Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Passive and Active FTp to Unix box behind KWF
  •  
dgorman

Messages: 20
Karma: 0
Send a private message to this user
Hi,

I've been looking for answer to this for awhile and no joy,
I need a kerio and unix xpert for this one...

I am ftp'ing remotely to a unix server behind kwf 6.4.

I have trawled the net and its a known issue trying to ftp through firewalls especially when natting.
Basically when I ftp from dos to the internet side of the firewall , the KWF rules map me to the ftp server. i can login in but cannot do an ls or dir as it just hangs.

Sounds like the data side of ftp as i've read , in theory i know what is hppening but i want an answer on how to configure it to work eithe rKerio or unix Smile

Anyone running an Unix ftp server behind kwf and can do an ls ???




  •  
dgorman

Messages: 20
Karma: 0
Send a private message to this user
Anyone ??????????????????????? Rolling Eyes
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
When NAT-ting you have to use 'passive mode' in FTP. Are you?
  •  
dgorman

Messages: 20
Karma: 0
Send a private message to this user
Thanks for your reply.

Im ftping from a windows dos prompt which i think is active ftp correct me if I'm wrong.
I have to be able to ftp from a dos prompt .


0/Jul/2007 14:09:26] {ftp_handler} [ 7271 ] command: QUIT
[10/Jul/2007 14:09:26] {ftp_handler} [ 7271 ] response: 221 Goodbye.
[10/Jul/2007 14:09:27] {ftp_handler} [ 7271 ] ftp_read_command(): recv() failed, code 0
[10/Jul/2007 14:09:27] {ftp_handler} [ 7271 ] cleaned

My rules are

Ftp in
Source : myoutside ip
Destination: firewall
Service :tcp,20,21,
Translation: map to unix box on the lan
Inspector : default

Ftp out:
Source : Lan
Destination: internet nic
Translation : default outgoing
Inspector:default

My remote location is behind a cisco which nats my ip.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Windows command prompt FTP indeed uses 'active' FTP. Active FTP is problematic for traversing NAT-routers. That's (one of the reasons) to use 'passive' FTP. If Windows command line FTP doesn't support passive-mode, well, you're gonna have to look for another command line FTP program that does support it.
  •  
dgorman

Messages: 20
Karma: 0
Send a private message to this user
At last......

I have found a soluton to my ftp problem.
Basically upgrading to Kerio 6.4.2 to the latest version 6.5.1 and turning protocol inspector off on the ftp rules now lets me do an Ls/dir using Active mode.

I have only tested this on 6.5.0 and 6.5.0 but it definatley doesnt work using 6.2.3-6.4.2.

Cheers,
Derek
Previous Topic: Kerio stop working after nic reconfiguration
Next Topic: Event ID #: 1003 - semaphore timeout period has expired.
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Sep 22 04:40:26 CEST 2017

Total time taken to generate the page: 0.00441 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.