FTP Server behind Comodo?

Hi all…

I did search but the only thing I could find is running an ftp client from a desktop running Comodo. I have an ftp server with Comodo installed on the desktop (was using Zone Alarm Pro) and I’m behind a router (Dlink DIR655). I’ve forwarded port 21 to the ftp machine but I just can’t connect to the ftp server. I originally got the warning of an incoming connection and I allowed it (remembering the answer) but nothing happens after that. The ftp client (Filezilla) from the other computer just sits there and eventually times out. I’m using G6 FTP Server and even tried Filezilla Server.

I’ve gone through trying to adapt the ftp client rules I’ve found from other posts for the ftp server, even allowing everything under the sun to access but it still doesn’t.

The weird thing is when I exit Comodo, I still can’t connect. Does Comodo still run in the background? The only service I saw for it was the helper service and I don’t have the option for stopping it. Anyway, shutting down Comodo and still not being able to connect made me think it was something with the router, but I’ve forwarded ports (Dlink DIR655) and even set it as a virtual server and still nothing. But seeing as how Comodo would see the incoming connection made me think it’s Comodo and not the router.

I’ve gotten to the point where I can view Firewall Events and see the connection being made (allowed) and going to the correct internal IP and port, but I don’t actually connect to the server.

Any ideas? Is there a guide somewhere on how to configure Comodo v3 for ftp servers? I couldn’t really find anything on google or in the Comodo faqs.

Comodo Firewall Pro v3.0.15.277


There is another thread on the subject at https://forums.comodo.com/help_for_v3/ex_za_user_needing_clarification-t18859.0.html;msg129427#msg129427 . The client needs access to both port 21 and an arbitrary high port on the server for passive ftp. You can probably limit the range of high ports in the server if you don’t want to open up/forward everything above 1023. If you use active ftp, you will need to allow the server to go out from port 20 to the client. Since some of these are inbound connections, you may also need to allow them either in the Global rules or in Windows Operating System, since Global rules are checked before application rules for inbound.
Can you see both control and data connections being made in the log? I don’t have a server set up, so can’t check some of this myself for the Comodo peculiarities.

Thanks, sded, but I’m obviously doing something wrong. I’ve tried adding rules to Global Rules, App Rules, and Predefined Firewall Policies and nothing seems to work.

I might have to give up on Comodo for now and go back to ZAP until I have more time to experiment.

Thanks for the help.

I am using G6 FTP Server and it is working fine with V3.
What I did is go into G6FTP -->Setup–>Main–>Multi-IP Settings, on the top right, choose “Passive Mode”, assign your passive ports at the bottom and IP on the top. Click OK.

In Comodo, the Stealth Ports Wizard, I am using the 2nd setting which is “Alert me to incoming connections -stealth my ports on a per-case basis”. So I only have 1 global rule.

My application rule for G6 is attached.
FTP Ports, I created them in Firewall–>Common Tasks–>My Port Sets, the ports are 21 and which ever port you set earlier in G6FTP passive ports setting.

[attachment deleted by admin]

Spot on ronaldkm.

The single best method of setting up an FTP server behind pretty much any personal firewall is to configure it for passive connections, explicitly nominate the ports for data connection and transfer, tell your prospective connectors what those ports are and then set appropriate inbound network rules to allow connections via the nominated ports to the nominated appliaction.

The very nature of FTP connections pretty much mandates this type of setup.

Ewen :slight_smile:

Thanks for the replies. I haven’t had much time to fiddle with it but I think you’ve got me on the right track. One thing that I didn’t realize – I performed a system repair not too long ago and this re-enabled Windows Firewall. That was part of the problem I think. Once I disabled that, I was able to briefly connect to the ftp before getting disconnected. The systray icon for G6 FTP briefly changes to the little person to show a connection is being made, but then I get dropped.

I’ll have to go back through ronaldakm’s suggestions to double check.

Thanks again!