A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
Can U reproduce the problem & if so how reliably?: Everytime
If U can, exact steps to reproduce. If not, exactly what U did & what happened: Try to connect via FTP Client (Total Commander) Port Fails, PASV Fails
If not obvious, what U expected to happen: Normal FTP Connection
If a software compatibility problem have U tried the conflict FAQ?: n/a
Any software except CIS/OS involved? If so - name, & exact version: Total Commander 8.01
Any other information, eg your guess at the cause, how U tried to fix it etc: I have to disable the FW to connect the FTP Client. Didn’t have this problem with previous versions of CIS 6.0 or 6.1.
Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
[/ol]
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: CIS 6.1.276867.2813 - Config file attached.
Have U made any other changes to the default config? (egs here.): Yes
Have U updated (without uninstall) from a CIS 5?: No, Clean Install
[li]if so, have U tried a a clean reinstall - if not please do?: Yes
[/li]- Have U imported a config from a previous version of CIS: No
[li]if so, have U tried a standard config - if not please do: Default Proactive Mode connects as normal but won’t upload files.
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Win7 Pro SP1 32 Bit, UAC Disabled, Administrator
Other security/s’box software a) currently installed b) installed since OS: a= SAS and MBAM on Demand b= Both
[/ol]
You might want to try checking which port is being used by the remote for inbound data connections. The pre-defined rule-set presupposes connections on port 20 - which is the ‘proper’ port for this - however, some ftp servers use different ports. The pre-defined rule-set only allows connections from TCP port 20.
[Mod Edits reversed, I think Rad is talking about active mode connections?]
Thanks. This just started recently and I didn’t notice it till updating to .2813. I’ll contact the problem server and see if they have changed anything. I’ll post back if I need more help.
I contacted the problem server (Register.com) and they haven’t changed anything. The tech guy tried numerous times while I was on the phone with him and he was able to connect every time. Simultaneously, as we spoke, I tried numerous times to connect without success. I played around with various settings last night with no success. I even tried setting up a new profile from scratch. No go. I can always turn the FW off while uploading, it’s just a nuisance. You may want to put this bug back on the Bug Reports page. I don’t know what else I could try. It’s strange, I have another server (RoadRunner) which I have no trouble connecting to. I’ve attached my CIS log file.
Here is my FTP Client Log:
230 User cogneo.org logged in.
SYST
215 UNIX Type: L8
FEAT
211-Features:
MDTM
REST STREAM
SIZE
211 End
HELP SITE
214-HELP
CHGRP
214 CHMOD
OPTS UTF8 ON
501 OPTS: UTF8 not understood
CWD /public
250 CWD command successful.
Connect ok!
PWD
257 “/public” is current directory.
Get directory
TYPE A
200 Type set to A
PORT 98,27,134,187,204,144
200 PORT command successful
LIST
PORT failed, try PASV mode!
PASV
PASV failed
Well, today, the connection problem raised its ugly head again. This time it was blocking the connection to my RoadRunner server. At least the bug is consistent in blocking both of the servers I use. Disabling the FW lets me connect.
I looked all over Total Commander for the port settings you mention, but found none. I’ve attached the Total Commander help file. I looked through it under “FTP”, but found only one mention of port 21 being used in IPV6.
Looks like no changes from defaults on that dialog.
I’ve just had some problems with my server and TC.
You could try setting passive mode on the dialog you picture and by editing the connection itself (Net ~ FTP connect ~ Select connection ~ Edit). I found I could force passive mode that way, then it worked fine with CIS and TC. Though I have TC set as ‘allowed’ by CIS FW.
As to active mode, I had a server problem, not a client problem, so I guess that does not help work out what the problem is.
OK, I found it. I set TC to use PASV mode and it connects now. I’ll have to give it some time to see if it’s a success. There still must be something wrong with CIS, since I had never had trouble connecting in the past. It only started giving me trouble with v.2813.
Hmm in active mode the FTP server has to be able to initiate the data link using an inbound connection to your external IP on port 20 to which your client replies with a data send on port >1023
So I think:
a) your router (assuming it’s a NAT router) would need to pass the inbound port 20 connection on to the correct PC, using port forwarding. This is not standard.
b) Maybe CIS would need to have global rule to pass this through to the app rules, depending on config. In IS config the last global rule is probably block all incoming silently?
c) CIS already has an application rule to pass port 20 on in the FTP ruleset, so that’s OK
Maybe TC used to default to passive mode but now defaults to active, unless you over-ride in two places?
I’m not an expert at this stuff though, shall I pass this through to help?
Well, I have no router. I have a cable modem direct to my Network card. Since I never had this problem before and my TC (until yesterday) and CIS settings are the same, something in CIS must have changed. I have tried a Global Ruleset for FTP (which CIS used to need), but it still didn’t work. As long as it works in PASV mode, I don’t really care (unless it’s insecure). I’ll know more by this afternoon since I’m updating a website today.
Just checked, and your logs show a local address 192.168.x.x. Which suggests that NAT (Network Address Translation) is occurring. However the port 20 connection is reaching CIS, and you are allowing it.
This is beyond me as I have never used a cable modem. Shall I transfer to help to see if one of the network boffins can work out what is going on.
Incidentally a Comodo employee (ddulepov) using TC recently had a difficulty accessing my FTP server in active mode, so you are not alone. May be worth PMing him.
Active mode need to work as it is more secure
I have removed your external IP for security reasons, sorry should have been more explicit.
Yes. You can forward this to anyone who may help. I’m not up on these things since I’ve never had any trouble in this area, but I’m willing to help. Today, I found that somehow my Windows Firewall was turned on. BB alerted me to FirewallControlPanel.dll. I thought this might be the problem. I disabled it and also set it to Manual in Services (I had already done this previously). I tried TC again with PASV mode disabled and the problem with CIS was still there. So, it wasn’t the Windows Firewall after all. Oh, well…
