Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » FTP Server behind Kerio
  •  
dormi98

Messages: 3
Karma: 0
Send a private message to this user
Hi!

I am feeling kind of stupid posting this, but I cannot see what is wrong in my configuration. Maybe someone can help me with this.

Kerio Winroute Firewall 6.1.4

Configuration is a test environment. So no real internet access.

3 hosts

1st: 210.210.210.10 (running ftp client)
2nd: NIC1-outside: 210.210.210.12; NIC2-inside: 192.168.0.1 (running kerio)
3rd: 192.168.0.100, def Gateway: 192.168.0.1 (running FTP Server)

all subnet masks: 24 bits

I can login to the FTP Server from the host 2. But I cannot reach it from 1.

Here is my kerio configuration:

default with NAT +

Source: LAN Connection (outside), Destination: Firewall, Service: FTP, Action: permit, Translation: MAP 192.168.0.100

Source: LAN Connection (inside), Destination: Any, Service: Any, Action: permit

What do I have to change in order to get into my ftp server from outside? Under which IP address should it be reachable?
Did I completly missunderstood something here?

Allready tried to find out what's going on using Etherreal on the host 1. The only thing I can see is a TCP three way handshake on port 21 with 210.210.210.12. But nothing happens at the FTP Server.

Thanks a lot for any help!

Gerald

[Updated on: Thu, 09 February 2006 13:33]

  •  
luizfef

Messages: 28

Karma: 0
Send a private message to this user
Well.. you can try..

source: any, destination: Firewall, service: FTP, action: Permit

Ps: the protocol inspector need to be "default".

  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
The FTP server is inside the LAN. So the firewall must forward the FTP requests to the FTP server.

name: FTP service
source: internet (nic1)
dest: firewall
service: ftp
action: allow
translation: map <ip of FTP server>
protocol inspector: default
log: packets

Also make sure the FTP policy allows all kind of FTP traffic.
  •  
dormi98

Messages: 3
Karma: 0
Send a private message to this user
That's exactly what I did. But still nothing happens.
Am I right that the FTP Server should be availible under the IP of the outside interface? (210.210.210.12)
  •  
dormi98

Messages: 3
Karma: 0
Send a private message to this user
The only thing I still can see using Etherreal is the TCP 3 way handshake

[Updated on: Tue, 07 February 2006 18:24]

  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Enable logging for the ftp rules at ftp policy.
Go to the debug log. Right click the log. Select Messages.... Select all FTP logging entries. The debug log will show all ftp protocol inspector actions.
Als enable logging of packets for the ftp traffic rule. These will show up in the filter log.
Previous Topic: Feature Request. VPN Client for Windows CE
Next Topic: Kerio WinRoute Firewall 6.2.0 Beta 2 released!
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 04:35:18 CET 2017

Total time taken to generate the page: 0.00390 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.