Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 4 subscribers
  • Views 19889 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Filezilla Cannot Connect to Server

Brad Field

I have been trying to figure this one out.

I have Host Definition for FTP Server IP Address

I have firewall rules setup to allow traffic from all of my networks across any service to FTP definition.

Firewall keeps Dropping and records random numbers on srcport. The entries are correctly identifying my IP, IP I am connecting to, and dstport: 21. Why is it using a random port number for the source port.

 



This thread was automatically locked due to age.
Parents
  • 0

    Here is a bit more info, the first is the results of a search from the live log and the second is a line from the actual firewall log:

    NOTE: I have removed or 'X'd out any identifiable info.

    LIVE SEARCH RESULTS:

    12:40:46 Default DROP TCP
    192.168.XX.XX : 39326

    72.4.XX.XX : 21

    [SYN] len=52 ttl=127 tos=0x00 srcmac=00:1c:c0:de:5a:07 dstmac=00:1a:8c:59:2a:98

     

    FIREWALL LOG ENTRY

    2017:03:17-12:40:46 cschadwick ulogd[17716]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop"
    fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:::::07" dstmac="00:::::98" srcip="192.168.XX.XX" dstip="72.4.XX.XX" proto="6"
    length="52" tos="0x00" prec="0x00" ttl="127" srcport="39326" dstport="21" tcpflags="SYN"

Reply
  • 0

    Here is a bit more info, the first is the results of a search from the live log and the second is a line from the actual firewall log:

    NOTE: I have removed or 'X'd out any identifiable info.

    LIVE SEARCH RESULTS:

    12:40:46 Default DROP TCP
    192.168.XX.XX : 39326

    72.4.XX.XX : 21

    [SYN] len=52 ttl=127 tos=0x00 srcmac=00:1c:c0:de:5a:07 dstmac=00:1a:8c:59:2a:98

     

    FIREWALL LOG ENTRY

    2017:03:17-12:40:46 cschadwick ulogd[17716]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop"
    fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:::::07" dstmac="00:::::98" srcip="192.168.XX.XX" dstip="72.4.XX.XX" proto="6"
    length="52" tos="0x00" prec="0x00" ttl="127" srcport="39326" dstport="21" tcpflags="SYN"

Children
  • 0 in reply to Brad Field

    fwrule="60002" means a drop out of the FORWARD chain.  That can indicate a violation of #3 in Rulz.  If that doesn't help, please show a picture of the Edit of the rule you believe should enable this traffic.  Also, have you enabled the FTP Tracking Helper on the 'Advanced' tab of 'Firewall'?

    You posted this in Networking, not Web Protection.  For FileZilla, I prefer to configure the FTP Proxy in 'Operation mode: Both' and enable SOCKS5 on 'Network Protection >> Advanced'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML