Re: McAfee Firewall Blocking FTP

From: Peacekeeper (noturnertspam_at_bigpond.net.au)
Date: 12/14/03 

Date: Sun, 14 Dec 2003 22:39:56 GMT

Some server/programs want the "passive FTP" option checked off in IE and in
FTPO program. Try that one too. If it is off try on.

Posts here have some thoughts and workarounds . Note FTP and me not mix well
so read Martimus8's posts there.

http://forums.mcafeehelp.com/viewtopic.php?p=73290#73290

"J Jay" <jayjay@nevertell.net> wrote in message
news:MPG.1a469ef711d04c5c9896b6@news.east.earthlink.net...
> In article <94-dne9awKo3KkGiRVn-vg@gbronline.com>,
> n7apeNOSPAM@amsat.org says...
> > I have a problem that I can't figure out how to solve...
> >
> > I have WinXP and McAfee Internet Security 5.0 with their firewall
software.
> >
> > If the firewall is turned off, I can open up a command window and ftp to
a
> > remote system on the Internet and do data transfers.
> >
> > If the firewall is turned on and filtering packets, I can connect to a
> > system with ftp and log in, but as soon as I try a DIR ftp command it
hangs.
> > The McAfee firewall log shows that a TCP packet from the remote system
port
> > 20 was blocked. OK, I'm connected to an active ftp server so I am
expecting
> > a packet from the remote's port 20. The default firewall rule for ftp
> > doesn't mention anything about packets from remote port 20, but I'll get
to
> > that in a second. Interesting thing is:
> >
> > I have the firewall configured to grant FTP *full* access! In other
words,
> > it *should* let FTP communicate in any way it wants.
> >
> > Now back to the default FTP rule. I edited it for FTP to include the
rule
> > "Accept incoming traffic if the remote port is 20" and changed the
firewall
> > policy for ftp to be "filter" (instead of *full access*). The firewall
> > still blocks it. This doesn't surprise me since it also blocks it when
I
> > tell it to give FTP full access, but I still tried it. (I list the full
set
> > of rules at the end of this message.)
> >
> > Oh, and if I tell the firewall to "allow all traffic", ftp works -- in
other
> > words, same effect as if the firewall is turned off. So it's definitely
> > McAfee's firewall that's blocking this packet.
> >
> > I can't find anywhere in McAfee's firewall menus that indicates
something
> > else that is instructing it to block this type of packet. Thus, I can't
> > figure out how to get ftp to work while McAfee's firewall is running and
> > filtering.
> >
> > Any ideas?
> > ---
> > Here are the rules set for FTP in McAfee Firewall:
> >
> > 1. Allow this program to communicate, if the remote port is 20 (this is
the
> > rule I added).
> > 2. Allow this program to communicate, if the data direction is
incoming,
> > and if the protocol is TCP/IP, and if the remote port is 46088, 54325 or
> > 56514 (McAfee default rule).
> > 3. Allow this program to communicate, if the data direction is
outbound,
> > and if the protocol is TCP/IP, and if the remote port is 21 (McAfee
default
> > rule).
> > 4. Allow this program to communicate, if the data direction is
outbound,
> > and if the protocol is TCP/IP, and if the remote port is 53 or 1133
(McAfee
> > default rule).
> >
> Hi S Miller. I don't remember the details, but sometime in the past
> I investigated how FTP works. FTP remote ports are 20 and 21. In
> addition to these, FTP also needs to connect on random, unpredictable
> high-end numbered remote ports. The firewall rule for my FileZilla FTP
> client looks like this:
> FileZilla, allow, both directions, remote ports 20,21,1024-65535, local
> ports 1024-2500
> Try this on your McAfee.
> For use of my browser on FTP, I have a similar rule in the firewall
> just for it. I go in and enable this rule and use the browser on FTP.
> When I finish using the browser on FTP, I turn this rule off.
> JJ

Relevant Pages

  • Re: Problem about Window Xp SP2 firewall and the buildin FTP command
    ... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a problem that if running multiple FTP command at the same ... Windows XP SP2 to limit Max Connections/sec ...
    (microsoft.public.windowsxp.general)
  • Problem about Window XP SP2 firewall and the buildin FTP command
    ... Problem about Window Xp SP2 firewall and the buildin FTP ... I find a problem that if running multiple FTP command at the same ... Windows XP SP2 to limit Max Connections/sec ...
    (microsoft.public.windowsxp.perform_maintain)
  • CheckPoint firewall behind DSL router
    ... I think I am having trouble with NAT between the router and firewall as ... the ftp server directly it works fine: ... The above only works if the ftp server has default gateway and DNS set to ... Translated packet: ...
    (comp.security.firewalls)
  • Re: Ftp connection - it worked
    ... I installed Comodo and it really allows me to connect to my ftp sites. ... strange behavior since the windows firewall allow my Limewire and MSN ... I would recommend that you install either ZoneAlarm ...
    (microsoft.public.windowsxp.general)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... it is IE and the "Enable folder view for FTP ... Bernard Cheah ... I decided to try adding a port 21 in the firewall exception list just ... the Advanced section for the Local Area Connection, ...
    (microsoft.public.inetserver.iis.ftp)