I have a problem with Commodo when it comes to setting up a FTP server. I want to use the latest Filezilla Server.
I can start the FTP service of Filezilla normally, which logs on to your computer through a local host. But when outside users want to access my files they receive the cannot connect message. If I disable the FW completely everything works.
I already browsed the other similar topics that I could find, but non of them solved my problem. I know that it has to something with setting a proper rule in the Network monitor. I tried a couple of suggestions that I found on the forum, but they only made things worse.
After setting any of the rules even the first step (starting the service) fails. So the problem must also be related with the Application monitor. Does anybody know which rules I have to put in the FW to make the FTP server operational.
If you need any additional info please let me know.
I thank you for any assistance that you can give me.
I use FileZilla Server on a pc with Comodo firewall.
You have to forward some ports in your router.
1 port to connect to FileZilla, default port 21
A port range used for passive FTP, lets say port 40000-40050
Then you have to enter these ports in FileZilla settings
FileZilla listen port will be port 21.
Under the passive FTP settings you will have to enter your external IP and limit the port-range to 40000-40050
Then you make 2 entrys in Comodo network monitor:
Allow
TCP In
Source : Any
Destination : Server internal IP
Source port : Any
Destination port : 21
Allow
TCP In
Source : Any
Destination : Server internal IP
Source port : Any
Destination port : range 40000-40050
And that´s it !!
Everything is running perfect here, with these settings.
Thanks for the reply. I have some question regarding your answer.
You have to forward some ports in your router.
1 port to connect to FileZilla, default port 21
A port range used for passive FTP, lets say port 40000-40050
I don’t have a router, so can I pass this?
Then you have to enter these ports in FileZilla settings
FileZilla listen port will be port 21.
Under the passive FTP settings you will have to enter your
external IP and limit the port-range to 40000-40050
Is this correct? (see picture) don’t mind if the range is different.
Then you make 2 entrys in Comodo network monitor:
Allow
TCP In
Source : Any
Destination : Server internal IP
Source port : Any
Destination port : 21
Allow
TCP In
Source : Any
Destination : Server internal IP
Source port : Any
Destination port : range 40000-40050
What did you mean by Server internal IP. I have a dynamic IP and since
I don’t have a router waht should I enter here. (see picture)
After all that it still doesn’t work like it should. If I use local host 127.0.0.1
as a Server external IP my friends can’t connect to me. If I use ANY or my current provided IP they can connect, but they see a blanck folder.
you should check the “create an alert if this rule is fired”
(and you should do that for all your network-monitor rules)
That way your firewall-logs will be useful in determining what is being blocked and why …
then try to start FileZillaServer ( you might want to stop other programs that use the net just to keep things simple) let it make it’s errors and then look at the log (and post it here if you need help)
Once the server starts ( and you are able to connect to it with the control-interface ) have a friend
try to connect and take a look at the logs again and see what is being blocked.
( I’m assuming that you have correctly setup the FTP-accounts with the needed user-rights )
: If no router, then nothing to forward and therefore you can skip part 1.
: Seems right, exept you have to change what ip the server should use when in passive mode.
You have marked “default”.
You should mark “use the following IP” and inset you ip, if you have static IP.
If you have dynamic IP, and you say you do, then mark the “retrive external ip adress from”
: Your entrys in Comodo Network monitor looks fine.
Server internal IP dosen´t matter if you have no router. If you had a router you would have one IP seen from outside and on the inside your first pc would be 10.0.0.2, second pc would be 10.0.0.3 and so on. If you were running the Filezilla server from, let´s say, pc2, then you should enter 10.0.0.3 as server internal IP.
Since you have dynamic IP you shold set the destination IP in both rules to ANY.
Or else you will have to change the IP setting in Comodo every time your IP changes.
This is all it takes to get FileZilla server to work with Comodo Firewall.
If your frinds still can´t connect then maybe you have made some bad settings in FileZilla.
Did you remember to give access to the folders they are supposed to use.
When you make new accounts, you will have to grant access to a folder that will be this user´s base-directory. Inside this folder you shold make at least 2 folders. 1 download and 1 upload.
All 3 folders will have to be added under this user.
In Base-dir and download folder you should mark “read” in “files” and in “directorys” you should mark “list” and “+subdirs”
In upload folder you should mark “read”,“write” and “append” in “files” and in “directorys” you should mark “create”,“list” and “+subdirs”.
Now this user can open and browse all 3 folders, download from “download”-folder and upload in “upload”-folder. But he can´t delete anything, only you can do that.
i use the way that I config the application monitor in the comodo.
step1, into the application monitor find the note of filezilla server.exe and filezilla server interface.exe in the comodo.
step2, two-click the note, click the “skip parent chack”, and click the “apply the following criteria ”.
step3, then click the “general” tab, select the
ACTION allow
PROTOCAL tcp/ip
DIRECTION out/in
step4, then click the “miscellaneous”, select the skip advanced security check。
Thank you everbody for the help. :■■■■ I tried everything you guys said, and luckily the last suggestion form sunanan worked. I can see my files in Firefox and my friend was also successful in downloading files from the server.
(:CLP) :BNC
I still have one question thoe.
Does those steps that sunanan suggeted in any way compromises my computer security?
I don’t see any serious issue with sunanan’s application rules. They do decrease protection inasfar as those two application entries are concerned, simply because of step 4: selecting “Skip advanced security checks” under the Miscellaneous tab. In essence, this turns off Application Behavior Analysis for those applications.
This would only impact you if those applications were to be compromised by some malware, though. If that were the case, you would likely see other indications of problems as well. With some applications, they are touchy enough that skipping these advanced checks is necessary for the best possible connection - email scanners, remote access, and some filesharing applications are this way.
You may want to try unchecking the Skip Advanced Security Checks on those two application rules to see if they still work. Leave the rest of the rule the way it is.