Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Ftp

Messages: 1
Karma: 0
Send a private message to this user
Hi there
I did a search on this forum for my problem but i found nothing.
My problem.
I have KWF and serv-u installed on the same machine.
Is there a way to connect to the ftp server in passive mode?
I can connect but i receive this:
Response: 451 Command denied by firewall
Error: Could not retrieve directory listing

1: name=(FTP) src=(iface:"Extern") dst=(Firewall) service=("FTP") snat=(any) dnat=(any) action=(permit,logpkt,logconn), time_range=(always) inspector=(default)
The server is on 2021 port.
I edited the ftp service on port 2021.

Messages: 2119
Karma: 3
Send a private message to this user
Do you have the proper Traffic Policies to allow FTP traffic into your firewall?

Messages: 30
Karma: 0
Send a private message to this user
Actually I have the same problem. I just have 2 different items:

1.) Using GlobalScape Secure FTP Server.
2.) Installed this as a FTP Server "behind" Kerio Winrout, not installed on the same machine.

The problem is in passive mode (PASV), the FTP server and client uses either uses a pre-defined range of port numbers or any random free port for any FTP command issues by both parties. It becomes tricky as it also becomes hard to restrict PASV to a small set / range of port numbers. You have no problem if you configure your own FTP Server.

Problem arises when you try to access other FTP servers with PASV from behind Kerio.

Is there any way Kerio could "intelligently" allow incoming / outgoing traffic to these PASV ports without making any new rules?.....

Messages: 16
Karma: 0
Send a private message to this user

I have the same problem.

Did you ever find a working solution for this issue?

Messages: 523
Karma: 0
Send a private message to this user
Check the FTP policy rules. They should allow the requested commands. If not create a rule that allows any command and put it first (on top) in the list and test again. If it works now re-evaluate the FTP policy rules to match your demands.

Messages: 14
Karma: 0
Send a private message to this user
cane wrote on Sat, 20 January 2007 07:21


I have the same problem.

Did you ever find a working solution for this issue?

Source: any
Destination: Firewall
Service: 1400-1410 , 21 and 20

this work for me to connect in passive mode to my ftp.
But as I started to work with an ftp server I found out, that in many cases the problems were caused by the ftp server not by the firewall -> Not every FTP Server seems to be capable to realize a proper passive ftp connection

By the way, on my ftp i am able to define the passive ports which should be used (1400-1410) might be enough for me.

215 UNIX Type: L8
227 Entering Passive Mode (XX,XXX,XXX,XXX,5,120)
150 Data connection established, beginning transfer.
226 Transfer complete.

Maybe this website will help you a little bit:


[Updated on: Wed, 31 January 2007 22:20]

Previous Topic: Doubt about KWF ans this scenario
Next Topic: Help me fix client dial out VPN
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 19:43:55 CET 2017

Total time taken to generate the page: 0.00383 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.