I recently installed an FTP server on my machine so that I can share some data with my friends. However, none can access it but myself on my machine.
The server is running on port 21 so I created a rule in the network monitor to allow inbound TCP traffic on port 21 and put the rule on top in the network monitor … still no luck.
Could anyone write a short manual about how to do it right, like every step and every click of the mouse, that would really help me out.
Before anything else, are you behind a router? If so, you will need to port forward port 21 to the IP address of the PC running the FTP server. It might also be an idea to give that PC a static IP address.
If you are behind a router, nothing we can tell you will help until the FTP port is forwarded on your router.
Step one would be to turn on logging on the custom rule you’ve created and get someone to attempt to access the server. CPF should make a log entry if its CPF thats stopping the inbound access.
If you do get an entry thatrelates to the attempted access, do a right click inthe log window and select “Export to HTML”. This will produce a HTML file that you can post here and should contain sufficient detail that we canwork out what’s stopping where.
Cheers,
Ewen
P.S I may not be able to get back to you immediately. It’s quite late at night here down under.
I’m at the office at the office as I post here so I cannot test anything from here, but I’ll try to get to it as soon as possible and post the logs afterwards.
Application Monitor > Add Program > “Allow all activities for this application” & “Skip advanced security checks”
Network Monitor > Add Rule >
Source IP: Any
Destination IP:
Source Port: Any
Destination Port : 21
Network Monitor > Add Rule >
Source IP: Any
Destination IP:
Source Port: Any
Destination Port: A port Range 1024 - 65535
I’m not so sure about the last one, “Destination Port: A port Range 1024 - 65535”, So I removed this rule after testing with no results.
I also logged everything and exported it to a HTML file, which is this:
Date/Time :2006-11-30 19:04:53
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = , Port = ftp(21))
Protocol: TCP Incoming
Source: :42005
Destination: :ftp(21)
TCP Flags: SYN
Reason: Network Control Rule ID = 8
Rule ID 8 in the list is the standard rule:
Block and LOG IP IN our OUT FROM IP [ANY] TO TIP [ANY] WHERE IPPORT IS ANY
I had the same problem before with a PHP server which I fixed by adding a rule to accept connections on port 80, but it seems that the ftp server is not only connecting through port 21 only. Weird stuff
Well hope this information is usefull for you to give me a workaround if possible.
Hi testerer.
The network rule for port 21 looks ok.
You can first try to go to security/advanced/misc and check the “skip loopback… TCP”.
The UDP skip is checked by default, so leave it like that.
While you are there, you might consider to raise the alert level slider to the top, and uncheck “do not show alerts for apps certified by Comodo”.
You will get a lot more popups, but better control. Use it for a while and then set it back to default. (except the loopback)
Go to Application monitor and delete the rule for your FTP.
Now, this is important! REBOOT your PC!
Now you can start to allow popups…
Start your FTP and check the log again.
Post back the results.
Date/Time :2006-12-01 18:53:45
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = , Port = 12407)
Protocol: TCP Incoming
Source: <my friends ip:24139
Destination: :12407
TCP Flags: SYN
Reason: Network Control Rule ID = 7
My question is, should I have an extra rule at the network monitor that opens a port range for just my ftp program and which ports should that be? At my ftp program I see that it listens to port range 1024 - 65535. Is it safe and possible to open that port range for just one program?
Well thanks again and hopefully Ill get it to work soon
I use BulletProof FTP Server v2.3.1 and yes, I have enabled PASV but the thing I am afraid of is that if I open say ports 48000-48005 like you suggested, couldnt I get hacked through those ports?
Also, how do I open those ports for just my FTP program?
Ok I got my friend to get access to my server, however I had to open ports 48000-48005 like you said. I’m still afraid of possible hacking attacks on those ports since they are open now.
Am I being paranoid or …? And anything I can do about it?
Even if you open those ports in network monitor, they are still in stealth. When you use them no other app can use them. The only way to be sure that no other of your programs use them, is to specify ports for all your programs in application monitor. Thats why you should set a fairly high port number that no other program use. It’s the same for P2P programs. I only set them between 40000-65000.
You can say that when you start your FTP program, and have set it to use certain ports, then only your FTP can use those ports.
I you want to control them, you can tick the log box in your rule, and check the logs if it seem to work as you expected.
Alrighty, I totally forgot that comodo hides your ports even if they are open for a certain program. I used a couple of port scans on the net to scan my computer after I opened the ports and none could find anything.
Well I got it working now, I changed some settings in my ftp program too, to listen to certain ports only and added the rule in the network monitor.
Great!
I’m glad it worked for you!
I will put resolved on this thread, so other can benefit from it.
I will lock it too.
If you have other questions, just start a new thread and/or do a search on the forum.
