Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » No connection to external FTP server
  •  
PeterW

Messages: 3
Karma: 0
Send a private message to this user
Using the trial of Winroute on a W2k srv with 2 NICS and RRAS service running. Setup DHCP and DNS on this server. Installed Winroute, used the rule wizard and my 2 clients can browse the network. What is not working is connecting to an external FTP server. The client returns an error 421: Service not available.
Can't find a solution!

I'm using the following firewall rule:
Source: Any
Destination: hostname FTP server
Service: Any
Action: Permit
Translation: None

Contents of logfile:
PERMIT "FTP" packet from LAN, proto:TCP, len:40, ip/port: CLIENT-IP:1110 ->
FTPSERVER-IP:21, flags: ACK , seq:3333330914 ack:3395234564, win:65460,
tcplen:0
PERMIT "FTP" packet from LAN, proto:TCP, len:40, ip/port:CLIENT-IP:1110 ->
FTPSERVER-IP:21, flags: FIN ACK , seq:3333330914 ack:3395234564, win:65460,
tcplen:0
PERMIT "FTP" packet to LAN, proto:TCP, len:40, ip/port:82.192.84.152:21 ->
CLIENT-IP:1110, flags: ACK , seq:3395234564 ack:3333330915, win:17520,
tcplen:0


Any help would be appreciated.
Thnx
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
If traffic rule should be as follows:

Name: FTP from LAN
Source: LAN
Destination: hostname FTP server
Service: FTP
Action: Permit
Translation: NAT default outgoing interface
Protocol inspector: default

Name: FTP from firewall
Source: firewall
Destination: hostname FTP server
Service: FTP
Action: Permit
Translation: none
Protocol inspector: default
  •  
PeterW

Messages: 3
Karma: 0
Send a private message to this user
Feite,

Thnx for the reply, but it still is not working. Looks like the return package from the FTP server gets lost on the way. Could it have something to do with Windows RRAS being setup?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Don't know anything about RRAS.
  •  
PeterW

Messages: 3
Karma: 0
Send a private message to this user
RRAS ensures that I can "route" my LAN to internet. By disabling this service, I have no internet onmy clients anymore. Is this something that can be replaced by using Kerios static route?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Kerio should do all routing. Did you create traffic rules for the clients in the lan?

Disable RRAS and create the following rule:

name: LAN to internet
source: LAN (network connected to interface ...)
dest: internet (network connected to interface ...)
service: any
action: allow
log: none
translation: NAT default outgoing interface
protocol inspector: default

For clients in the lan make sure the default gateway is the firewall machines internal ip address.

If you have a proxy server set in ie you should disable it for this test. If you want to keep using the proxyserver enable the proxy server in Kerio and set the proxy port to 3128 in ie.
Previous Topic: LAN not working until reinstall
Next Topic: System requirements
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 14:15:15 CET 2017

Total time taken to generate the page: 0.00457 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.