Windows Firewall

[Seekermeister]

I'm having a problem connecting to FTP websites, when the firewall is running. I have set exceptions for my browser, download manager and proxy in the exceptions tab, but this doesn't solve the problem. I have no problem with accessing webpages or downloading from http sites, so how do I solve the problem with FTP?

 

[Smilin]

Originally posted by: Seekermeister
I'm having a problem connecting to FTP websites, when the firewall is running. I have set exceptions for my browser, download manager and proxy in the exceptions tab, but this doesn't solve the problem. I have no problem with accessing webpages or downloading from http sites, so how do I solve the problem with FTP?

Are you going through a NAT device? (cable/dsl router ?)

you can switching from active to passive or vice versa. Internet options | advanced | Passive ftp checkbox.

Also try the command line FTP instead.

Despite it's age, the FTP gives NATs and Firewalls absolute fits because of the way it does its port jumping.

 

[Seekermeister]

No, I going directly through an external dialup modem. I noticed that the exceptions windows of the firewall has a button to set the port number of an application. But, the browser, proxy and DLM are all set for the regular port 80 for http. Does FTP use a different port number...if so, what is it?

 

[Lemon law]

To seekermeister,

By thread title, I assume you think this FTP problem is related to you using the windows sp2 firewall. But have you even demonstrated that it is? Maybe it in the security setting of other programs you are running such as web browsers or various security applications. One way to test is turn the sp2 firewall off and see if the problems vanishes--in which case the problem is elsewhere.

Once you establish that the sp2 firewall is the sole cause---then you must understand a few other things. (1) The sp2 firewall's almost sole virtue is in being better than nothing at all. There are quite a number of software firewalls that are much better. (3) And much better in that the firewall is two way instead of one way---and also better because its far more configurable
in allowing the exceptions you need.

I happen to use sygate 5.5 build 2710, other swear by Kerio in both versions 2.15 and 4.0., and others use other firewalls. Once you have a better software firewall--turn off the sp2 firewall, go to control panel---security center---and find firewall recommend tab and check I have a firewall I will monitor myself. And then learn to configure the firewall to allow the traffic you need.---and you gasp---have to read the instructions that come with the software firewall to do that.

But seekermeister---didn't you just post that you needed a 64 bit software firewall?---in which case your other firewall choices may be more limited. But as I recall, I just googled 64 bit firewalls for win xp and got a rather long list of firewalls to try.--sadly I was busy at the time and did not have time to post a reply.

 

[Seekermeister]

Originally posted by: Lemon law
To seekermeister,

By thread title, I assume you think this FTP problem is related to you using the windows sp2 firewall. But have you even demonstrated that it is? Maybe it in the security setting of other programs you are running such as web browsers or various security applications. One way to test is turn the sp2 firewall off and see if the problems vanishes--in which case the problem is elsewhere.

This, I do not understand. If the problem vanishes when the firewall is turned off, how it the problem elsewhere? It would seem that would tie the problem to the firewall, not something else.

Once you establish that the sp2 firewall is the sole cause---then you must understand a few other things. (1) The sp2 firewall's almost sole virtue is in being better than nothing at all. There are quite a number of software firewalls that are much better. (3) And much better in that the firewall is two way instead of one way---and also better because its far more configurable
in allowing the exceptions you need.

I happen to use sygate 5.5 build 2710, other swear by Kerio in both versions 2.15 and 4.0., and others use other firewalls. Once you have a better software firewall--turn off the sp2 firewall, go to control panel---security center---and find firewall recommend tab and check I have a firewall I will monitor myself. And then learn to configure the firewall to allow the traffic you need.---and you gasp---have to read the instructions that come with the software firewall to do that.

But seekermeister---didn't you just post that you needed a 64 bit software firewall?---in which case your other firewall choices may be more limited. But as I recall, I just googled 64 bit firewalls for win xp and got a rather long list of firewalls to try.--sadly I was busy at the time and did not have time to post a reply.

As I mentioned previously, I have tried several software firewalls that were supposed to be compatable with x64, and they were not. If you specially know of one that is, by your own experience, then I would love to hear about it.

 

[Smilin]

First, try using ftp.exe from a command prompt and see what that gets ya. It's active (port command) ftp by default instead of passive (pasv).

What port does ftp use? heh. 20,21 for starters but then it gets downright wierd after that.

Best article I've seen on how FTP works. See especially the diagrams in sections 2.4 and 2.5

http://isaserver.org/articles/How_the_F...ocol_Challenges_Firewall_Security.html

 

[kamper]

Originally posted by: Seekermeister
Does FTP use a different port number...if so, what is it?

ftp uses port 21 for all primary connections but when there is data to transfer (a file, directory listing, etc) another port must be opened and it is usually random (the protocol doesn't specify what it should be). Either the client can open a port and have the server listen to it (which is stupid because clients are usually behind firewalls they can't change) or the server opens another port and has the client connect to it. The server must also have extra ports open on its firewall (which also sucks but at least can be handled by a server admin).

It sounds like you're doing the second kind, which is what browsers and windows explorer usually default to, but try Smilin's suggestion of the command line client to test (you can switch modes in the commandline by typing "passive"). I don't know if you can do it, but the ideal solution would be to tell the firewall to allow outgoing connections on any port from whichever application you are using for ftp. I'm not sure if you can do it, but turning off the outgoing filtering on the firewall altogether would work too and really doesn't hurt you that much (assuming you're running an administrative account).

Edit: whoops, shoulda refreshed before answering ~4 hours later , but it's still relevant...

 

[kamper]

Originally posted by: Lemon law
Once you establish that the sp2 firewall is the sole cause---then you must understand a few other things. (1) The sp2 firewall's almost sole virtue is in being better than nothing at all. There are quite a number of software firewalls that are much better. (3) And much better in that the firewall is two way instead of one way---and also better because its far more configurable in allowing the exceptions you need.

Bull. The only thing you really need on a host-based firewall is an incoming filter that you can selectively and carefully punch holes in. An outgoing filter is helpful if malware on your computer is not running under an administrative account but anything more 'configurable' does nothing other than satisfying your need to tweak. I'm sure microsoft is more than capable of implementing the basic useful features.

 

[Seekermeister]

I set a port in the firewall for both 20 and 21, but using my browser, it still wasn't able to connect. The odd thing is that the website requires a login to download anything. Sometimes when you click the button to login, it gives you the window that you expect, and sometimes it goes to another page, where it offers to let you use a wizard, which is supposed to give you anything for your particular APC. But the wizard is useless, because all that it does offer is a tradeup offer. I kept trying with the browser, so that I could get an url for the command FTP suggested, but I got tired of trying. I've already downloaded what I needed there, by shutting down the firewall during the download. So I don't need it now, but I'm sure that I will in the future.

Since I'm installing MCE, maybe I can just get a good software firewall, as I had before and the regular XP X32. Then I will just need to reboot to that for anything FTP.

 

[Lemon law]

You were right seekermeister---I did screw up and type it wrong---I meant to say if turning the sp2 firewall off does not effect the blockage of ftp, then you would know it
was not a firewall problem---but no denying I accidentally typed it wrong in the previous post.---sorry for the confusion I caused.

 

[Brazen]

I've never cared much for Windows built-in ftp anyway. You might try using Filezilla and see if you still have the same problems.