?
Solved

CuteFTP Firewall Settings

Posted on 2003-03-31
12
Medium Priority
?
1,230 Views
Last Modified: 2013-11-16
Hi, I'm trying to set up CuteFTP on a Client machine and I'm having trouble with the Firewall settings. When I try to connect to any FTP site using the firewall type 'SITE site' I get the following:

STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER Harry
     331 Password required for Harry.
COMMAND:>     PASS *******
     230 User Harry logged in.
STATUS:>     Login successful
STATUS:>     Socket connected. Waiting for welcome message...
     500 'SITE ftp.pc.ibm.com': command not understood
ERROR:>     Unknown response code: 500
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Monday 17:44:12 03-31-2003

When I try to connect using the firewall type 'USER user@site' I get the following:

STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER anonymous@ftp.pc.ibm.com
     331 Password required for anonymous@ftp.pc.ibm.com.
COMMAND:>     PASS ********
     530 User anonymous@ftp.pc.ibm.com cannot log in.
ERROR:>     Can't log in. Still trying...
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Monday 17:47:17 03-31-2003

When I try to connect using the firewall type 'USER with logon' I get the following:

STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER Harry
     331 Password required for Harry.
COMMAND:>     PASS *******
     230 User Harry logged in.
STATUS:>     Login successful
COMMAND:>     USER anonymous@ftp.pc.ibm.com
     331 Password required for anonymous@ftp.pc.ibm.com.
COMMAND:>     PASS ********
     530 User anonymous@ftp.pc.ibm.com cannot log in.
ERROR:>     Can't log in. Still trying...
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Monday 17:48:30 03-31-2003


I have the 'Enable Firewall Access' checked and the 'PASV mode' unchecked.
I've tried using a different FTP Client (AceFTP2) with the same results.
I can access the FTP sites using MSIE so I'm assuming it is a configuration problem with the Firewall.

Any help would be appreciated.


0
Comment
Question by:Harry68
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 4

Expert Comment

by:gaffie
ID: 8237519
Do you have any information about the proxy server you're running. Name, version, port number running on, type etc.

Now it just looks like it's connecting to your local FTP-server. Not your proxy server.
0
 
LVL 4

Expert Comment

by:Frog357
ID: 8238237
Have you tried changing PASV to PORT?  This is what I needed to get mine to work.  It can be set per site or globally in Options of CuteFTP.
0
 

Expert Comment

by:jon_harris
ID: 8239062
CuteFTP is trying to negioate a new port number with the host, as only port 21 will be open this will fail.

To get round this, you must untick the PASV mode for the particular site.

(although it is shown in grey on the site manager - this means that it is reading the program default)

Also, leave the Firewall and proxy stuff unchecked.

HTH
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:Harry68
ID: 8243805
I've tried all the different permutations of CuteFTP settings. The best I get is the following:


STATUS:>     Connecting to Firewall host
STATUS:>     Firewall socket connected. Waiting for welcome message...
     220 amecom Microsoft FTP Service (Version 5.0).
STATUS:>     Connected. Authenticating...
COMMAND:>     USER Harry
     331 Password required for Harry.
COMMAND:>     PASS *****
     230 User Harry logged in.
COMMAND:>     TYPE I
     200 Type set to I.
COMMAND:>     REST 100
     350 Restarting at 100.
COMMAND:>     REST 0
     350 Restarting at 0.
STATUS:>     This site can resume broken downloads
COMMAND:>     PWD
     257 "/" is current directory.
COMMAND:>     CWD \web
     550 /web: The system cannot find the file specified.
COMMAND:>     TYPE A
     200 Type set to A.
STATUS:>     Retrieving directory listing...
COMMAND:>     PORT 192,168,100,124,4,201
     200 PORT command successful.
COMMAND:>     LIST
     150 Opening ASCII mode data connection for /bin/ls.
     226 Transfer complete.
STATUS:>     Received 0 bytes Ok.
STATUS:>     Time: 0:00:01, Efficiency: 0.00 KBytes/s (0 bytes/s)
STATUS:>     Done.

This doesn't appear to be getting past the server (firewall).
I don't know if it is something to do with the Win2000 server settings but I've checked them and there are no deny filters set up, all the correct allow filters are there.
The only problem I can see is that there is a router on the other side of the firewall server that is on a different subnet.

Router IP: 192.168.0.1
Server: 192.168.100.11

Clients: 192.168.100.101 - 121 (addresses are static)
Subnet Mask: 255.255.255.0
Gateway: 192.168.100.11
0
 
LVL 4

Accepted Solution

by:
gaffie earned 1000 total points
ID: 8243879
When you have a firewall setup, you should always be using PASV mode. For ACTIVE ftp you need to accept incoming connections. Mostly incoming connections are denied by the firewall or NAT.

i don't know what kind of firewall you're running. But mostly (except for proxies) you have to connect directly to ftp-sites. The firewall should be transparent.







0
 
LVL 4

Expert Comment

by:gaffie
ID: 8243920
For a normal connection go to: settings - connections -firewall. Clear the fields: host, userid, password.
Set port to 21. Set type to 'general'. And select PASV.

For a normal NAT based firewall these settings should do.
0
 

Author Comment

by:Harry68
ID: 8244028
This is what I get with those settings:

STATUS:>     Connect: Tuesday 18:02:43 04-01-2003
STATUS:>     Connecting to 207.153.47.42
STATUS:>     Connecting to 207.153.47.42 (ip = 207.153.47.42)
ERROR:>     Can't connect
ERROR:>     Can't log in. Still trying...
STATUS:>     Disconnect: Tuesday 18:03:28 04-01-2003
STATUS:>     Waiting to try again...
STATUS:>     Connect: Tuesday 18:03:29 04-01-2003
STATUS:>     Connecting to 207.153.47.42
STATUS:>     Connecting to 207.153.47.42 (ip = 207.153.47.42)
ERROR:>     Can't connect
ERROR:>     Can't log in. Still trying...
STATUS:>     Disconnect: Tuesday 18:04:14 04-01-2003
STATUS:>     Waiting to try again...
STATUS:>     Connect: Tuesday 18:04:15 04-01-2003
STATUS:>     Connecting to 207.153.47.42
STATUS:>     Connecting to 207.153.47.42 (ip = 207.153.47.42)
ERROR:>     Can't connect
ERROR:>     Can't log in. Disconnecting...
STATUS:>     Disconnect: Tuesday 18:05:00 04-01-2003

This is basically where I started from.

Is there something I should be looking at in the server or firewall settings?
0
 
LVL 4

Expert Comment

by:gaffie
ID: 8246842
What kind of firewall is it? Is it a proxy or just a plain port filter?


0
 

Author Comment

by:Harry68
ID: 8249390
It is also set up as a proxy server.
0
 

Expert Comment

by:CleanupPing
ID: 9152788
Harry68:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 10088777
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: gaffie {http:#8243879}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Julian Crawford
EE Cleanup Volunteer
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month13 days, 7 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question