FTP rule help

Discussion in 'ESET Smart Security' started by Nodrog, Oct 4, 2011.

Thread Status:
Not open for further replies.
  1. Nodrog

    Nodrog Registered Member

    Joined:
    Nov 10, 2007
    Posts:
    56
    Location:
    UK
    I've read the posts from last year and to be honest there was no help there other than log all packets or put the firewall into learning mode... which did nothing and offered no help at all.

    The age old question on firewalls that arent quite statefull, how do I create an FTP rule to allow both Active and Passive FTP (or rule for each).

    Ports 20~21... easy but Active then uses high random ports and these get blocked with no log what so ever... other than disable the firewall and watch the activity to THEN see them running quite happily.

    So, FTP, how do we do it then, please. And no I'm not putting an IP in an exception list... I just want ftp to work seamlessly like it does elsewhere.

    please?
     
  2. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    The best way would be specifying a port range for PASV FTP to use, and opening that on the firewall. Otherwise, *dare I say it* perhaps UPNP? I know Serv-U can do this.
     
  3. Nodrog

    Nodrog Registered Member

    Joined:
    Nov 10, 2007
    Posts:
    56
    Location:
    UK
    A better way would be a firewall that knew about FTP... I take it we don't have that then?

    I must have missed something but where does uPNP come into ftp? and I'm only trying to use good ol browser, not an ftp client - you could more justifiably open a big hole for an ftp client than the browser.
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    did you try interactive mode?
     
  5. Nodrog

    Nodrog Registered Member

    Joined:
    Nov 10, 2007
    Posts:
    56
    Location:
    UK
    Oh FFS! it decides to work perfectly (a bit debateable) today... go figure.

    If I run IE in active or passive mode ESET NOW gives either inbound or outbound alerts - and NO I'm not going senile I always run in Interactive mode (meant that as a joke not a dig Cudni, I know interactive should give the alerts).

    When I had the problem, I disabled the firewall and got my download, reenabled the firewall and tried again and problem was still there, checked I was indeed in interactive mode, checked my firewall rules for a block I might have forgotten about and tried again - problem still there.

    Try today, both active/passive running as expected!!

    It would still be amazing if ESET would handle ftp without alerts or the need for big holes but maybe stateful protocol checking is too much of an ask? Driving the Tier 1 firewall at work is much easier than this.
     
Thread Status:
Not open for further replies.