This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP Server Questions

I am not able to access external ftp sites from my lan with the FTP Proxy turned off. I have two internal ftp servers that are accessible from the Internet using DNAT rules. Each ftp server is linked via DNAT to its own distinct ip address. The external access to the internal ftp servers works as expected as long as the FTP Proxy is turned off.

When the ftp proxy is turned on I can access ftp on the Internet from my lan and that is good. But it partially breaks the ftp access from the internet to the two internal ftp servers. I can login to the two servers fine and the basic command line ftp seems to work from outside. But from IE or win Explorer I can log in but access is denied to the folder listing on the site and any files. Not good....

I am hoping that this situation will be familiar to one of you more experienced folks out there. Thanks...

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Hi,

1. UTM version #?

2. have you checked all the logs?
(firewall, IPS, application helper)

3. do you have the FTP connection tracker NAT helper enabled in the UTM?
(it should be enabled if you're doing Masquerading and NOT using the proxy)

4. does it help to enable/disable PASV (passive FTP) mode in your FTP clients?

5. you don't have the http/ftp proxy listening to the EXT/WAN interface, right?

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 DavidSchomaker over 11 years ago in reply to BarryG

Hi,

I am running UTM 9.106-17 with a home license.

With the FTP Proxy on a connection from the outside gets logged in the ftp proxy logs:

2013:12:11-16:42:39 SOPHOSUTM01 frox[12008]: Connect from 108.nnn.nnn.179(pool-108-nnn-nnn-179.plspca.fios.verizon.net)
2013:12:11-16:42:39 SOPHOSUTM01 frox[12008]: ... to 50.nnn.nnn.4()
2013:12:11-16:42:41 SOPHOSUTM01 frox[12008]: Client closed connection
2013:12:11-16:42:41 SOPHOSUTM01 frox[12008]: Closing session
2013:12:11-16:42:48 SOPHOSUTM01 frox[12019]: Connect from 108.nnn.nnn.179(pool-108-nnn-nnn-179.plspca.fios.verizon.net)
2013:12:11-16:42:48 SOPHOSUTM01 frox[12019]: ... to 50.nnn.nnn.4()
2013:12:11-16:42:48 SOPHOSUTM01 frox[12019]: Command opts not implemented
2013:12:11-16:42:49 SOPHOSUTM01 frox[12019]: Client closed connection
2013:12:11-16:42:49 SOPHOSUTM01 frox[12019]: Closing session
2013:12:11-16:42:49 SOPHOSUTM01 frox[12022]: Connect from 108.10.nnn.nnn(pool-108-10-nnn-nnn.plspca.fios.verizon.net)
2013:12:11-16:42:49 SOPHOSUTM01 frox[12022]: ... to 50.nnn.nnn31.4()
2013:12:11-16:42:50 SOPHOSUTM01 frox[12022]: Command opts not implemented
2013:12:11-16:42:50 SOPHOSUTM01 frox[12022]: PASV: 50.nnn.nnn.4:55539
2013:12:11-16:43:21 SOPHOSUTM01 frox[12022]: Flushing server buffer
2013:12:11-16:43:30 SOPHOSUTM01 frox[12022]: Client flooding control connection
2013:12:11-16:43:30 SOPHOSUTM01 frox[12022]: Closing session

I believe that this is a passive ftp connection with multiple steps from Windows explorer. Connecting to the server, loging into the server, finally trying to list the folders and failing and then closing Windows explorer. With the ftp proxy off it all works but doesn't get logged.

With the proxy off both active and passive ftp in to my servers work but ftp out from my lan to the internet is not connecting at all.

For your point 3 - Connection tracking for ftp is turned on.

For your point 4 - Active mode works but passive mode does not.

For your point 5 - Could you explain this another way for me. Or give me the location of setting in the 9.106.17 gui?

Thanks for the questions. I have answered as best as I can.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DavidSchomaker over 11 years ago in reply to BarryG

Hi,

I am running UTM 9.106-17 with a home license.

With the FTP Proxy on a connection from the outside gets logged in the ftp proxy logs:

2013:12:11-16:42:39 SOPHOSUTM01 frox[12008]: Connect from 108.nnn.nnn.179(pool-108-nnn-nnn-179.plspca.fios.verizon.net)
2013:12:11-16:42:39 SOPHOSUTM01 frox[12008]: ... to 50.nnn.nnn.4()
2013:12:11-16:42:41 SOPHOSUTM01 frox[12008]: Client closed connection
2013:12:11-16:42:41 SOPHOSUTM01 frox[12008]: Closing session
2013:12:11-16:42:48 SOPHOSUTM01 frox[12019]: Connect from 108.nnn.nnn.179(pool-108-nnn-nnn-179.plspca.fios.verizon.net)
2013:12:11-16:42:48 SOPHOSUTM01 frox[12019]: ... to 50.nnn.nnn.4()
2013:12:11-16:42:48 SOPHOSUTM01 frox[12019]: Command opts not implemented
2013:12:11-16:42:49 SOPHOSUTM01 frox[12019]: Client closed connection
2013:12:11-16:42:49 SOPHOSUTM01 frox[12019]: Closing session
2013:12:11-16:42:49 SOPHOSUTM01 frox[12022]: Connect from 108.10.nnn.nnn(pool-108-10-nnn-nnn.plspca.fios.verizon.net)
2013:12:11-16:42:49 SOPHOSUTM01 frox[12022]: ... to 50.nnn.nnn31.4()
2013:12:11-16:42:50 SOPHOSUTM01 frox[12022]: Command opts not implemented
2013:12:11-16:42:50 SOPHOSUTM01 frox[12022]: PASV: 50.nnn.nnn.4:55539
2013:12:11-16:43:21 SOPHOSUTM01 frox[12022]: Flushing server buffer
2013:12:11-16:43:30 SOPHOSUTM01 frox[12022]: Client flooding control connection
2013:12:11-16:43:30 SOPHOSUTM01 frox[12022]: Closing session

I believe that this is a passive ftp connection with multiple steps from Windows explorer. Connecting to the server, loging into the server, finally trying to list the folders and failing and then closing Windows explorer. With the ftp proxy off it all works but doesn't get logged.

With the proxy off both active and passive ftp in to my servers work but ftp out from my lan to the internet is not connecting at all.

For your point 3 - Connection tracking for ftp is turned on.

For your point 4 - Active mode works but passive mode does not.

For your point 5 - Could you explain this another way for me. Or give me the location of setting in the 9.106.17 gui?

Thanks for the questions. I have answered as best as I can.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data