?
Solved

FTP Server Setup Problems With Firewall

Posted on 2003-02-19
18
Medium Priority
?
166 Views
Last Modified: 2012-05-04
I have setup an FTP Server and I can access it locally, but I can not access it from the outside world. I have a Watchguard Firebox II and I have tried numerous options on the FTP proxy setting. I am not getting blocked, I just can not connect. I get a login screen but I can not login. I don't even see my connection coming in on the firewall monitor. The FTP server is setup on the same subnet, but it is not part of the domain. I have it in its own workgroup with a local IP. Do I need a public IP address assigned to it? Do I need to have my ISP do anything? Pardon my ignorance; this is my first attempt at this. Thanks in advance for any help.
0
Comment
Question by:oricks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 3
  • 2
  • +2
18 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 1200 total points
ID: 7983381
(Hope my post is not duplicating itself)...

Anyways, I just mentioned before that the reason why you may not be able to connect from the outside is due to the fact that you are probably not using an addressable IP to access the FTP server.  The IP address that you are using on the inside may not be the same as the one you would use for the outside.

First, try to ping the FTP server from the outside... if it pings back then the problem is with your firewall setup.  If it times out, then the problem is most likely due to you using an invalid IP address - yes, you do need a public IP address to access the FTP from the outside unless you VPN into the LAN... BUT, you can keep the FTP server address local as long as you forward the FTP requests via the firewall (i.e. use the public IP address of the firewall to connect to the FTP server in your LAN).
0
 
LVL 12

Expert Comment

by:guidway
ID: 7983382
see if anything here helps:

http://support.microsoft.com/?kbid=300662
0
 
LVL 51

Expert Comment

by:Netman66
ID: 7983412
I'm sure you have this already, but just in case.

http://www.watchguard.com/training/lss/50/pages/proxies6.htm

http://www.watchguard.com/training/lss/50/pages/log14.htm

Have you checked for updates/patches.  I saw one there that corrected Passive FTP connections.

Perhaps, through the Firewall the passive connection is not working.

Advise.
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 4

Expert Comment

by:daletian
ID: 7984934


Allow remote port access on 20 and 21 for FTP on ur firewall


0
 

Author Comment

by:oricks
ID: 7989666
I had my ISP assign a public IP address to ftp.myserver.com. The IP address is different for www.myserver.com. I time out when trying to ping it. I am using NAT to forward the public IP to a private IP in the firewall. I am doing this for port 20 and 21. Maybe the new setting has not propagated completely.
0
 

Author Comment

by:oricks
ID: 7989692
I take back something. I am only doing a NAT on port 21. Where does port 20 come into play. If I add that port in my firewall, I do not have a choice to choose ftp as a protocol.
0
 

Author Comment

by:oricks
ID: 7989700
I take back something. I am only doing a NAT on port 21. Where does port 20 come into play. If I add that port in my firewall, I do not have a choice to choose ftp as a protocol.
0
 

Author Comment

by:oricks
ID: 7989771
I take back something. I am only doing a NAT on port 21. Where does port 20 come into play. If I add that port in my firewall, I do not have a choice to choose ftp as a protocol.
0
 

Author Comment

by:oricks
ID: 7989906
I take back something. I am only doing a NAT on port 21. Where does port 20 come into play. If I add that port in my firewall, I do not have a choice to choose ftp as a protocol.
0
 
LVL 4

Expert Comment

by:daletian
ID: 7996497
Port 20 is fot ftp-data and is necessary to get or put files

0
 
LVL 51

Expert Comment

by:Netman66
ID: 7997181
Both 20 & 21 need to be mapped.

0
 

Author Comment

by:oricks
ID: 8009736
Do I need to allow FTP through my router?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 8009806
Only if there are access lists preventing those ports and protocols or if you're running PIX on the router.

0
 

Author Comment

by:oricks
ID: 8009857
Do I need to allow FTP through my router?
0
 

Author Comment

by:oricks
ID: 8009880
When I do a tracert on 63.172.27.66 it bounces from 144.223.23.54 to 144.223.23.53. .54 is the serial IP of my router and .53 is sprint. This must mean that my router is blocking it. What do I do next?
0
 

Author Comment

by:oricks
ID: 8010471
Okay... I can now ping my ftp server. I see my connection on my firewall monitor and there are no denied access indications. BUT, I am getting the following error; "An error occured opening that folder on the FTP server. Make sure you have permission to access that folder". I have myself with full access rights on that folder. I am not sure what is wrong. The previous IP address is incorrect. The correct one is 63.172.27.62.
0
 

Author Comment

by:oricks
ID: 8011113
FYI... I can connect to the site locally after I login at the prompt.
0
 

Author Comment

by:oricks
ID: 8012639
a few of you told me that port 20 and port 21 needed to be open. Once I removed the port 20 setting from the firewall, I was able to get in. I suppose it depends on the firewall manufacturer. Thanks for everyones help, but LimeSMJ was the most help.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question