Re: Troubles using WS_FTP Pro with Zone Alarm Pro under XP

From: Casey (Casey_at_nosuch.net)
Date: 11/23/04 

Date: Tue, 23 Nov 2004 19:17:54 GMT

In article <MPG.1c0c4c2b2b2d9406989691@enews.newsguy.com>, wwvlists-servers@yahoo.com says...
> [This followup was posted to comp.security.firewalls and a copy was sent
> to the cited author.]
>
> Hi All:
>
> Just rebuilt my machine (i.e., low-level formats on all SCSI drives,
> complete new, clean install of OS and all apps) and now seem to have
> trouble accessing FTP sites using WS_FTP Pro v9.01 with Zone Alarm Pro
> active (v5.5.062) active.
>
> NOTE: I have installed XP's SP2 but have turned off its firewall.
>
> The trouble is that for all sights connecting takes very long, and on
> one site inparticular, once connected I cannot see any files or
> directories (I know I'm connected b/c I can see the results in the
> Connection Log window).
>
> Note: I can open a command-prompt and FTP straight away, i.e., I connect
> qucikly, get prompted for user & pass and then can move about seeing all
> dirs & files.
>
> Zone Alarm has been set to "Allow" the WS_FTP Pro client access to the
> Internet.
>
> If I close Zone Alarm, and then use WS_FTP Pro to coonect, all goes
> quickly and I can once again see all files & directories.
>
>
> Any ideas on what to do/try?
>
> Don't want to have ZA closed whenever I FTP, and yet don't want to be
> forced to use the command-prompt level FTP capabilities.
>
> Thanks
>
Ftp protocols are hard to deal with when setting up a firewall.
Active FTP and Passive FTP have different requirements.
For details, see: Active FTP vs Passive FTP
http://slacksite.com/other/ftp.html

Active FTP connection requirements
TCP; remote port 21; local port 1025-5000; outgoing
TCP; remote port 20; local port 1025-5000; incoming

Passive FTP connection requirements
TCP; remote ports 20,21,1025-65535; local ports 1025-5000;
incoming/outgoing.

I have the Active rules enabled all the time. When I can't make
an FTP connection, I then go to the firewall and temporarily
enable the Passive rule.
Seems to me most connection are on Active FTP.
Casey

Relevant Pages

  • RE: Telnet/ftp problems SBS2000
    ... Please make sure your client computers are configured as both Firewall ... will find two options "Enable folder view for FTP sites" and "Use Passive ... that the control connection has been successfully established, ... (other than port 21) ...
    (microsoft.public.windows.server.sbs)
  • Re: IPSwitch, Inc. WS_FTP Server
    ... > bounce attack as well as PASV connection hijacking. ... > The FTP bounce vulnerability allows a remote attacker to cause the ... > anonymously along with any internal addresses that the FTP server has ... That means it's got to handle a PORT ...
    (Bugtraq)
  • Re: FTP question
    ... |> I have one server that has had connectivity issues this past week ... |> directed at trying yet another ftp software. ... |> or an error about the socket connection. ... |> own modem and a Linksey router using Xp 64bit system. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Does OpenSSH use RCP?
    ... TCP connection can be tuned for optimal performance. ... FTP command ... And then ssh comes along and crams interactive logins, ... straightjacket, but it's a really comfy and warm straightjacket, and the world ...
    (comp.security.unix)
  • Re: Does OpenSSH use RCP?
    ... It's not "if I want to", it's rtfrfc: show me separate protocol ... I didn't say FTP was ugly, I said lack of another layer between ... >> One connection - one application model doesn't work, ... Same as FTP: multiple connections per session. ...
    (comp.security.unix)