Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Security Message "FTP: Bad server reply"
  •  
UKortkamp

Messages: 15
Karma: 0
Send a private message to this user
Hello all,
we have a strange problem with KWF 6.14 Build 1086

FTP Server is running behind the FW on local IP.

KWF Rule
Src: Internet Interface
Dest: PortMapping to localIP of FTP Server - def. Port
Service: FTP
Action: allow

In FTP Server the IP of InternetIF is entered for PASV Mode Transfer.

If we leave ProtocolInspector for FTP enabled the following error comes in SecurityLog from KWF:

FTP: Bad server reply: client: CLIENT-IP, server: LOCAL-IP, response: 227 Entering Passive Mode (PUBLIC-IP of NAT-OUTGOING,195,103)

If Protocol Inspector for Service FTP is DEaktivated - no error occurs - BUT no Content-Filter=>FTP Policy works.

Someone an idea why this error happens ?

Kind regards
Uwe

  •  
luizfef

Messages: 28

Karma: 0
Send a private message to this user
Look... I dont understand very well... but the rule is

Source: Internet Interface
Destination: Firewall
Service: FTP
Action: Permit
Translation: (Port Mapping: (Local IP of your FTP Server)) and Nat Default
Protocol Inspector: Default???

  •  
UKortkamp

Messages: 15
Karma: 0
Send a private message to this user
Hello and thanks for your answer.

You are right - i did not explain correkt (but did the Configuration right)

The PUBLIC Interface on the Firewall has bound 8 public IP's

KWF Rule
Src: Internet Interface
Dest: PublicIP on FirewallServer wich is assigned for FTP
Translation: to localIP of FTP Server - def. Port
Service: FTP
Action: allow
ProtoInsp: default

Service Definition FTP:
with Protocol Inspektor FTP ENabled will NOT work
with Protocol Inspektor FTP DISabled will work OK

I hope this explains better

Thanks again
Uwe
  •  
luizfef

Messages: 28

Karma: 0
Send a private message to this user
Try to put in destination:

"Firewall Host"
Previous Topic: For home use?
Next Topic: I suggest to kerio to looking for Mac control
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 09:54:29 CET 2017

Total time taken to generate the page: 0.00466 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.