Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » FTP Problem - Winroute pro 6
  •  
pinsandneedles

Messages: 3
Karma: 0
Send a private message to this user
Hi there, im using demo version of kerio winroute firewall 6.01 and i am encountering a problem which i am finding extremely hard to rectify.

I use a private ftp server which needs to be connected with encryption, this encryption is SSL/TLS and i have to enable this in my ftp client in order to connect to it.. Now when i try to connect to this particular server, i get an passive mode error. I've made rules from my local area network server to the ip address of that server, and ive permitted all services and ports to that IP address and i still get this error. If i make another rule which allows everything it works... I'm finding it very hard to fix this problem and doesnt matter what rule I try i cannot fix this. If i could find some help in regards to this problem that would be greatly appreciated, it would help make a decision on purchasing the product and its licenses for the company that I manage. I find this firewall easy to use (apart from this problem) and easy to manage, both locally and remotely. Keep up the good work kerio.

Regards
Peter
  •  
mkerr

Messages: 36

Karma: 0
Send a private message to this user
Try disabling the FTP protocol inspector.
  •  
pinsandneedles

Messages: 3
Karma: 0
Send a private message to this user
I tried this, but it still wont work. This is making my hair fall out...
  •  
coco

Messages: 38
Karma: 0
Send a private message to this user
When you say you "get an passive mode error", is this error reported by your FTP client, or by KWF?

Also, you say "I've made rules from my local area network server to ...": are you using your FTP client on the server, or on another computer connected to the same subnet? In the latter case, you should ensure your rules apply both to the Firewall host and the local subnet (or a more stringent restriction to the IPs that are allowed to access the remote FTP server).

Of course, you may already have done these things, so my questions may be irrelevant.

That said, I guess some packets must be being dropped somewhere to cause the error. Try turning on your Debug log for dropped packets to see if that gives you more clues, thus:

1. Right-click the Debug log window and choose Messages... Then select "Packets dropped for some reason" under the Miscellaneous branch.

2. Now enable the Debug log, try another FTP session, and examine the Debug log.

Regards,
Steve Moss,
CoCo Systems Ltd.
  •  
pinsandneedles

Messages: 3
Karma: 0
Send a private message to this user
Yep ok sorry I didnt explain myself more properly. The server runs a ftp client, that connects to a remote server on the internet. And the ftp client gives a code that there is a passive mode error. I've tried what were said in regards to the debugging log and this is what i came up with. You were right about it dropping packets. This is the log message i got.

[20/Jul/2004 23:55:41] {pktdrop} packet dropped: 3-way handshake not completed (SYN+ACK) (from Local Area Connection, proto:TCP, len:65, ip/port:(IP ADDRESS)LAN ADDRESS:113, flags: ACK PSH , seq:11084642 ack:3027133449, win:5840, tcplen:

Ok, 3 way handshake not complete, must be dropping a packet which is required for aunthentication... could someopne please shed some light on this, thanks

[Updated on: Tue, 20 July 2004 16:12]

  •  
coco

Messages: 38
Karma: 0
Send a private message to this user
pinsandneedles wrote on Tue, 20 July 2004 15:10

Yep ok sorry I didnt explain myself more properly. The server runs a ftp client, that connects to a remote server on the internet. And the ftp client gives a code that there is a passive mode error. I've tried what were said in regards to the debugging log and this is what i came up with. You were right about it dropping packets. This is the log message i got.

[20/Jul/2004 23:55:41] {pktdrop} packet dropped: 3-way handshake not completed (SYN+ACK) (from Local Area Connection, proto:TCP, len:65, ip/port:(IP ADDRESS)LAN ADDRESS:113, flags: ACK PSH , seq:11084642 ack:3027133449, win:5840, tcplen:

Ok, 3 way handshake not complete, must be dropping a packet which is required for aunthentication... could someopne please shed some light on this, thanks

I'm not entirely sure about this - you should probably contact support<at>kerio.com directly - but try enabling incoming TCP on port 113 (known as IDENT) from your remote FTP server's IP address to the firewall host (with no NAT translation). This is used for authentication. This is what we need to communicate properly with our remote POP3 server.

Regards,
Steve Moss,
CoCo Systems Ltd.
Previous Topic: help me cobion rule
Next Topic: Why? Who can tell me?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 03:27:32 CET 2017

Total time taken to generate the page: 0.00469 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.