Re: ftp server behind a zyxel router

From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 11/02/02 

From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com>
Date: Fri, 1 Nov 2002 21:43:44 -0500

"Blade" <blade7171@libero.it> wrote in message
news:enzw9.59728$aL4.1822828@news1.tin.it...
> I all, i know probably this is not the right NG but still I need help.
> I have a bullet proof proxy on my win 2000 machine, and a zyxel adsl
> router, I cannot access to my ftp server trought the net WHY ?? and how
> I can fix ?
> on the menu 15 I have setted the following
>
> PORT..............Net
> default 0.0.0.0
> 21 10.22.223.1

With any firewall question, always check your firewall logs to see what is
being blocked.

FTP doesnt' just use TCP port 21 but also uses a second port for the actual
data transfer. Depending on the settings on your FTP client and FTP server,
TCP port 20 may be used, or a random port number may be chosen, which can
make it hard to write rules on your firewall. Also, the computer that
initiates this connection may vary [e.g. server to client vs. client to
server]. This is known as Active FTP and Passive FTP, and you can search
www.google.com to find out more information about them.

Note that different FTP clients use different FTP methods, so that if you do
get your client to work that uses Active FTP, other people using different
FTP clients may still have problems. I think that IE uses Active FTP and
the DOS FTP command uses Passive FTP, if you want to test and see on your
firewall what each one looks like.

If you have a stateful firewall that understands FTP, you may be in luck.
Usually these firewalls already have an "FTP" option that you add to your
rules, instead of specifying a certain port number.

Relevant Pages

  • Re: Hacked? External address knocks on internal private address...
    ... The important part of your message is that FTP is allowed out... ... You open a connection to an FTP Server and logon. ... When you ask the server for a file the server issues a "PORT" command ... so it can open a port on the firewall to allow the incoming Data ...
    (comp.security.firewalls)
  • RE: FTP Window of opportunity?
    ... does it seemingly accept the connections and drop them once the response ... Subject: FTP Window of opportunity? ... blocked by the firewall. ... the FTP port shows up. ...
    (Pen-Test)
  • RE: FTP Window of opportunity?
    ... target on the line when in reality it was just a firewall lying to them. ... The connection connects and then immediately ... Subject: FTP Window of opportunity? ... the FTP port shows up. ...
    (Pen-Test)
  • Re: FTP error using a MAC
    ... Yes, you are using active mode, but the firewall/NAT can't take care of it ... behind a firewall, you then told me to change to active mode? ... In active mode the FTP client connects from a random unprivileged port N ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: site stopped working
    ... ok, windows firewall is NOT running, when i checked it there was a message ... when i open the ftp connection to the site in ftp.exe at the command line i ... i tried just changing the ftp port to 22, and that didn't do anything, ... Bernard Cheah ...
    (microsoft.public.inetserver.iis.ftp)