Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

FTP Server Setup Problems With Firewall

Posted on 2003-02-19
18
Medium Priority
?
171 Views
Last Modified: 2012-05-04
I have setup an FTP Server and I can access it locally, but I can not access it from the outside world. I have a Watchguard Firebox II and I have tried numerous options on the FTP proxy setting. I am not getting blocked, I just can not connect. I get a login screen but I can not login. I don't even see my connection coming in on the firewall monitor. The FTP server is setup on the same subnet, but it is not part of the domain. I have it in its own workgroup with a local IP. Do I need a public IP address assigned to it? Do I need to have my ISP do anything? Pardon my ignorance; this is my first attempt at this. Thanks in advance for any help.
0
Comment
Question by:oricks
  • 11
  • 3
  • 2
  • +2
18 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 1200 total points
ID: 7983381
(Hope my post is not duplicating itself)...

Anyways, I just mentioned before that the reason why you may not be able to connect from the outside is due to the fact that you are probably not using an addressable IP to access the FTP server.  The IP address that you are using on the inside may not be the same as the one you would use for the outside.

First, try to ping the FTP server from the outside... if it pings back then the problem is with your firewall setup.  If it times out, then the problem is most likely due to you using an invalid IP address - yes, you do need a public IP address to access the FTP from the outside unless you VPN into the LAN... BUT, you can keep the FTP server address local as long as you forward the FTP requests via the firewall (i.e. use the public IP address of the firewall to connect to the FTP server in your LAN).
0
 
LVL 12

Expert Comment

by:guidway
ID: 7983382
see if anything here helps:

http://support.microsoft.com/?kbid=300662
0
 
LVL 51

Expert Comment

by:Netman66
ID: 7983412
I'm sure you have this already, but just in case.

http://www.watchguard.com/training/lss/50/pages/proxies6.htm

http://www.watchguard.com/training/lss/50/pages/log14.htm

Have you checked for updates/patches.  I saw one there that corrected Passive FTP connections.

Perhaps, through the Firewall the passive connection is not working.

Advise.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 4

Expert Comment

by:daletian
ID: 7984934


Allow remote port access on 20 and 21 for FTP on ur firewall


0
 

Author Comment

by:oricks
ID: 7989666
I had my ISP assign a public IP address to ftp.myserver.com. The IP address is different for www.myserver.com. I time out when trying to ping it. I am using NAT to forward the public IP to a private IP in the firewall. I am doing this for port 20 and 21. Maybe the new setting has not propagated completely.
0
 

Author Comment

by:oricks
ID: 7989692
I take back something. I am only doing a NAT on port 21. Where does port 20 come into play. If I add that port in my firewall, I do not have a choice to choose ftp as a protocol.
0
 

Author Comment

by:oricks
ID: 7989700
I take back something. I am only doing a NAT on port 21. Where does port 20 come into play. If I add that port in my firewall, I do not have a choice to choose ftp as a protocol.
0
 

Author Comment

by:oricks
ID: 7989771
I take back something. I am only doing a NAT on port 21. Where does port 20 come into play. If I add that port in my firewall, I do not have a choice to choose ftp as a protocol.
0
 

Author Comment

by:oricks
ID: 7989906
I take back something. I am only doing a NAT on port 21. Where does port 20 come into play. If I add that port in my firewall, I do not have a choice to choose ftp as a protocol.
0
 
LVL 4

Expert Comment

by:daletian
ID: 7996497
Port 20 is fot ftp-data and is necessary to get or put files

0
 
LVL 51

Expert Comment

by:Netman66
ID: 7997181
Both 20 & 21 need to be mapped.

0
 

Author Comment

by:oricks
ID: 8009736
Do I need to allow FTP through my router?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 8009806
Only if there are access lists preventing those ports and protocols or if you're running PIX on the router.

0
 

Author Comment

by:oricks
ID: 8009857
Do I need to allow FTP through my router?
0
 

Author Comment

by:oricks
ID: 8009880
When I do a tracert on 63.172.27.66 it bounces from 144.223.23.54 to 144.223.23.53. .54 is the serial IP of my router and .53 is sprint. This must mean that my router is blocking it. What do I do next?
0
 

Author Comment

by:oricks
ID: 8010471
Okay... I can now ping my ftp server. I see my connection on my firewall monitor and there are no denied access indications. BUT, I am getting the following error; "An error occured opening that folder on the FTP server. Make sure you have permission to access that folder". I have myself with full access rights on that folder. I am not sure what is wrong. The previous IP address is incorrect. The correct one is 63.172.27.62.
0
 

Author Comment

by:oricks
ID: 8011113
FYI... I can connect to the site locally after I login at the prompt.
0
 

Author Comment

by:oricks
ID: 8012639
a few of you told me that port 20 and port 21 needed to be open. Once I removed the port 20 setting from the firewall, I was able to get in. I suppose it depends on the firewall manufacturer. Thanks for everyones help, but LimeSMJ was the most help.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Don’ts and Dos are two important end products of software testing basics that a tester needs to regard. This article attempts to explain the principles of both.
Loops Section Overview
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question