Firewall not passing ftp after server reboot

After rebooting my Windows Server that is also running Windows Firewall and Windows FTP server I am unable to pull up any ftp sites. It prompts for the login then the page just hangs there, what logs should I be looking for/ Any ideas what else I could look at? Did verfiy that the firewall is causing the issues by disabling it
LVL 1
progjmAsked:
Who is Participating?
 
MikeKaneConnect With a Mentor Commented:
In the firewall config, add an exception:
Add Program --> Browse --> Inetinfo.exe --> OK


0
 
MikeKaneCommented:
0
 
progjmAuthor Commented:
Added some more info for our firewall.
FTP-FW-Log.txt
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
progjmAuthor Commented:
Still having the issues, anyone??
0
 
MikeKaneCommented:
Here's another link with step by step to get PASV working on 2003 Server through the firewall.

http://agramont.net/blogs/conrad/archive/2006/07/28/Enabling-Passive-Mode-FTP-with-Windows-2003-and-Windows-Firewall.aspx
0
 
progjmAuthor Commented:
Didnt work, what log would I be able to check to see if there are any errors. I have checked several of them and didnt see anything out of the ordinary. But I might also be looking at the wrong logs
0
 
progjmAuthor Commented:
Checked again and FTP access is the only issue here, all other services are able to pass when the firewall is active
0
 
MikeKaneCommented:
The default firewall log is in c:\windows\pfirewall.log    But that can be changed in the Windows Firewall-Advanced-Security Logging Settings button.    

0
 
progjmAuthor Commented:
All its showing is a bunch of DROP TCP connections? Dont know what esle to look at here?
0
 
MikeKaneCommented:
Did you do the following on your server:
Add Program --> Browse --> Inetinfo.exe --> OK Open FTP client program, make sure FTP Client program is enabled for passive FTP.

Also,  test this from a client with a known IP.   Then you can search the log file for that IP address and look for any interesting items....


0
 
progjmAuthor Commented:
yep that was the first setting that I made sure was correct

This is from the pfirewall.log

2008-09-30 13:09:57 OPEN-INBOUND TCP Outside_IP FTP_IP 37709 21 - - - - - - - - -
2008-09-30 13:09:57 CLOSE TCP FTP_IP Outside_IP 21 37709 - - - - - - - - -
2008-09-30 13:10:04 OPEN-INBOUND TCP Outside_IP FTP_IP 37717 21 - - - - - - - - -
2008-09-30 13:10:05 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:08 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:14 DROP TCP Outside_IP FTP_IP 37718 2862 48 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:26 CLOSE TCP FTP_IP Outside_IP 21 37717 - - - - - - - - -
2008-09-30 13:10:26 OPEN-INBOUND TCP Outside_IP FTP_IP 37808 21 - - - - - - - - -
2008-09-30 13:10:26 DROP TCP Outside_IP FTP_IP 37809 2863 52 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:29 DROP TCP Outside_IP FTP_IP 37809 2863 52 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:35 DROP TCP Outside_IP FTP_IP 37809 2863 48 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:47 CLOSE TCP FTP_IP Outside_IP 21 37808 - - - - - - - - -
2008-09-30 13:10:47 OPEN-INBOUND TCP Outside_IP FTP_IP 37846 21 - - - - - - - - -
2008-09-30 13:10:48 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:51 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:57 DROP TCP Outside_IP FTP_IP 37847 2864 48 S 1207220034 0 8192 - - - RECEIVE
0
 
MikeKaneCommented:
In passive mode, the client would sent the PASV command the and server responds with a port P where P>1023

In this snippit, it looks like the client opened 37846 an 37847.     The control went to port 21 which is fine.    Then the client opens the port +1 (37847, the server then should send a random port where P>1023 back to the client and the client then connects the N+1 (37847) to the port the server just returned.  

2008-09-30 13:10:47 OPEN-INBOUND TCP Outside_IP FTP_IP 37846 21 - - - - - - - - -
2008-09-30 13:10:48 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:51 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:57 DROP TCP Outside_IP FTP_IP 37847 2864 48 S 1207220034 0 8192 - - - RECEIVE


Whats happening in this log, from the looks of it, the Client is picking up the PORT P from the server, but the firewall is dropping it:
2008-09-30 13:10:05 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE




You need to make certain that inetinfo.exe is in the exception list.  
Run this command to double check the program and port exceptions:
netsh firewall show state verbose=enable




0
 
progjmAuthor Commented:
here is the output
FTP-FW.txt
0
 
progjmAuthor Commented:
Soory log cutoff
FTP-FW.txt
0
 
MikeKaneCommented:
These are your exceptions:
Program exceptions:
Mode     Local policy  Name / Program
-------------------------------------------------------------------
Enable   Yes           Backup Exec Remote Agent for Windows Systems / C:\Program
 Files\Symantec\Backup Exec\RAWS\beremote.exe
        Scope: *
Enable   Yes           Backup Exec Remote Agent Utility / C:\Program Files\Syman
tec\Backup Exec\RAWS\vxmon.exe
        Scope: *
Enable   Yes           java / D:\bea\jdk142_05\bin\java.exe
        Scope: *
Enable   Yes           javaw / D:\bea\jrockit81sp4_142_05\bin\javaw.exe


I dont see one for the inetinfo.exe  


0
 
progjmAuthor Commented:
WOW missed that all together, but the strange thing is that it shows FTP in the exceptions and that must of been what threw me off. How can I add that exception from the command line?
0
 
progjmAuthor Commented:
thank you again for the help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.