CuteFTP Firewall Settings

Hi, I'm trying to set up CuteFTP on a Client machine and I'm having trouble with the Firewall settings. When I try to connect to any FTP site using the firewall type 'SITE site' I get the following:

STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER Harry
     331 Password required for Harry.
COMMAND:>     PASS *******
     230 User Harry logged in.
STATUS:>     Login successful
STATUS:>     Socket connected. Waiting for welcome message...
     500 'SITE ftp.pc.ibm.com': command not understood
ERROR:>     Unknown response code: 500
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Monday 17:44:12 03-31-2003

When I try to connect using the firewall type 'USER user@site' I get the following:

STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER anonymous@ftp.pc.ibm.com
     331 Password required for anonymous@ftp.pc.ibm.com.
COMMAND:>     PASS ********
     530 User anonymous@ftp.pc.ibm.com cannot log in.
ERROR:>     Can't log in. Still trying...
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Monday 17:47:17 03-31-2003

When I try to connect using the firewall type 'USER with logon' I get the following:

STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER Harry
     331 Password required for Harry.
COMMAND:>     PASS *******
     230 User Harry logged in.
STATUS:>     Login successful
COMMAND:>     USER anonymous@ftp.pc.ibm.com
     331 Password required for anonymous@ftp.pc.ibm.com.
COMMAND:>     PASS ********
     530 User anonymous@ftp.pc.ibm.com cannot log in.
ERROR:>     Can't log in. Still trying...
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Monday 17:48:30 03-31-2003


I have the 'Enable Firewall Access' checked and the 'PASV mode' unchecked.
I've tried using a different FTP Client (AceFTP2) with the same results.
I can access the FTP sites using MSIE so I'm assuming it is a configuration problem with the Firewall.

Any help would be appreciated.


Harry68Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gaffieCommented:
Do you have any information about the proxy server you're running. Name, version, port number running on, type etc.

Now it just looks like it's connecting to your local FTP-server. Not your proxy server.
0
Frog357Commented:
Have you tried changing PASV to PORT?  This is what I needed to get mine to work.  It can be set per site or globally in Options of CuteFTP.
0
jon_harrisCommented:
CuteFTP is trying to negioate a new port number with the host, as only port 21 will be open this will fail.

To get round this, you must untick the PASV mode for the particular site.

(although it is shown in grey on the site manager - this means that it is reading the program default)

Also, leave the Firewall and proxy stuff unchecked.

HTH
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Harry68Author Commented:
I've tried all the different permutations of CuteFTP settings. The best I get is the following:


STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER Harry
     331 Password required for Harry.
COMMAND:>     PASS *****
     230 User Harry logged in.
COMMAND:>     TYPE I
     200 Type set to I.
COMMAND:>     REST 100
     350 Restarting at 100.
COMMAND:>     REST 0
     350 Restarting at 0.
STATUS:>     This site can resume broken downloads
COMMAND:>     PWD
     257 "/" is current directory.
COMMAND:>     CWD \web
     550 /web: The system cannot find the file specified.
COMMAND:>     TYPE A
     200 Type set to A.
STATUS:>     Retrieving directory listing...
COMMAND:>     PORT 192,168,100,124,4,201
     200 PORT command successful.
COMMAND:>     LIST
     150 Opening ASCII mode data connection for /bin/ls.
     226 Transfer complete.
STATUS:>     Received 0 bytes Ok.
STATUS:>     Time: 0:00:01, Efficiency: 0.00 KBytes/s (0 bytes/s)
STATUS:>     Done.

This doesn't appear to be getting past the server (firewall).
I don't know if it is something to do with the Win2000 server settings but I've checked them and there are no deny filters set up, all the correct allow filters are there.
The only problem I can see is that there is a router on the other side of the firewall server that is on a different subnet.

Router IP: 192.168.0.1
Server: 192.168.100.11

Clients: 192.168.100.101 - 121 (addresses are static)
Subnet Mask: 255.255.255.0
Gateway: 192.168.100.11
0
gaffieCommented:
When you have a firewall setup, you should always be using PASV mode. For ACTIVE ftp you need to accept incoming connections. Mostly incoming connections are denied by the firewall or NAT.

i don't know what kind of firewall you're running. But mostly (except for proxies) you have to connect directly to ftp-sites. The firewall should be transparent.







0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gaffieCommented:
For a normal connection go to: settings - connections -firewall. Clear the fields: host, userid, password.
Set port to 21. Set type to 'general'. And select PASV.

For a normal NAT based firewall these settings should do.
0
Harry68Author Commented:
This is what I get with those settings:

STATUS:>     Connect: Tuesday 18:02:43 04-01-2003
STATUS:>     Connecting to 207.153.47.42
STATUS:>     Connecting to 207.153.47.42 (ip = 207.153.47.42)
ERROR:>     Can't connect
ERROR:>     Can't log in. Still trying...
STATUS:>     Disconnect: Tuesday 18:03:28 04-01-2003
STATUS:>     Waiting to try again...
STATUS:>     Connect: Tuesday 18:03:29 04-01-2003
STATUS:>     Connecting to 207.153.47.42
STATUS:>     Connecting to 207.153.47.42 (ip = 207.153.47.42)
ERROR:>     Can't connect
ERROR:>     Can't log in. Still trying...
STATUS:>     Disconnect: Tuesday 18:04:14 04-01-2003
STATUS:>     Waiting to try again...
STATUS:>     Connect: Tuesday 18:04:15 04-01-2003
STATUS:>     Connecting to 207.153.47.42
STATUS:>     Connecting to 207.153.47.42 (ip = 207.153.47.42)
ERROR:>     Can't connect
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Tuesday 18:05:00 04-01-2003

This is basically where I started from.

Is there something I should be looking at in the server or firewall settings?
0
gaffieCommented:
What kind of firewall is it? Is it a proxy or just a plain port filter?


0
Harry68Author Commented:
It is also set up as a proxy server.
0
CleanupPingCommented:
Harry68:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
juliancrawfordCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: gaffie {http:#8243879}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Julian Crawford
EE Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.