stevendunne
asked on
FTP - Connections Problems
Hope you can help. I'm using a sonicwall tz170 firewall. Here goes:
I had FTP problems with 3 customers. Basically they were unable to complete the data connection into our FTP server, the connection just locked up. I tried all sorts including opening up our firewall for high-ports, ftp ports 20 & 21 for there specific FTP public IP addresses. This still didn't resolve the issue.
I found a setting in the firewall which "Forces Inbound & Outbound FTP traffic to default to Port 20". This then resolved the above problem for these 3 customers.
However, this has had a knock on affect with a different customer, where we send the file across into there FTP site, via an automated batch file. The same is now happening here, the data connection is locking up for me. I'm fairly confident removing the setting "Forces Inbound & Outbound FTP traffic to default to Port 20" which remove this problem.
We are in the same boat as this customer, where they don't want to change things that will affect other customers, and I'm the same here. Plus from a security point of view, with all these back door threats\trojans, I'm very reluctant to continue to leave a server open for high-ports.
Does anyone have any suggestions ? I'm thinking of upgrading to the sonicOS enhanced edition, if this will give me more options with ftp ?
Thanks
I had FTP problems with 3 customers. Basically they were unable to complete the data connection into our FTP server, the connection just locked up. I tried all sorts including opening up our firewall for high-ports, ftp ports 20 & 21 for there specific FTP public IP addresses. This still didn't resolve the issue.
I found a setting in the firewall which "Forces Inbound & Outbound FTP traffic to default to Port 20". This then resolved the above problem for these 3 customers.
However, this has had a knock on affect with a different customer, where we send the file across into there FTP site, via an automated batch file. The same is now happening here, the data connection is locking up for me. I'm fairly confident removing the setting "Forces Inbound & Outbound FTP traffic to default to Port 20" which remove this problem.
We are in the same boat as this customer, where they don't want to change things that will affect other customers, and I'm the same here. Plus from a security point of view, with all these back door threats\trojans, I'm very reluctant to continue to leave a server open for high-ports.
Does anyone have any suggestions ? I'm thinking of upgrading to the sonicOS enhanced edition, if this will give me more options with ftp ?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>Finally, how do I check if my ftp is passive\active and how could I change ?
if your passive you will have a lot of high (above 1024) ports open o the firewall
if your passive you will have a lot of high (above 1024) ports open o the firewall
If you want to avoid opening a boatload of high ports on your server, you could probably force passive FTP to use a specific port (the server normally just picks a random port and tells the client to initiate the data connection with that).
For IIS the following article might be useful to you: http://support.microsoft.com/?kbid=810639.
You'd then just need to open the port that you chose on the firewall.
Most ftp clients can connect to in passive mode by issue a literal command: PASV (that'll put the FTP server in passive mode).
I hope that helps.
For IIS the following article might be useful to you: http://support.microsoft.com/?kbid=810639.
You'd then just need to open the port that you chose on the firewall.
Most ftp clients can connect to in passive mode by issue a literal command: PASV (that'll put the FTP server in passive mode).
I hope that helps.
ThanQ
ASKER
Am I causing all the problems by enabling "Forces Inbound & Outbound FTP traffic to default to Port 20" ?
If the other side enable passive ftp, will I have problem as I have this "Forces Inbound & Outbound FTP traffic to default to Port 20" setting in place ?
Finally, how do I check if my ftp is passive\active and how could I change ?