and what responses the client receives. As I know,
dos-prompt ftp in Windows 95/98 uses PORT to retrieve the data, ftp in
Redhat 6.0/6.2 uses PASV (the passive mode), ftp in Redhat 7.2 uses PASV,
and Windows 2000 uses PASV(I am not very sure).

Ida
Support of ITShield Firewall (http://www.itshield.com)

"andre halle" <andre.halle@sympatico.ca> wrote in message
news:0hMFa.6234$Gm4.874469@news20.bellglobal.com...
> I've been on their web site. Their instruction are simple, and not
obviously
> working. It seems that i have a lot of work to do. They're surely a way to
> make that FTP server work, but i cannot access it at this moment.
>
> I don't know, even if you (peoples who respond to my post) have good
answer,
> i still don't know how to set up what is call very easy to do without a
> router : a simple FTP server. So if there's someone who own a Dlink
di-604
> router (or some kind of like) and had the same problem i do (accessing my
> ftp server) i would really appreciate a conclusion to this.
>
> Thks
>
> "Kerry Liles" <k_rr_l_l_s@rogers.com> wrote in message
> news:MdKFa.60752$j9%.49119@news04.bloor.is.net.cable.rogers.com...
> > Read the documentation for the DI-604 (on the CD or from the website) -
it
> > explains how to allow FTP (and other similar applications to run).
> >
> >
> > "andre halle" <andre.halle@sympatico.ca> wrote in message
> > news:jsEFa.3505$JN6.640526@news20.bellglobal.com...
> > > I tried about everything i could to access my local ftp server on the
> > > internet. I called the place where i buyed my DLink DI-604 firewall,
and
> > the
> > > only advice they gave is to use the DMZ to access my ftp server.... I
> > don't
> > > believe that's the best solution, DMZ expose my PC to hackers. I may
be
> > > wrong on this fact, but in the case of using DMZ to access my ftp
> Server,
> > > should i configure it (the ftp server) by assigning the adress i gave
> in
> > > the DMZ configuration of the router ? And what's the port i need to
set
> ?
> > >
> > > And on another way, someone talk to me about passive mode but i didn't
> > > understand how i can use passive mode to access my ftp server.
Normally,
> i
> > > tried to access my ftp server by doing ftp://ip adress given by my
> > internet
> > > service provider. But it didn't work since i installed my router. It
> make
> > me
> > > crazy.
> > >
> > > Can someone help me about this situation ? I would appreciate it .
> > >
> > > Thanks
> > >
> > > André.
> > >
> > >
> >
> >
>
>



Relevant Pages

  • [NEWS] Multiple Firewalls Ruleset Bypass through FTP Revisited
    ... a new attack method affected most leading firewall ... connect to a restrictive port. ... resend control strings supplied by the attacker that a vulnerable firewall ... Connect to FTP server and log on ...
    (Securiteam)
  • Re: tried everything- cannot publish to web
    ... the path to the FTP server correctly, ... firewall, and/or a third party firewall included in a antivirus suite, or a ... looking at the instructions from Yahoo about how to upload your site, ... how to use their control panel to upload your files. ...
    (microsoft.public.publisher.webdesign)
  • Re: Please help I have been hacked!!
    ... a port scanner such as superscan from www.foundstone.com ... a firewall with logging set up and that blocks outbound connections as ... The port scanner will help you to see if other computers are running FTP ... Fport will help you tell whether Microsoft IIS FTP server is being ...
    (microsoft.public.win2000.security)
  • Re: data upload causes increase in CPU activity and network slowdouwn. (SOLUTION)
    ... I found Zonealarm was the cause of this. ... Simply closing the firewall didn't cure the problem, ... > Very strange behaviour on my home computers here. ... > from my home computer to a remote FTP server, ...
    (microsoft.public.windowsxp.network_web)
  • Re: FTP Login Issues
    ... It's the firewall device that separates our network from the Internet, ... similar thing before for VPN connections to an internal server, ... the FTP server the same as the one you>>use from the external internaet? ...
    (microsoft.public.inetserver.iis.ftp)