Solved

Firewall not passing ftp after server reboot

Posted on 2008-09-29
17
252 Views
Last Modified: 2013-12-09
After rebooting my Windows Server that is also running Windows Firewall and Windows FTP server I am unable to pull up any ftp sites. It prompts for the login then the page just hangs there, what logs should I be looking for/ Any ideas what else I could look at? Did verfiy that the firewall is causing the issues by disabling it
0
Comment
Question by:progjm
  • 10
  • 7
17 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 22596854
0
 
LVL 1

Author Comment

by:progjm
ID: 22597103
Added some more info for our firewall.
FTP-FW-Log.txt
0
 
LVL 1

Author Comment

by:progjm
ID: 22599584
Still having the issues, anyone??
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22599849
Here's another link with step by step to get PASV working on 2003 Server through the firewall.

http://agramont.net/blogs/conrad/archive/2006/07/28/Enabling-Passive-Mode-FTP-with-Windows-2003-and-Windows-Firewall.aspx
0
 
LVL 1

Author Comment

by:progjm
ID: 22600021
Didnt work, what log would I be able to check to see if there are any errors. I have checked several of them and didnt see anything out of the ordinary. But I might also be looking at the wrong logs
0
 
LVL 1

Author Comment

by:progjm
ID: 22600104
Checked again and FTP access is the only issue here, all other services are able to pass when the firewall is active
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22600917
The default firewall log is in c:\windows\pfirewall.log    But that can be changed in the Windows Firewall-Advanced-Security Logging Settings button.    

0
 
LVL 1

Author Comment

by:progjm
ID: 22605210
All its showing is a bunch of DROP TCP connections? Dont know what esle to look at here?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 33

Expert Comment

by:MikeKane
ID: 22605362
Did you do the following on your server:
Add Program --> Browse --> Inetinfo.exe --> OK Open FTP client program, make sure FTP Client program is enabled for passive FTP.

Also,  test this from a client with a known IP.   Then you can search the log file for that IP address and look for any interesting items....


0
 
LVL 1

Author Comment

by:progjm
ID: 22607417
yep that was the first setting that I made sure was correct

This is from the pfirewall.log

2008-09-30 13:09:57 OPEN-INBOUND TCP Outside_IP FTP_IP 37709 21 - - - - - - - - -
2008-09-30 13:09:57 CLOSE TCP FTP_IP Outside_IP 21 37709 - - - - - - - - -
2008-09-30 13:10:04 OPEN-INBOUND TCP Outside_IP FTP_IP 37717 21 - - - - - - - - -
2008-09-30 13:10:05 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:08 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:14 DROP TCP Outside_IP FTP_IP 37718 2862 48 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:26 CLOSE TCP FTP_IP Outside_IP 21 37717 - - - - - - - - -
2008-09-30 13:10:26 OPEN-INBOUND TCP Outside_IP FTP_IP 37808 21 - - - - - - - - -
2008-09-30 13:10:26 DROP TCP Outside_IP FTP_IP 37809 2863 52 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:29 DROP TCP Outside_IP FTP_IP 37809 2863 52 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:35 DROP TCP Outside_IP FTP_IP 37809 2863 48 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:47 CLOSE TCP FTP_IP Outside_IP 21 37808 - - - - - - - - -
2008-09-30 13:10:47 OPEN-INBOUND TCP Outside_IP FTP_IP 37846 21 - - - - - - - - -
2008-09-30 13:10:48 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:51 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:57 DROP TCP Outside_IP FTP_IP 37847 2864 48 S 1207220034 0 8192 - - - RECEIVE
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22607672
In passive mode, the client would sent the PASV command the and server responds with a port P where P>1023

In this snippit, it looks like the client opened 37846 an 37847.     The control went to port 21 which is fine.    Then the client opens the port +1 (37847, the server then should send a random port where P>1023 back to the client and the client then connects the N+1 (37847) to the port the server just returned.  

2008-09-30 13:10:47 OPEN-INBOUND TCP Outside_IP FTP_IP 37846 21 - - - - - - - - -
2008-09-30 13:10:48 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:51 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:57 DROP TCP Outside_IP FTP_IP 37847 2864 48 S 1207220034 0 8192 - - - RECEIVE


Whats happening in this log, from the looks of it, the Client is picking up the PORT P from the server, but the firewall is dropping it:
2008-09-30 13:10:05 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE




You need to make certain that inetinfo.exe is in the exception list.  
Run this command to double check the program and port exceptions:
netsh firewall show state verbose=enable




0
 
LVL 1

Author Comment

by:progjm
ID: 22608062
here is the output
FTP-FW.txt
0
 
LVL 1

Author Comment

by:progjm
ID: 22608105
Soory log cutoff
FTP-FW.txt
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22608128
These are your exceptions:
Program exceptions:
Mode     Local policy  Name / Program
-------------------------------------------------------------------
Enable   Yes           Backup Exec Remote Agent for Windows Systems / C:\Program
 Files\Symantec\Backup Exec\RAWS\beremote.exe
        Scope: *
Enable   Yes           Backup Exec Remote Agent Utility / C:\Program Files\Syman
tec\Backup Exec\RAWS\vxmon.exe
        Scope: *
Enable   Yes           java / D:\bea\jdk142_05\bin\java.exe
        Scope: *
Enable   Yes           javaw / D:\bea\jrockit81sp4_142_05\bin\javaw.exe


I dont see one for the inetinfo.exe  


0
 
LVL 1

Author Comment

by:progjm
ID: 22608169
WOW missed that all together, but the strange thing is that it shows FTP in the exceptions and that must of been what threw me off. How can I add that exception from the command line?
0
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 22608304
In the firewall config, add an exception:
Add Program --> Browse --> Inetinfo.exe --> OK


0
 
LVL 1

Author Closing Comment

by:progjm
ID: 31501182
thank you again for the help!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Samba is the de-facto standard program (or, more correctly: suite of programs) that UNIX and Linux systems use to share files with Microsoft Windows (and more recently, Mac OS-X) systems. Currently, there are 2 common versions of Samba available,…
Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now