Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » FTP / Site-to-Site Transfer through WinRoute Firewall
  •  
DaPhreak

Messages: 1
Karma: 0
Send a private message to this user
Hi guys (and girls),

I'm currently trying to get my clients the possibilty to mirror remote ftp sites (such as ftp.suse.com) because they need this every day. So I'm sitting in front of the firewall machine the last 3 hours to let a client in local area network mirror such an ftp.

Second problem is if they try to manage a remote FTP-Server with Servuadmin (Admin Console of Serv-U FTP Server) this one connects to the ftp, but if they try to open the tree the application is not responding (this also happens on the local ftp which is located at the firewall machine). So I looked in my logfile, and Kerio is telling me, that it found no control connection.

How can I fit the Kerio Firewall for my clients needs ?

Best Regards DaPhreak
  •  
zhangmeibo

Messages: 20
Karma: 0
Send a private message to this user
I think that because you didn't allow serv_u admin port.You can use debug log to find which ports are serv_u admin need, and you allow access this port later.
  •  
idispatch

Messages: 9
Karma: 0
Send a private message to this user
I have a problem with serv-u too: I can't get data from a serv-u server at home (with KPF installed and ftp server listening on custom port) from my work (where KWF is installed).

All my friends can get files from my personal ftp, but from work I can't get big data streams, although I can list directories if the content is small (about 15 files).
I also can't get VNC or NetSupport Manager working (black screen). Same problem with a friend of mine with same home config.

But strangely I can dl from public ftp servers.

All outgoing traffic is allowed with NAT on default interface. And I can't see any dropped packet in the filter log if I log the Default rule.

[Updated on: Mon, 05 January 2004 17:39]

  •  
zhangmeibo

Messages: 20
Karma: 0
Send a private message to this user
My Opition:
1.You can't remote control your serv_u ftp server,I think you aren't open serv_u remote admin port.
2.You can't download big file from your home ftp server, do you use Mcafee built-in KWF and enabled anti-virus scan?
  •  
idispatch

Messages: 9
Karma: 0
Send a private message to this user
Actually I found what the problem is with the ftp. It's the non-standard port. When I set up the server with standard port 21 everything is ok.
But the problem with VNC is still there.
  •  
Jeff Wadlow (Kerio)

Messages: 162
Karma: 6
Send a private message to this user
You could create a new service with the non-standard port number and set the new service to use the FTP protocol inspector. I think this should let you use the non-standard port. What problem were you having with VNC?
  •  
idispatch

Messages: 9
Karma: 0
Send a private message to this user
Well, creating a service as you said solved the problem, though I never use it explicitly in my rules (all outgoing connections are allowed) and I connect in passive mode.
With VNC I can connect to my home computer but the screen is black (no info coming back), but it seems that I can click on things anyway. This seems very similar to the ftp problem. Currently the VNC server seems to be down, so I can't test if creating a service solves the problem (though I doubt it since the inspector is the key to make the communication work I guess).

Anyway, this service thing is quite osbcure.
  •  
idispatch

Messages: 9
Karma: 0
Send a private message to this user
actually VNC works fine from the firewall but not from the local network, even if I forward 5900 to the local computer.

[Updated on: Mon, 19 January 2004 11:35]

  •  
Jeff Wadlow (Kerio)

Messages: 162
Karma: 6
Send a private message to this user
Are you trying to use VNC to remotely control a machine on the Internet or are you trying to control a machine running behind the WinRoute firewall? Send a screen shot of your Traffic Policy rules.
  •  
idispatch

Messages: 9
Karma: 0
Send a private message to this user
I'm trying to control my home computer directly connected to the internet from a computer in the local network (behind KWF) at work.
I saw that in the latest version of KWF there's a bug fix about incorrect handling of fragmented traffic, so perhaps it solves the problem. I will have to try this version.

http://90plan.ovh.net/~hopitalv/kwf.gif
  •  
idispatch

Messages: 9
Karma: 0
Send a private message to this user
still no luck with 5.1.9
  •  
Jeff Wadlow (Kerio)

Messages: 162
Karma: 6
Send a private message to this user
Can you telnet to the IP of the machine you are trying to control using port 5900? Your rule set looks like it should work. Is there a firewall running on the client machine?
  •  
Jeff Wadlow (Kerio)

Messages: 162
Karma: 6
Send a private message to this user
Also, what type of Internet connection do you have?
  •  
rodar

Messages: 1
Karma: 0
Send a private message to this user
I encounterd the same problem when I ran the 5.1.8 version.
I could log in to an ftp server from my client pc, but could not get a browse-list due to a time-out, and it took pretty long to time-out..
http trafic was correct, but ftp would not work not with any source and any destination as valid on port 21 or 20

idispatch

Messages: 9
Karma: 0
Send a private message to this user
well, when I telnet it connects, but I can't type anything. Anyway when I connect with VNC I'm asked for password and it is accepted. I have KPF on the machine I try to control, but as I said, initiating a connection from my firewall machine at work is ok. It's only from lan that it doesn't work. And strangely I have the same problem with another remote control software (NetSupport Manager), and all other protocols (MSN, Yahoo, NNTP, FTP, edonkey,...) seems to work fine.

My connection is ADSL, with ethernet modem (router?) Alcatel Speedtouch 510. Firewall is deactivated on the modem. Protocol is WAN/PPPoE/ADSL Mini port.
Perhaps all this has to do with a misconfiguration of the modem/router.
But anyway it's not very important for me now since I can control my computer from the firewall machine.
It's just it's annoying when something that *should* work doesn't work :)
Previous Topic: Should it be possible to browse my Intranet through the Kerio VPN?
Next Topic: Simultaneous ICS for internet and VPN?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 19:12:04 CET 2017

Total time taken to generate the page: 0.00528 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.