Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Cant connect FTP on port 5000
  •  
starlight

Messages: 5

Karma: 0
Send a private message to this user
Hi All,

Im using Kerio Winroute Firewall as proxy server n my client is behind this firewall.
n now i want to allow FTP connection on port 5000. i had allow FTP on port 21 & the ftp connection from my client had no problem. but when it comes to the need on port 5000, the firewall blocked the connection from local network. even when i open it from browser or try make a test connection using ftp command prompt. i've already allow inbound rules, but had no idea to make
the outbound rules.

any suggestions how to configure correctly ftp connection on port 5000 ?
thanks
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi Starlight,

Are you trying to run FTP Port 5000 for inbound or outbound connection?

I mean, do you have FTP server on your local network which is using port 5000 or do you want to connect FTP server on the internet which is using port 5000?
  •  
starlight

Messages: 5

Karma: 0
Send a private message to this user
hi KursadOlmez,

acctually im needed for outbound connection. coz the ftp server im using to connect to is over the internet at port 5000.
my ftp connection which using default port as 21 has been allow in traffic policy at kerio firewall so as i've already adding the port 5000.
but when im try to connect using port 5000, kerio blocked.

thx
  •  
subnet

Messages: 133
Karma: 0
Send a private message to this user
Try telnet [ipadress] 5000
If it's open you should get a blank screen
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi Starlight,

You have to allow Port TCP 5000 for outbound connection from your network to internet. To do this, just simply add TCP 5000 to your NAT rule on Traffic Policy.

Then try to connect your ftp server with telnet IPAddress-or-domain 5000 from Command Prompt.

if it works fine, you should see the welcome message of FTP Server.

http://proxima.web.tr/pub/kerio/Traffic-Policy-Port5000.png

[Updated on: Thu, 27 May 2010 21:16]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Better way: Create new NAT rule for port 5000 and set FTP protocol inspector for it. This way you can use active FTP transfers.
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Kerio_pdobry wrote on Thu, 27 May 2010 21:40
Better way: Create new NAT rule for port 5000 and set FTP protocol inspector for it. This way you can use active FTP transfers.


My Datacenter's firewall configuration allows only active FTP transfer mode but I can use active mode FTP transfers without FTP protocol inspector on Traffic Policy.
  •  
starlight

Messages: 5

Karma: 0
Send a private message to this user
hi KursadOlmez,

I've already addded those ports rules in NAT. but still i got error, it said that the server return, 530 user anynomous cannot login when i've tried to access from browser with proxy server configuration.

it never asked to input login password. so it access automaticly.
as far as i know, the ftp over internet that i've tried to access to is never allowed user anynomous.

and when i tried to connect with direct connection from server (without proxy or bypass kerio firewall), it has no problem.

anyone knows ?
  •  
Adjuster

Messages: 48

Karma: -1
Send a private message to this user

We need to create a separate rule:
Source Inet
Destination Firewall
Protocol TCP = 5000
Protocol Inspector = FTP
Permit
NAT on Local

____________________________
Excuse me for my english...
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Starlight,

If you are getting "530 user anynomous cannot login" message, your connection is established to FTP server and it doesn't accept anonymous connections.

And, if you can connect from your server which is KWF installed than you have already succeed the configuration Smile

Can you configure your client without proxy. I mean connect your client to internet by using KWF's IP as Gateway IP (a.k.a Transparent Proxy).


Kursad

[Updated on: Mon, 31 May 2010 23:35]

  •  
starlight

Messages: 5

Karma: 0
Send a private message to this user
Adjuster wrote on Mon, 31 May 2010 07:54

We need to create a separate rule:
Source Inet
Destination Firewall
Protocol TCP = 5000
Protocol Inspector = FTP
Permit
NAT on Local



I havent tried this yet ... think im gonna try it ...
thanks
  •  
starlight

Messages: 5

Karma: 0
Send a private message to this user
KursadOlmez wrote on Mon, 31 May 2010 23:35
Starlight,

If you are getting "530 user anynomous cannot login" message, your connection is established to FTP server and it doesn't accept anonymous connections.

And, if you can connect from your server which is KWF installed than you have already succeed the configuration Smile

Can you configure your client without proxy. I mean connect your client to internet by using KWF's IP as Gateway IP (a.k.a Transparent Proxy).


Kursad


thank you KursadOlmez,

when i connect without proxy, n change the gateway of my client by using the KWF IP, it works. i can make an FTP connections.
but the new problem is, i cant make a connections trough different subnet of my Local n WAN network if i change into KWF IP.

should i adding routes rules at KWF or at my route gateway, to still be connected even in different subnet ? its different local IP between my proxy KWF & my routing server.
Previous Topic: Kerio Control Uninstallation error
Next Topic: Internet reporting not showing all domain users
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Sep 20 00:26:32 CEST 2017

Total time taken to generate the page: 0.00519 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.