+ Post New Thread
Results 1 to 7 of 7
Wireless Networks Thread, FTP problems in Technical; Our router has recently been reconfigured to block port 21 inbound as we are running an application which FTP’s a ...
  1. #1
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,133
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24

    FTP problems

    Our router has recently been reconfigured to block port 21 inbound as we are running an application which FTP’s a file to the server and we didn’t want public access on our system.

    So far so good, but now we are unable to FTP out. I have spoken to our ISP who configured the router and they said this will happen if port 21 is blocked inbound because of a handshake between the two machines. Now I don’t know anything about Cisco routers but in the ISDN days I used to manage a 3Com router and we never had problems like this. I can’t remember the rules we used but it was something with the keyword ESTABLISHED that only allowed inbound traffic when an outbound connection had been established. Am I dreaming or is our ISP pulling a fast one?

  2. #2
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    Re: FTP problems

    Hmmm. With extended ACLs you should be able to setup what you're after.

    I've not had to play with ACLs for a couple of months now but i'm sure you can do it. The Cisco IOS is pretty flexible like that.

    Unless of course there's something i'm missing to do with the FTP protocol

  3. #3

    Join Date
    Jan 2007
    Posts
    423
    Thank Post
    7
    Thanked 30 Times in 26 Posts
    Rep Power
    21

    Re: FTP problems

    you should be able to use 'passive' ftp with most servers now

  4. #4
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,133
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24

    Re: FTP problems

    After monitoring the connection with a protocol analyzer and comparing the results with a working school I’m under know doubts that the firewall has been misconfigured as the results show that we are sending out SYN packets but not receiving the ACK packets.

    In the test the SYN packets were sent from port 1108 to destination port 21. The ACK packets should return back to port 1108. No packets were received back which shows the FTP server didn’t receive the SYN packets i.e. port 21 is blocked outbound.

  5. #5
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    Re: FTP problems

    Ask them whether they're using standard or extended ACLs. It maybe that they're just being lazy and not bothering to work out the more complicated ACL that does what you want as opposed to spening an extra couple of minutes working out the extended ACL.

  6. #6
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,133
    Thank Post
    177
    Thanked 49 Times in 42 Posts
    Rep Power
    24

    Re: FTP problems

    It turns out there were two entries in access list 102 outbound and one of them was dropping established ftp sessions.

  7. #7
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    Re: FTP problems

    Extended ACLs are awkward...take some testing and checking. Glad it's sorted

SHARE:
+ Post New Thread

Similar Threads

  1. iso problems
    By richard in forum Learning Network Manager
    Replies: 28
    Last Post: 11th January 2010, 11:39 AM
  2. CMS - PHP problems
    By wesleyw in forum How do you do....it?
    Replies: 6
    Last Post: 12th July 2007, 09:22 AM
  3. Problems with RIS
    By Kyle in forum Windows
    Replies: 3
    Last Post: 21st November 2006, 08:33 PM
  4. New PC problems
    By Simcfc73 in forum Hardware
    Replies: 6
    Last Post: 18th October 2006, 12:12 PM
  5. problems so far
    By barryfl in forum ICT KS3 SATS Tests
    Replies: 47
    Last Post: 10th April 2006, 04:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •