Solved

Firewall not passing ftp after server reboot

Posted on 2008-09-29
17
257 Views
Last Modified: 2013-12-09
After rebooting my Windows Server that is also running Windows Firewall and Windows FTP server I am unable to pull up any ftp sites. It prompts for the login then the page just hangs there, what logs should I be looking for/ Any ideas what else I could look at? Did verfiy that the firewall is causing the issues by disabling it
0
Comment
Question by:progjm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 7
17 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 22596854
0
 
LVL 1

Author Comment

by:progjm
ID: 22597103
Added some more info for our firewall.
FTP-FW-Log.txt
0
 
LVL 1

Author Comment

by:progjm
ID: 22599584
Still having the issues, anyone??
0
Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

 
LVL 33

Expert Comment

by:MikeKane
ID: 22599849
Here's another link with step by step to get PASV working on 2003 Server through the firewall.

http://agramont.net/blogs/conrad/archive/2006/07/28/Enabling-Passive-Mode-FTP-with-Windows-2003-and-Windows-Firewall.aspx
0
 
LVL 1

Author Comment

by:progjm
ID: 22600021
Didnt work, what log would I be able to check to see if there are any errors. I have checked several of them and didnt see anything out of the ordinary. But I might also be looking at the wrong logs
0
 
LVL 1

Author Comment

by:progjm
ID: 22600104
Checked again and FTP access is the only issue here, all other services are able to pass when the firewall is active
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22600917
The default firewall log is in c:\windows\pfirewall.log    But that can be changed in the Windows Firewall-Advanced-Security Logging Settings button.    

0
 
LVL 1

Author Comment

by:progjm
ID: 22605210
All its showing is a bunch of DROP TCP connections? Dont know what esle to look at here?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22605362
Did you do the following on your server:
Add Program --> Browse --> Inetinfo.exe --> OK Open FTP client program, make sure FTP Client program is enabled for passive FTP.

Also,  test this from a client with a known IP.   Then you can search the log file for that IP address and look for any interesting items....


0
 
LVL 1

Author Comment

by:progjm
ID: 22607417
yep that was the first setting that I made sure was correct

This is from the pfirewall.log

2008-09-30 13:09:57 OPEN-INBOUND TCP Outside_IP FTP_IP 37709 21 - - - - - - - - -
2008-09-30 13:09:57 CLOSE TCP FTP_IP Outside_IP 21 37709 - - - - - - - - -
2008-09-30 13:10:04 OPEN-INBOUND TCP Outside_IP FTP_IP 37717 21 - - - - - - - - -
2008-09-30 13:10:05 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:08 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:14 DROP TCP Outside_IP FTP_IP 37718 2862 48 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:26 CLOSE TCP FTP_IP Outside_IP 21 37717 - - - - - - - - -
2008-09-30 13:10:26 OPEN-INBOUND TCP Outside_IP FTP_IP 37808 21 - - - - - - - - -
2008-09-30 13:10:26 DROP TCP Outside_IP FTP_IP 37809 2863 52 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:29 DROP TCP Outside_IP FTP_IP 37809 2863 52 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:35 DROP TCP Outside_IP FTP_IP 37809 2863 48 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:47 CLOSE TCP FTP_IP Outside_IP 21 37808 - - - - - - - - -
2008-09-30 13:10:47 OPEN-INBOUND TCP Outside_IP FTP_IP 37846 21 - - - - - - - - -
2008-09-30 13:10:48 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:51 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:57 DROP TCP Outside_IP FTP_IP 37847 2864 48 S 1207220034 0 8192 - - - RECEIVE
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22607672
In passive mode, the client would sent the PASV command the and server responds with a port P where P>1023

In this snippit, it looks like the client opened 37846 an 37847.     The control went to port 21 which is fine.    Then the client opens the port +1 (37847, the server then should send a random port where P>1023 back to the client and the client then connects the N+1 (37847) to the port the server just returned.  

2008-09-30 13:10:47 OPEN-INBOUND TCP Outside_IP FTP_IP 37846 21 - - - - - - - - -
2008-09-30 13:10:48 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:51 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:57 DROP TCP Outside_IP FTP_IP 37847 2864 48 S 1207220034 0 8192 - - - RECEIVE


Whats happening in this log, from the looks of it, the Client is picking up the PORT P from the server, but the firewall is dropping it:
2008-09-30 13:10:05 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE




You need to make certain that inetinfo.exe is in the exception list.  
Run this command to double check the program and port exceptions:
netsh firewall show state verbose=enable




0
 
LVL 1

Author Comment

by:progjm
ID: 22608062
here is the output
FTP-FW.txt
0
 
LVL 1

Author Comment

by:progjm
ID: 22608105
Soory log cutoff
FTP-FW.txt
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22608128
These are your exceptions:
Program exceptions:
Mode     Local policy  Name / Program
-------------------------------------------------------------------
Enable   Yes           Backup Exec Remote Agent for Windows Systems / C:\Program
 Files\Symantec\Backup Exec\RAWS\beremote.exe
        Scope: *
Enable   Yes           Backup Exec Remote Agent Utility / C:\Program Files\Syman
tec\Backup Exec\RAWS\vxmon.exe
        Scope: *
Enable   Yes           java / D:\bea\jdk142_05\bin\java.exe
        Scope: *
Enable   Yes           javaw / D:\bea\jrockit81sp4_142_05\bin\javaw.exe


I dont see one for the inetinfo.exe  


0
 
LVL 1

Author Comment

by:progjm
ID: 22608169
WOW missed that all together, but the strange thing is that it shows FTP in the exceptions and that must of been what threw me off. How can I add that exception from the command line?
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 22608304
In the firewall config, add an exception:
Add Program --> Browse --> Inetinfo.exe --> OK


0
 
LVL 1

Author Closing Comment

by:progjm
ID: 31501182
thank you again for the help!
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Over the past decade, as Internet security has become a chief concern of IT professionals, one of the most common questions administrators and users ask is, “Which is more secure, SFTP or FTPS?” In short, both file transfer protocols offer a high…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question