FTP and ICS

Comodo Internet Security - CIS Firewall Help - CIS
1

Hello,

i have a following problem with active FTP connection via Total Commander.

  • I have ICS enables on win XP SP2 with comodo firewall 3.5 (newest downloadable)

In normal configuration:

  • global rule allowing all incoming tcp connections from port 20 allowed
  • Same rule for total commander
  • Same rule for alg.exe.
  • Comodo have ICS mode choice checked

But in log I can see that connection from remote ftp server is blocked (destination ip is my, destination port is about 5000 (random), source ip is ftp server ip, source port is 20).

I tryed to remove all rules and allow all in/out ip communication on all port from all IP’s, but firewall is still blocking incomming conections from port 20.

When I disable firewall, active FTP is working OK.
It seems that ftp connections by total commander are realised by alg.exe because of ICS.

I have read forum, but I found no solution.

Forgive me for bad english. Thanks for you answers.

2

You probably need to add the passive rule to the default CFP FTP rule

https://forums.comodo.com/empty-t16811.0.html

Third rule down.

3

It looks like I have located problem, but solution is imho serious security breach. Active ftp is working now.

State before solution:

  1. Default FTP setting in CPF is ok it contains this line:
    Allow Incoming FTP-DATA Requests which is (allow/TCP/IN/ANY/ANY/20/ANY) it is set on total commander rules
  2. Same rule is in global rules

But with ICS this settings are not enought, because incomming connection is handled by “Windows operating system” (application name in log), problem is that I can’t specify which process or service it is.

One more rule for full functionality:

For functional active FTP you have to add allow/TCP/IN/ANY/ANY/20/ANY rule for “any application”, but this mean all applications from port 20 can connect to your computer. So I suggest replace destination port ANY with range 1024-65535 and ideally allowing every FTP server separately via source IP.

One more interesting thing, if you change allow to aks, firewall won’t ask anything but block incomming FTP comunication from port 20.

Do anyone know which process of windows XP is responsible for incomming ftp connections?