Need help..Keiro 2.1.5/BOClean

Discussion in 'other firewalls' started by CJsDad, Jul 7, 2006.

Thread Status:
Not open for further replies.
  1. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    On the BOClean website it says, We use "PASSIVE FTP" on PORT 21, this is to help in setting up the updater.
    After I set up the rule to allow BOClean to update through port 21 I keep getting a pop up message from Kerio telling me that BC is trying to connect but this time it's through a different port .

    What can I do in order to stop the messages asking to connect through a different port and only connect through port 21 to update?
     
    CJsDad, Jul 7, 2006
    #1
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The initial connection is made to remote port 21, but then outbound connections are needed (passive mode)=> local ports 1024-65535 > remote ports 1024-65535

    EDIT:
    Full ruleset for FTP Client (Passive)

    Allow outbound TCP local ports 1024-65535 remote port 21
    Allow Inbound TCP local ports 1024-65535 remote port 20
    Allow outbound TCP local ports 1024-65535 remote ports 1024-65535
     
    Last edited: Jul 7, 2006
    Stem, Jul 7, 2006
    #2
  3. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    Stem
    I dont think I'm following you correctly.
    Do I have to make 3 seperate rules just to allow passive FTP port 21?
    When I go to the rule settings I dont see how its possible to set all those rules at once.

    For example I can go into the firewall configuration and set the rule for "Allow outbound TCP local ports 1024-65535 remote port 21" but in order to complete the ruleset I would need to make 2 seperate rules, 1 for remote port 20 (allow inbound) and 1 for remote port 1024-65535 (allow outbound).
    So now when I look at the firewall rules description I will now see 3 seperate rules for BC?
    Is that what you mean?
    If not then can you explain this for me?
    Thanks.
     
    CJsDad, Jul 7, 2006
    #3
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi,
    Yes, they are seperate rules. You can complete "Passive FTP" with just the 2 "Outbound rules" (the inbound rule can be left out for BOClean (I did forget that the inbound is for the "Active mode data channel")).

    So just place 2 rules:-
    Allow outbound TCP local ports 1024-65535 remote port 21
    Allow outbound TCP local ports 1024-65535 remote ports 1024-65535
     
    Stem, Jul 7, 2006
    #4
  5. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    That works! :D
    I added the two outbound rules for port 21 and ports 1024-65535 .
    I re-booted my PC just to make sure, clicked on the check for updates box and got a message from BC "You already have the latest update...nothing to download", and finally no more messages telling me a connection wants to be made through another port.

    Thanks Stem :thumb:
     
    CJsDad, Jul 7, 2006
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...