• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 272
  • Last Modified:

Firewall not passing ftp after server reboot

After rebooting my Windows Server that is also running Windows Firewall and Windows FTP server I am unable to pull up any ftp sites. It prompts for the login then the page just hangs there, what logs should I be looking for/ Any ideas what else I could look at? Did verfiy that the firewall is causing the issues by disabling it
0
progjm
Asked:
progjm
  • 10
  • 7
1 Solution
 
MikeKaneCommented:
0
 
progjmAuthor Commented:
Added some more info for our firewall.
FTP-FW-Log.txt
0
 
progjmAuthor Commented:
Still having the issues, anyone??
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
MikeKaneCommented:
Here's another link with step by step to get PASV working on 2003 Server through the firewall.

http://agramont.net/blogs/conrad/archive/2006/07/28/Enabling-Passive-Mode-FTP-with-Windows-2003-and-Windows-Firewall.aspx
0
 
progjmAuthor Commented:
Didnt work, what log would I be able to check to see if there are any errors. I have checked several of them and didnt see anything out of the ordinary. But I might also be looking at the wrong logs
0
 
progjmAuthor Commented:
Checked again and FTP access is the only issue here, all other services are able to pass when the firewall is active
0
 
MikeKaneCommented:
The default firewall log is in c:\windows\pfirewall.log    But that can be changed in the Windows Firewall-Advanced-Security Logging Settings button.    

0
 
progjmAuthor Commented:
All its showing is a bunch of DROP TCP connections? Dont know what esle to look at here?
0
 
MikeKaneCommented:
Did you do the following on your server:
Add Program --> Browse --> Inetinfo.exe --> OK Open FTP client program, make sure FTP Client program is enabled for passive FTP.

Also,  test this from a client with a known IP.   Then you can search the log file for that IP address and look for any interesting items....


0
 
progjmAuthor Commented:
yep that was the first setting that I made sure was correct

This is from the pfirewall.log

2008-09-30 13:09:57 OPEN-INBOUND TCP Outside_IP FTP_IP 37709 21 - - - - - - - - -
2008-09-30 13:09:57 CLOSE TCP FTP_IP Outside_IP 21 37709 - - - - - - - - -
2008-09-30 13:10:04 OPEN-INBOUND TCP Outside_IP FTP_IP 37717 21 - - - - - - - - -
2008-09-30 13:10:05 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:08 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:14 DROP TCP Outside_IP FTP_IP 37718 2862 48 S 101972754 0 8192 - - - RECEIVE
2008-09-30 13:10:26 CLOSE TCP FTP_IP Outside_IP 21 37717 - - - - - - - - -
2008-09-30 13:10:26 OPEN-INBOUND TCP Outside_IP FTP_IP 37808 21 - - - - - - - - -
2008-09-30 13:10:26 DROP TCP Outside_IP FTP_IP 37809 2863 52 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:29 DROP TCP Outside_IP FTP_IP 37809 2863 52 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:35 DROP TCP Outside_IP FTP_IP 37809 2863 48 S 1925973442 0 8192 - - - RECEIVE
2008-09-30 13:10:47 CLOSE TCP FTP_IP Outside_IP 21 37808 - - - - - - - - -
2008-09-30 13:10:47 OPEN-INBOUND TCP Outside_IP FTP_IP 37846 21 - - - - - - - - -
2008-09-30 13:10:48 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:51 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:57 DROP TCP Outside_IP FTP_IP 37847 2864 48 S 1207220034 0 8192 - - - RECEIVE
0
 
MikeKaneCommented:
In passive mode, the client would sent the PASV command the and server responds with a port P where P>1023

In this snippit, it looks like the client opened 37846 an 37847.     The control went to port 21 which is fine.    Then the client opens the port +1 (37847, the server then should send a random port where P>1023 back to the client and the client then connects the N+1 (37847) to the port the server just returned.  

2008-09-30 13:10:47 OPEN-INBOUND TCP Outside_IP FTP_IP 37846 21 - - - - - - - - -
2008-09-30 13:10:48 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:51 DROP TCP Outside_IP FTP_IP 37847 2864 52 S 1207220034 0 8192 - - - RECEIVE
2008-09-30 13:10:57 DROP TCP Outside_IP FTP_IP 37847 2864 48 S 1207220034 0 8192 - - - RECEIVE


Whats happening in this log, from the looks of it, the Client is picking up the PORT P from the server, but the firewall is dropping it:
2008-09-30 13:10:05 DROP TCP Outside_IP FTP_IP 37718 2862 52 S 101972754 0 8192 - - - RECEIVE




You need to make certain that inetinfo.exe is in the exception list.  
Run this command to double check the program and port exceptions:
netsh firewall show state verbose=enable




0
 
progjmAuthor Commented:
here is the output
FTP-FW.txt
0
 
progjmAuthor Commented:
Soory log cutoff
FTP-FW.txt
0
 
MikeKaneCommented:
These are your exceptions:
Program exceptions:
Mode     Local policy  Name / Program
-------------------------------------------------------------------
Enable   Yes           Backup Exec Remote Agent for Windows Systems / C:\Program
 Files\Symantec\Backup Exec\RAWS\beremote.exe
        Scope: *
Enable   Yes           Backup Exec Remote Agent Utility / C:\Program Files\Syman
tec\Backup Exec\RAWS\vxmon.exe
        Scope: *
Enable   Yes           java / D:\bea\jdk142_05\bin\java.exe
        Scope: *
Enable   Yes           javaw / D:\bea\jrockit81sp4_142_05\bin\javaw.exe


I dont see one for the inetinfo.exe  


0
 
progjmAuthor Commented:
WOW missed that all together, but the strange thing is that it shows FTP in the exceptions and that must of been what threw me off. How can I add that exception from the command line?
0
 
MikeKaneCommented:
In the firewall config, add an exception:
Add Program --> Browse --> Inetinfo.exe --> OK


0
 
progjmAuthor Commented:
thank you again for the help!
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 10
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now