I'm going to try redirecting port 21 on the firewall to port, ej 2121 on the filezilla server, see if it fixes anything.: unsuccessfulĮDIT2: On local ftp connection, guess what. Protection off + windows firewall off, still the same problem. I'll go with the possibility of kaspersky on the server messing the connections up, because everything else on the firewall looks fine.ĮDIT1: I completely removed Kaspersky AV, even though this server is also the central management server for kaspersky on my network. Now, the new server, a windows 2008 R2, has kaspersky AV installed, BUT I made sure the firewall was not active. Truth is the fortigate firewall has been there for years BUT it's now when I am in charge of the maintenance of such devicem hence the lack of experience. The rule on the fortinet firewall worked just fine. (companies that don't want to spend on hardware and maintenance. Truth is, until now, I was using filezilla server (a very old version) on a very very very old windows 2000 server with no antivirus. the Windows Firewall on the server machine? Have you established yet that the Fortinet firewall is the source of the problem and not some other firewall in your environment, e.g. See the sections about malicious routers and firewalls in the Network Configuration guide. I'm quite mad at my firewall right now for messing with my ports >:( Just shooting in the dark here but, perhaps I can redirect port 21 to, say, port 28 on my server and configure filezilla server to listen for connections on that 28 port ?, perhaps that way I can avoid whatever fortigate does when he detects ftp connections. Port 21 is described as ftp service, it's a service type that comes pre-configured with the fortigate os. However, I did have to make three different rules and merge them into a Virtual group of rules, as fortinet deals with this. I can't wrap my head around it, because tls on passive mode works just fine. My server knows the client's IP, BUT, the server says port 50.014 and my client gets port 52.572. So, My client knows the server's remote IP I don't think it's that much of a risk for the sake of being clear. When I connect with TLS, the ports coincide on both sides, server and client. If they are different, some firewall or NAT router is actively sabotaging the connection. NOTE: Typo corrected, testing suggestionsĭoes it say so in the server log? Check that the reply to the PASV command is identical in both the server log as well as seen by the client. Note my knowledge and experience with fortigate router is limited, but don't be afraid: I'll get better over the days. I expect your wisedom to see if I can work this out. Since there are still more devices on the network, I don't want to open an even wider range of ports (like 2000, for example), in order to solve this issue. When I try to connect with plain passive, filezilla starts trying to use ports like 52.234, so, outside of the range I previously forwarded. Plain FTP: Passive: IMPOSSIBLE TO GET IT WORKING Implicit over tls: Both passive and active: Working If I enable NAT, everything works BUT (and a pretty big but - pun intended) every connection to the server is made from IP 192.168.1.155 (So, the router: Filezilla does not know the client's external address at all, which ends up giving a lot of problems: Every client connects from the same IP)Įxplicit over tls: Both passive and active: Working I did not enable NAT on the rule, although the firewall works on nat mode. Then, I forwarded port TCP 990 and TCP 21. I set this ports on the "Passive mode settings" tab on the server config.Īs IP: I entered my actual static external IP I configured the firewall so it does forward TCP ports 50.000 to 50.100. I read the network configuration wiki: Quite abstract if you are not a pro, but I start understanding it the more i fight this. Now, I want to say this is not an "explain me from scratch" help request: I have been trying myself and I have it 80% working at this point, but I can't get any further. Now, I upgraded the firewall and I'm trying to get it to work with Fortigate. I have been using Filezilla server for a very long time.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |