Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1289
  • Last Modified:

CuteFTP Firewall Settings

Hi, I'm trying to set up CuteFTP on a Client machine and I'm having trouble with the Firewall settings. When I try to connect to any FTP site using the firewall type 'SITE site' I get the following:

STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER Harry
     331 Password required for Harry.
COMMAND:>     PASS *******
     230 User Harry logged in.
STATUS:>     Login successful
STATUS:>     Socket connected. Waiting for welcome message...
     500 'SITE ftp.pc.ibm.com': command not understood
ERROR:>     Unknown response code: 500
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Monday 17:44:12 03-31-2003

When I try to connect using the firewall type 'USER user@site' I get the following:

STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER anonymous@ftp.pc.ibm.com
     331 Password required for anonymous@ftp.pc.ibm.com.
COMMAND:>     PASS ********
     530 User anonymous@ftp.pc.ibm.com cannot log in.
ERROR:>     Can't log in. Still trying...
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Monday 17:47:17 03-31-2003

When I try to connect using the firewall type 'USER with logon' I get the following:

STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER Harry
     331 Password required for Harry.
COMMAND:>     PASS *******
     230 User Harry logged in.
STATUS:>     Login successful
COMMAND:>     USER anonymous@ftp.pc.ibm.com
     331 Password required for anonymous@ftp.pc.ibm.com.
COMMAND:>     PASS ********
     530 User anonymous@ftp.pc.ibm.com cannot log in.
ERROR:>     Can't log in. Still trying...
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Monday 17:48:30 03-31-2003


I have the 'Enable Firewall Access' checked and the 'PASV mode' unchecked.
I've tried using a different FTP Client (AceFTP2) with the same results.
I can access the FTP sites using MSIE so I'm assuming it is a configuration problem with the Firewall.

Any help would be appreciated.


0
Harry68
Asked:
Harry68
1 Solution
 
gaffieCommented:
Do you have any information about the proxy server you're running. Name, version, port number running on, type etc.

Now it just looks like it's connecting to your local FTP-server. Not your proxy server.
0
 
Frog357Commented:
Have you tried changing PASV to PORT?  This is what I needed to get mine to work.  It can be set per site or globally in Options of CuteFTP.
0
 
jon_harrisCommented:
CuteFTP is trying to negioate a new port number with the host, as only port 21 will be open this will fail.

To get round this, you must untick the PASV mode for the particular site.

(although it is shown in grey on the site manager - this means that it is reading the program default)

Also, leave the Firewall and proxy stuff unchecked.

HTH
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
Harry68Author Commented:
I've tried all the different permutations of CuteFTP settings. The best I get is the following:


STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER Harry
     331 Password required for Harry.
COMMAND:>     PASS *****
     230 User Harry logged in.
COMMAND:>     TYPE I
     200 Type set to I.
COMMAND:>     REST 100
     350 Restarting at 100.
COMMAND:>     REST 0
     350 Restarting at 0.
STATUS:>     This site can resume broken downloads
COMMAND:>     PWD
     257 "/" is current directory.
COMMAND:>     CWD \web
     550 /web: The system cannot find the file specified.
COMMAND:>     TYPE A
     200 Type set to A.
STATUS:>     Retrieving directory listing...
COMMAND:>     PORT 192,168,100,124,4,201
     200 PORT command successful.
COMMAND:>     LIST
     150 Opening ASCII mode data connection for /bin/ls.
     226 Transfer complete.
STATUS:>     Received 0 bytes Ok.
STATUS:>     Time: 0:00:01, Efficiency: 0.00 KBytes/s (0 bytes/s)
STATUS:>     Done.

This doesn't appear to be getting past the server (firewall).
I don't know if it is something to do with the Win2000 server settings but I've checked them and there are no deny filters set up, all the correct allow filters are there.
The only problem I can see is that there is a router on the other side of the firewall server that is on a different subnet.

Router IP: 192.168.0.1
Server: 192.168.100.11

Clients: 192.168.100.101 - 121 (addresses are static)
Subnet Mask: 255.255.255.0
Gateway: 192.168.100.11
0
 
gaffieCommented:
When you have a firewall setup, you should always be using PASV mode. For ACTIVE ftp you need to accept incoming connections. Mostly incoming connections are denied by the firewall or NAT.

i don't know what kind of firewall you're running. But mostly (except for proxies) you have to connect directly to ftp-sites. The firewall should be transparent.







0
 
gaffieCommented:
For a normal connection go to: settings - connections -firewall. Clear the fields: host, userid, password.
Set port to 21. Set type to 'general'. And select PASV.

For a normal NAT based firewall these settings should do.
0
 
Harry68Author Commented:
This is what I get with those settings:

STATUS:>     Connect: Tuesday 18:02:43 04-01-2003
STATUS:>     Connecting to 207.153.47.42
STATUS:>     Connecting to 207.153.47.42 (ip = 207.153.47.42)
ERROR:>     Can't connect
ERROR:>     Can't log in. Still trying...
STATUS:>     Disconnect: Tuesday 18:03:28 04-01-2003
STATUS:>     Waiting to try again...
STATUS:>     Connect: Tuesday 18:03:29 04-01-2003
STATUS:>     Connecting to 207.153.47.42
STATUS:>     Connecting to 207.153.47.42 (ip = 207.153.47.42)
ERROR:>     Can't connect
ERROR:>     Can't log in. Still trying...
STATUS:>     Disconnect: Tuesday 18:04:14 04-01-2003
STATUS:>     Waiting to try again...
STATUS:>     Connect: Tuesday 18:04:15 04-01-2003
STATUS:>     Connecting to 207.153.47.42
STATUS:>     Connecting to 207.153.47.42 (ip = 207.153.47.42)
ERROR:>     Can't connect
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Tuesday 18:05:00 04-01-2003

This is basically where I started from.

Is there something I should be looking at in the server or firewall settings?
0
 
gaffieCommented:
What kind of firewall is it? Is it a proxy or just a plain port filter?


0
 
Harry68Author Commented:
It is also set up as a proxy server.
0
 
CleanupPingCommented:
Harry68:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
juliancrawfordCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: gaffie {http:#8243879}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Julian Crawford
EE Cleanup Volunteer
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now