Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Firewall Running FTP Service

Posted on 2006-07-06
2
359 Views
Last Modified: 2013-11-16
Hi folks, this is the current background of the connectivity issue i am having ...

Windows 2003 Standard Edition SP1, with Blackice Server protection as our main firewall, this is a dedicated server in usa, lets say our public internet ip adress is 209.73.186.238 ... our public gateway ip lets say is 209.73.186.1  ...

Our ftp service must run on port 47792 ...


The ftp we are using is Titan Ftp server, i´ve checked the box where " we are behind a router/cable/firewall" and typed the public gateway ip let say 209.73.186.1 .

In our firewall ( ISS Blackice Server Protection) i´ve opened ports 47792, and ports for passive mode 10000 - 10020, pointing to 209.73.186.238.


Am i missing something? because i cannot access the ftp from the outside .. (internet) ...

 
0
Comment
Question by:enigmateam
2 Comments
 
LVL 12

Accepted Solution

by:
GinEric earned 500 total points
ID: 17051022
You may still have to open port 21.

Windows Server 2003 is notorius for closing or stealthing ports, even DNS port 53.  The approach is ridiculous.  Unlike nVidia's firewall, Windows comes with no list of blocked ports. NVidia does a much better job, allowing you to unblock inbound and outbound, and to allow things like critical services.

With Windows, you have to go to somewhere in their Security or Firewall properties and unblock all the ICMP and other ports that a server needs just to work with the Internet.

I don't know about Blackice, but I imagine they have the same problem.  You can't stealth or block a port if you're going to use it effectively inbound or outbound.

Windows makes too many decisions for the administrator of a network.  And it's hard to undo their decisions.  The approach may be fine for workstation software, but it is bad for servers.

Once some programmer in Redmund takes away your decisionmaking authority, you have to go through a lot of hoops to get it back and it's not easy.

Windows and other security software should basically get their nose out of the administrator's decisionmaking, and, administrators should take on that responsibility.

Check all of your ports, probably one at a time, and see if it opens the ftp back up.

Good luck with 65,536 ports.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17051491
Is BlackICE the only firewall protecting your Server.

Does your router has some access-list on it. Have you opened ports 47792 and 10000...10020 on router as well.

If you have any other firewall between router and server, then you must open the ports on it as well.

Then from outside use this URL in IE.

ftp://your_public_ip:47792

You must specify port number as your ftp is not running on default port 21.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question