Passive FTP through WatchGuard FireBox
I am using FileZilla on a windows PC to share out FTP. I had this configured to support active and passive ftp through a linksys rv082 gateway/router.
I have upgraded to the WatchGuard Firebox x550e. All other services work fine using the same configs as the linksys. Active FTP using command line or a ftp client works great, but passive does not work. Using a web browser, the password/login challenge dialog comes up, but hangs beyond that. Connecting to the server within the LAN works with no problems.
I put through ports 20-21 and passive ports 5000-5025. i also set filezilla to use the static external ip for passive. The linksys worked fine, but the WatchGuard box does not like this.
I am not using a FTP proxy. I am using a custom tcp filter for 20-21 & 5000-5025 from any external to a static NAT.
I am talking to support, but their second level support is not understanding this, They claim ftp is working, but are not trying a browser. I have been down now for 5 days and I am getting a bit upset and so are my customers. Any help would be appreciated.
-nick
I have upgraded to the WatchGuard Firebox x550e. All other services work fine using the same configs as the linksys. Active FTP using command line or a ftp client works great, but passive does not work. Using a web browser, the password/login challenge dialog comes up, but hangs beyond that. Connecting to the server within the LAN works with no problems.
I put through ports 20-21 and passive ports 5000-5025. i also set filezilla to use the static external ip for passive. The linksys worked fine, but the WatchGuard box does not like this.
I am not using a FTP proxy. I am using a custom tcp filter for 20-21 & 5000-5025 from any external to a static NAT.
I am talking to support, but their second level support is not understanding this, They claim ftp is working, but are not trying a browser. I have been down now for 5 days and I am getting a bit upset and so are my customers. Any help would be appreciated.
-nick
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the response dpk_wal
Watchguard support had me try the same thing. this was their final response:
"
did get a chance to run some tests, and have been getting some odd results. Active FTP works just fine. PASV does in fact hang in the browser.
Packet captures from the client appears to be fine. Oddly, the Firebox is not logging the inbound allowed TCP 21 traffic at the moment, when using PASV mode. Even via telnet to 21, setting PASV mode, the inbound 21 traffic doesn't show in Traf Mon. However, once the connection is killed, the Allowed-FIN on TCP 21 does show.
I believe some work has been done on the FTP Proxy, for the upcoming release of Fireware v10.0. Until the public release, I'll continue to look into this futher, as I have not been able to uncover any specific BUGs related to these symptoms.
"
I guess I need to wait for v10. It is annoying since my Linksys rv082 handled it without an issue. I guess it is time to go to something better than FTP anyway. Other than this, I really like the firebox. The fail over for multiple ISP's works awesome.
Watchguard support had me try the same thing. this was their final response:
"
did get a chance to run some tests, and have been getting some odd results. Active FTP works just fine. PASV does in fact hang in the browser.
Packet captures from the client appears to be fine. Oddly, the Firebox is not logging the inbound allowed TCP 21 traffic at the moment, when using PASV mode. Even via telnet to 21, setting PASV mode, the inbound 21 traffic doesn't show in Traf Mon. However, once the connection is killed, the Allowed-FIN on TCP 21 does show.
I believe some work has been done on the FTP Proxy, for the upcoming release of Fireware v10.0. Until the public release, I'll continue to look into this futher, as I have not been able to uncover any specific BUGs related to these symptoms.
"
I guess I need to wait for v10. It is annoying since my Linksys rv082 handled it without an issue. I guess it is time to go to something better than FTP anyway. Other than this, I really like the firebox. The fail over for multiple ISP's works awesome.
ASKER
Points awarded for quick response and the fact was that it was the same solution tech support gave when troubleshooting.
-nick
-nick
Thank you for the info; I would also keep an eye on v10. :)
ASKER
Just looking at my old posts, and I have an update:
I upgraded to v10, and had issues, but the FTP proxy worked. I did have to set the passive IP in the FileZilla Settings to the local IP of the server. With my linksys, I needed to set it to be the external IP on the Internet.
Once I did this, it worked.
-Nick
I upgraded to v10, and had issues, but the FTP proxy worked. I did have to set the passive IP in the FileZilla Settings to the local IP of the server. With my linksys, I needed to set it to be the external IP on the Internet.
Once I did this, it worked.
-Nick
ASKER