CIS v4 and filezilla server

hi all,

i installed filezilla server on my windows 7 x64 pc but it doesn’t work, i’ve searched everywhere but i can’t find…

my filezilla is logged on, i entered my no-ip adress, i checked “use custom port range” then on my nat routeur (neufbox) i redirected port 21 and the range of ports but nothing work.

it’s impossible to connect to my server, when someone tries the no-ip adress redirect to the good adress but it’s impossible to connect… and i have no idea anymore.

i have tried without no-ip adress, it’s the same.

so if u can help me that would be great :wink:

thx in advance.

Those settings works fine for me but I don’t have a router though.

i have the same rules…

thx anyway :wink:

Please post a screenshot of your global rules and application rules for filezilla server.

for the application rules this is what i have :(i have 3 rules because i’ve tried several solutions without succes)

1st: allow-TCP-IN/OUT-any-any-any-20.21
2nd: allowTCP-IN-any-my private IP-any-50000.50100
3rd: allow-TCP-IN-any-my private IP-any-21

this is my options in FZ :

and this is my nat forwarded ports :


plage in french = range in english :wink:

for the global rule i don’t see what u means…, in comodo FZ is defined as a sure application.

ok i found what u meant with global rules.

but i have 4 rules and they are in french… so a screenshot won’t help…?

and i don’t know how to translate it, it’s quiet strange !!

so wich rule should i have in global rules ? i have 1 that allow IP, 2 rules that allow icmp and the last that block ip, i don’t think there’s something concerning filezilla…

if u really want i could try to translate the rules but it will be a little odd i think

I don’t write any global rules excepting for icmp: they are quite “vicious” and useless from my point of view as they rely on different precedences over the application rules depending of the direction (inbound or outbound).

For the same reason, i don’t use “mix” rules if i can avoid it: they rely on boolean logic, and it’s quite a pain to interpret a condition where, say, both in and out can concern port 21.

Port 20 is perfectly useless in passive mode, dump it.

As far as i remember, i havn’t used a no ip ftp server for years (and with Bullet Proof), you have to NAT No IP in your router to your lan adress, port 8245.
And you NAT rules are lousy: 21 is not an external port, neither are 50000-50100 as a destination.
You might test if the router is the culprit writing a dmz rule from the router to the concerned local computer, instead of individual natting/virtual server rules.

I would write a rule for each direction:
tcp in, dest port 21
tcp out, passive ports (50000-50100 if enough)

You can test your workability here:

Note: i am a french speaker, mp in french if useful to you, but i am only “here” until tomorrow (2 weeks of no internet connexion holidays).


so i’m completely lost after all that i read…

so i deleted my nat rules, and tried to make 2 app rules with your specifications but it don’t work.

i don’t know what to do anymore, i’m trying for 4 days…

the g6ftpserer test says the same thing :

About to connect() to ..**.***port 21

  • Trying ...*… connected
  • Connected to ...(...**) port 21
  • FTP response reading failed
  • Closing connection #0

i don’t understand why it says “connected” !

-Is No IP DUCS launched (icon in systray) and your domain name checked as active for your local ip (exemple)?

-Diasable the firewall or set it to proactive mode so it asks everything.

-I didn’t say to delete nat rules, but to either try some other ones, either write a dmz: the second way is much faster for testing, allowing everything through to and from your local ip