Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...Thanks for a great forum. My problem was answered just by scrolling through previously solved problems. Great service!!..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > MIS/IT > Security Solutions > Secure Computing solutions Forum

Web, but not ftp. firewall problem.

thread908-757580
Read More Threads Like This One
purplesteve (TechnicalUser)
23 Jan 04 11:29
This is the mst relevent forum I can find. Please help, or direct me to a more suitable one.

I have a problem:

I am running a dell poweredge 1650 server, with Windows 2003 web edition.

I have IIS6 running websites and ftp.

Microsoft DNS

Ability mail server

 

Software firewall (sygate personal)

 

Hardware firewall (xyzel 652H)

 

The problem is that users can access DNS info and websites (eg. www.leedsmedics.co.uk), but not gain ftp access to the server.

When I disable the hardware firewall everything works fine, but clearly this is not an acceptable solution.

 

I am forwarding port 21 and 20 in both directions on the firewall and so can’t understand why it is not working, especially as the other applications work fine.

The software has statefull packet inspection and denial of service blocking. The ip of the ftp server is 195.206.163.194.

One user has connected successfully once and then could not connect again for a while.

 

When the firewall is disabled there is no problem. When I forward all the traffic, it doesn’t work.

 

Anyone have any ideas?

 

Steve
WANguy2k (MIS)
2 Sep 04 9:04
Is your FTP server in a DMZ?
sleipnir214 (Programmer)
2 Sep 04 9:32
Your firewall does stateful packet inspection.  How FTP-aware is it?  FTP can and will need to open more ports than just 20 and 21, and your firewall will need to open those ports for the FTP server.


Want the best answers? Ask the best questions!

TANSTAAFL!!
WANguy2k (MIS)
2 Sep 04 9:46
Here's a document you may want to read.

http://slacksite.com/other/ftp.html

If you're allowing only specified ports in and out, and denying everything else, you may want to try allowing ALL ports on established outbound connections.  (The Cisco IOS command would be

access-list 100 permit tcp any any established (on your external interface)

Here's what I have in my access list:
access-list 100 permit tcp any gt 1023 host xxx.xxx.xxx.xxx eq ftp
access-list 100 permit tcp any gt 1023 host xxx.xxx.xxx.xxx eq ftp-data
access-list 100 permit tcp any gt 1023 host xxx.xxx.xxx.xxx established

Hope this helps.
Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Secure Computing solutions

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close