Solved

Firewall not passing ftp after server reboot

Posted on 2008-09-29
17
254 Views
Last Modified: 2013-12-09
After rebooting my Windows Server that is also running Windows Firewall and Windows FTP server I am unable to pull up any ftp sites. It prompts for the login then the page just hangs there, what logs should I be looking for/ Any ideas what else I could look at? Did verfiy that the firewall is causing the issues by disabling it
0
Comment
Question by:progjm
  • 10
  • 7
17 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 22596854
0
 
LVL 1

Author Comment

by:progjm
ID: 22597103
Added some more info for our firewall.
FTP-FW-Log.txt
0
 
LVL 1

Author Comment

by:progjm
ID: 22599584
Still having the issues, anyone??
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 33

Expert Comment

by:MikeKane
ID: 22599849
Here's another link with step by step to get PASV working on 2003 Server through the firewall.

http://agramont.net/blogs/conrad/archive/2006/07/28/Enabling-Passive-Mode-FTP-with-Windows-2003-and-Windows-Firewall.aspx
0
 
LVL 1

Author Comment

by:progjm
ID: 22600021
Didnt work, what log would I be able to check to see if there are any errors. I have checked several of them and didnt see anything out of the ordinary. But I might also be looking at the wrong logs
0
 
LVL 1

Author Comment

by:progjm
ID: 22600104
Checked again and FTP access is the only issue here, all other services are able to pass when the firewall is active
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22600917
The default firewall log is in c:\windows\pfirewall.log    But that can be changed in the Windows Firewall-Advanced-Security Logging Settings button.    

0
 
LVL 1

Author Comment

by:progjm
ID: 22605210
All its showing is a bunch of DROP TCP connections? Dont know what esle to look at here?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22605362
Did you do the following on your server:
Add Program --> Browse --> Inetinfo.exe --> OK Open FTP client program, make sure FTP Client program is enabled for passive FTP.

Also,  test this from a client with a known IP.   Then you can search the log file for that IP address and look for any interesting items....


0
 
LVL 1

Author Comment

by:progjm
ID: 22607417
yep that was the first setting that I made sure was correct

This is from the pfirewall.log

2008-09-30 13:09:57 OPEN-INBOUND TCP Outside_IP FTP_IP 37709 21 - - - - - - - - -
2008-09-30 13:09:57 CLOSE TCP FTP_IP Outside_IP 21 37709 - - - - - - - - -
2008-09-30 13:10:04 OPEN-INBOUND TCP Outside_IP FTP_IP 37717 21 - - - - - - - - -
2008-09-30 13:10:05 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:08 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:14 DROP TCP Outside_IP FTP_IP 37718 2862 48 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:26 CLOSE TCP FTP_IP Outside_IP 21 37717 - - - - - - - - -
2008-09-30 13:10:26 OPEN-INBOUND TCP Outside_IP FTP_IP 37808 21 - - - - - - - - -
2008-09-30 13:10:26 DROP TCP Outside_IP FTP_IP 37809 2863 52 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:29 DROP TCP Outside_IP FTP_IP 37809 2863 52 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:35 DROP TCP Outside_IP FTP_IP 37809 2863 48 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:47 CLOSE TCP FTP_IP Outside_IP 21 37808 - - - - - - - - -
2008-09-30 13:10:47 OPEN-INBOUND TCP Outside_IP FTP_IP 37846 21 - - - - - - - - -
2008-09-30 13:10:48 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:51 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:57 DROP TCP Outside_IP FTP_IP 37847 2864 48 S 1207220034 0 8192 - - - RECEIVE
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22607672
In passive mode, the client would sent the PASV command the and server responds with a port P where P>1023

In this snippit, it looks like the client opened 37846 an 37847.     The control went to port 21 which is fine.    Then the client opens the port +1 (37847, the server then should send a random port where P>1023 back to the client and the client then connects the N+1 (37847) to the port the server just returned.  

2008-09-30 13:10:47 OPEN-INBOUND TCP Outside_IP FTP_IP 37846 21 - - - - - - - - -
2008-09-30 13:10:48 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:51 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:57 DROP TCP Outside_IP FTP_IP 37847 2864 48 S 1207220034 0 8192 - - - RECEIVE


Whats happening in this log, from the looks of it, the Client is picking up the PORT P from the server, but the firewall is dropping it:
2008-09-30 13:10:05 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE




You need to make certain that inetinfo.exe is in the exception list.  
Run this command to double check the program and port exceptions:
netsh firewall show state verbose=enable




0
 
LVL 1

Author Comment

by:progjm
ID: 22608062
here is the output
FTP-FW.txt
0
 
LVL 1

Author Comment

by:progjm
ID: 22608105
Soory log cutoff
FTP-FW.txt
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22608128
These are your exceptions:
Program exceptions:
Mode     Local policy  Name / Program
-------------------------------------------------------------------
Enable   Yes           Backup Exec Remote Agent for Windows Systems / C:\Program
 Files\Symantec\Backup Exec\RAWS\beremote.exe
        Scope: *
Enable   Yes           Backup Exec Remote Agent Utility / C:\Program Files\Syman
tec\Backup Exec\RAWS\vxmon.exe
        Scope: *
Enable   Yes           java / D:\bea\jdk142_05\bin\java.exe
        Scope: *
Enable   Yes           javaw / D:\bea\jrockit81sp4_142_05\bin\javaw.exe


I dont see one for the inetinfo.exe  


0
 
LVL 1

Author Comment

by:progjm
ID: 22608169
WOW missed that all together, but the strange thing is that it shows FTP in the exceptions and that must of been what threw me off. How can I add that exception from the command line?
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 22608304
In the firewall config, add an exception:
Add Program --> Browse --> Inetinfo.exe --> OK


0
 
LVL 1

Author Closing Comment

by:progjm
ID: 31501182
thank you again for the help!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HP P440ar Smart Array 6 78
Checkpoint Endpoint Managment 3 76
ASE reports it as spam 2 336
mscorsvw.exe has been running for weeks on our SBS2011 Server 5 57
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question