Need help..Keiro 2.1.5/BOClean

Discussion in 'other firewalls' started by CJsDad, Jul 7, 2006.

Thread Status:
Not open for further replies.
  1. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    On the BOClean website it says, We use "PASSIVE FTP" on PORT 21, this is to help in setting up the updater.
    After I set up the rule to allow BOClean to update through port 21 I keep getting a pop up message from Kerio telling me that BC is trying to connect but this time it's through a different port .

    What can I do in order to stop the messages asking to connect through a different port and only connect through port 21 to update?
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The initial connection is made to remote port 21, but then outbound connections are needed (passive mode)=> local ports 1024-65535 > remote ports 1024-65535

    EDIT:
    Full ruleset for FTP Client (Passive)

    Allow outbound TCP local ports 1024-65535 remote port 21
    Allow Inbound TCP local ports 1024-65535 remote port 20
    Allow outbound TCP local ports 1024-65535 remote ports 1024-65535
     
    Last edited: Jul 7, 2006
  3. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    Stem
    I dont think I'm following you correctly.
    Do I have to make 3 seperate rules just to allow passive FTP port 21?
    When I go to the rule settings I dont see how its possible to set all those rules at once.

    For example I can go into the firewall configuration and set the rule for "Allow outbound TCP local ports 1024-65535 remote port 21" but in order to complete the ruleset I would need to make 2 seperate rules, 1 for remote port 20 (allow inbound) and 1 for remote port 1024-65535 (allow outbound).
    So now when I look at the firewall rules description I will now see 3 seperate rules for BC?
    Is that what you mean?
    If not then can you explain this for me?
    Thanks.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi,
    Yes, they are seperate rules. You can complete "Passive FTP" with just the 2 "Outbound rules" (the inbound rule can be left out for BOClean (I did forget that the inbound is for the "Active mode data channel")).

    So just place 2 rules:-
    Allow outbound TCP local ports 1024-65535 remote port 21
    Allow outbound TCP local ports 1024-65535 remote ports 1024-65535
     
  5. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    That works! :D
    I added the two outbound rules for port 21 and ports 1024-65535 .
    I re-booted my PC just to make sure, clicked on the check for updates box and got a message from BC "You already have the latest update...nothing to download", and finally no more messages telling me a connection wants to be made through another port.

    Thanks Stem :thumb:
     
Loading...
Thread Status:
Not open for further replies.