Serv-U FTP/ Kaspersky Internet Security: FTP Server Rule

Discussion in 'other firewalls' started by spaeter, Mar 14, 2006.

Thread Status:
Not open for further replies.
  1. spaeter

    spaeter Registered Member

    Joined:
    Mar 14, 2006
    Posts:
    10
    Hallo!

    this is my first message here, so i would like to greet everyone:D

    My problem is this:

    I use my home pc (where KIS is installed) as ftp server and i connect to it from my office pc via cute ftp pro. In my pc (at home) i have serv-U in passive mode enabled.
    The problem is that i cannot connect to my home pc with the firewall enabled (no alert message from KIS).

    The rules that i have created, are:

    Does anyone help me to solve this problem? Where is the error? Thanks

    Regards
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi spaeter,
    Go into KIS network settings and disable "stealth mode"

    Note:
    (I believe KL have made a new setting called "fast mode"(or somthing similar) to get around a problem where KIS drops packets while in stealth, even when an "allow inbound" rule is created, but I have not loaded the latest builds and am unsure where this setting is)
     
  3. spaeter

    spaeter Registered Member

    Joined:
    Mar 14, 2006
    Posts:
    10
    Disable "stealth mode" but always the same problem.

    I've set a new rule in "rule for packet filtering" (just for try, now it is disabled...): "Allow Inbound/Outbound TCP Connection where Local Port is 21 and Remote port is 1024-65535 and the FTP connection was OK.

    But I think this is not the right solution... is like to haven't a firewall.. isn't it?
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi spaeter,
    It looks like another pgm on your PC requires this rule for your FTP sever to function correctly..... Placing a "Packet filter" rule is giving all the pgms you are allowing net access this rule. First you should check your FTP docs to verify what pgms are required network access. Failing that, I think its somthing to report to KL (maybe this as somthing to do with the problems KIS users are having with thier P2P / torrent pgms_(no inbound even with allow inbound rules))
     
  5. spaeter

    spaeter Registered Member

    Joined:
    Mar 14, 2006
    Posts:
    10
    Hi Stem
    i've made some other test, for example, adding servudaemon.exe in the trusted zone but always with the same results.

    In the KL forum i've received until yet only your friendly answer...

    With outpost as firewall, i used only three rules:

    - FTP: where the protocol is TCP and direction is inbound and local port is 21 allow it
    - PASV FTP: where the protocol is TCP and direction is inbound and localport is 1024-65535 allow it
    - FTP DATA: where the protocol is TCP and direction is outbound and local port is 20 allow it.

    Of course i've tried also with these settings....:(

    What i' ve seen is that, testing the ports with online scan test, the local port 21 is always closed.

    bye

    p.s.: with p2p software (emule/utorrent) i have no problem...;)
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi,
    I think the problem must be with the KIS AH, I know the checks I made on the early AH (1.7/1.:cool: brought some strange results, finding all inbound ports closed to inbound (SYN) traffic (while stealth mode active), even with rules to allow the inbound. The early versions of KIS where the same, so disabling stealth usually solved this problem (they must of changed this again). I dont really have the inclination to load up any more beta`s of KL`s to re-test.
    So unless others can put some light on this,..... I think your best bet is to highlight this problem (Report as bug) on the KL forum and use a firewall that works for you untill an answer/fix is found (don`t hold your breath).

    Regards
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Does everything work for you with this rule change in KIS?
    Are you the only one requiring access to the server? If so, you could restrict the rule to office IP.

    Regards,

    CrazyM
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    CrazyM,
    Just in case spaeter doesnt ask, I just cant resist but to ask, what is "office IP", now I know there is the office IP phones/VoIP (and even an office IP(in a box)), but I have not come across Office IP FTP. Have you any links/info. (and how is KIS involved in this?)

    Regards
     
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    I was refering to his office's Internet public IP address. If that is the only remote location needing access to his home FTP server he could restrict his FTP rules to permit connections from only that IP. That way the server would not be exposed to the Internet at large.

    Regards,

    CrazyM
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    CrazyM,
    Ah, right, sorry,...I thought there was some expansion to the VoIP etc. Sorry for the mix up.

    Regards
    Stem
     
  11. spaeter

    spaeter Registered Member

    Joined:
    Mar 14, 2006
    Posts:
    10
    Changing the rule of KIS works all correctly.
    The problem is that at office my public IP change every time i connect to my provider. And sometimes I connect to my server (at home) from outside the office.

    Regards
     
Loading...
Thread Status:
Not open for further replies.