How to configure LnS for FTP

Discussion in 'LnS English Forum' started by Defenestration, Jul 17, 2004.

Thread Status:
Not open for further replies.
  1. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    I use Directory Opus (www.gpsoft.com.au) as my file manager and FTP client but have come across a problem. When I connect to an FTP site it connects OK but cannot read the folder contents.

    I am just using the default LnS settings for DOpus.

    Why does it connect OK but yet cannot read the folders contents ?

    How do I set-up LnS to allow browsing of FTP sites ?
     
  2. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Update - The rule that's stopping the FTP folder contents from being read is

    TCP : Block incoming connections (Block incoming packets with SYN flag alone.
    Supposed to block all clients trying to connect to the PC.)

    I do not want to disable this rule fully since this would leave my PC open to attack.

    How can I allow FTP without disabling this rule ?

    Edit: Looking through the FAQ's I found the Look 'n' Stop Rule example: Authorizing an FTP Server. Is this the best way to do it ?

    Edit2: I tried this and it still didn't work. I also downloaded and installed the pre-configured rules for FTP client and FTP Server but they didn't work either. Aaaaargh...!

    Another problem I've noticed is that my AOL connection is automatically dropped after approx. 20 mins when I have "TCP Stateful PAcket Inspection" enabled. When it's disabled the connection is not dropped. How do you fix this too ?

    I really like LooknStop, but these two problems make it unusable for me. I hope someone can help.
     
    Last edited: Jul 18, 2004
  3. qwer

    qwer Registered Member

    Joined:
    Jul 15, 2004
    Posts:
    22
    I am using FileZilla and I have imported the FTP.rie .. all works

    is there any other problem to care ?

    thank you
     
  4. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Are you using the Enhanced Rules Set ?

    Do you have the "TCP : Block incoming connections" rule enabled ?
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If you are getting an inbound block are you using active FTP?
    Have you tried using passive FTP?

    Regards,

    CrazyM
     
  6. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Ah, one of the FTP sites that wasn't working is now working. I'm using Active FTP. I tried using Passive mode but it can't switch to that mode.

    Re. the AOL problem, I installed the AOL Connection rule but the connection is still dropped after 20mins when TCP Stateful PAcket Inspection is enabled.
     
  7. jebstuart

    jebstuart Registered Member

    Joined:
    Jul 16, 2004
    Posts:
    6
    Location:
    Russia
    I had the same problem, which has been solved since I placed my FTP-rule between TCP: Block Land attack and TCP: Block incoming connections (the enhanced ruleset). The FTP-rule is active as soon as WinCommander (my FTP-client) connects to Internet.
     
  8. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Hmmm..., it's all working correctly now and I'm using Passive FTP (thanks CrazyM - some sites still seem to work with Active FTP). The only thing different was that in LnS I had set up specific ports to use for the FTP client (DOpus) which I had set to 21. It fails to switch to Passive mode with this set.

    Can anyone explain why this happens because FTP is using port 21 anyway ?

    All I need to solve now is how to stop the AOL connection being automatically dropped after 20 mins when TCP Stateful Packet Inspection is enabled. Any ideas ? I'm on AOL 9 Dial-up and don't like having to disable something because of a conflict (especially something I'd like to have enabled).

    What does TCP Stateful Packet Inspection actually protect you from ?

    jeb,

    Do you know why moving the rule between these two rules work ? I ask because I thought in LnS the rules are applied from top to bottom so as long as the FTP rule is near the top, then FTP should work.
     
Thread Status:
Not open for further replies.