FTP server [Resolved]

Greetings all,

I recently installed an FTP server on my machine so that I can share some data with my friends. However, none can access it but myself on my machine.

The server is running on port 21 so I created a rule in the network monitor to allow inbound TCP traffic on port 21 and put the rule on top in the network monitor … still no luck.

Could anyone write a short manual about how to do it right, like every step and every click of the mouse, that would really help me out.

Thanks in advance!


FTP server: BulletProof FTP server


Before anything else, are you behind a router? If so, you will need to port forward port 21 to the IP address of the PC running the FTP server. It might also be an idea to give that PC a static IP address.

If you are behind a router, nothing we can tell you will help until the FTP port is forwarded on your router.

Hope this helps,
Ewen :slight_smile:


Thanks for your reply.

To answer your questions; no I am not behind a router, and yes I do have a static IP adress.


Step one would be to turn on logging on the custom rule you’ve created and get someone to attempt to access the server. CPF should make a log entry if its CPF thats stopping the inbound access.

If you do get an entry thatrelates to the attempted access, do a right click inthe log window and select “Export to HTML”. This will produce a HTML file that you can post here and should contain sufficient detail that we canwork out what’s stopping where.

Ewen :slight_smile:

P.S I may not be able to get back to you immediately. It’s quite late at night here down under.


Thanks again for the help.

I’m at the office at the office as I post here so I cannot test anything from here, but I’ll try to get to it as soon as possible and post the logs afterwards.

For now, good night :slight_smile:



Ok I tried some stuff again …

Application Monitor > Add Program > “Allow all activities for this application” & “Skip advanced security checks”

Network Monitor > Add Rule >

Source IP: Any Destination IP: Source Port: Any Destination Port : 21

Network Monitor > Add Rule >

Source IP: Any Destination IP: Source Port: Any Destination Port: A port Range 1024 - 65535

I’m not so sure about the last one, “Destination Port: A port Range 1024 - 65535”, So I removed this rule after testing with no results.

I also logged everything and exported it to a HTML file, which is this:

Date/Time :2006-11-30 19:04:53
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = , Port = ftp(21))
Protocol: TCP Incoming
Source: :42005
Destination: :ftp(21)
TCP Flags: SYN
Reason: Network Control Rule ID = 8

Rule ID 8 in the list is the standard rule:

I had the same problem before with a PHP server which I fixed by adding a rule to accept connections on port 80, but it seems that the ftp server is not only connecting through port 21 only. Weird stuff

Well hope this information is usefull for you to give me a workaround if possible.

Thanks a lot for now and hopefully till soon!


Hi testerer.
The network rule for port 21 looks ok.
You can first try to go to security/advanced/misc and check the “skip loopback… TCP”.

The UDP skip is checked by default, so leave it like that.

While you are there, you might consider to raise the alert level slider to the top, and uncheck “do not show alerts for apps certified by Comodo”.
You will get a lot more popups, but better control. Use it for a while and then set it back to default. (except the loopback)

Go to Application monitor and delete the rule for your FTP.

Now, this is important! REBOOT your PC!

Now you can start to allow popups… :wink:
Start your FTP and check the log again.
Post back the results.

I did everything you said, result:

Date/Time :2006-12-01 18:53:45
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = , Port = 12407)
Protocol: TCP Incoming
Source: <my friends ip:24139
Destination: :12407
TCP Flags: SYN
Reason: Network Control Rule ID = 7

My question is, should I have an extra rule at the network monitor that opens a port range for just my ftp program and which ports should that be? At my ftp program I see that it listens to port range 1024 - 65535. Is it safe and possible to open that port range for just one program?

Well thanks again and hopefully Ill get it to work soon :slight_smile:


What FTP program do you use?
Is it possible to set it to use only port 20-21?

Ask your friend if he uses passive mode in his FTP client.
In that case, ask him to set the port 21 manually.

You can set up a PASV range in your FTP program like 48000-48005, and open those ports in network monitor.

Do your friend get any error messages?


Thanks again for all the replies.

I use BulletProof FTP Server v2.3.1 and yes, I have enabled PASV but the thing I am afraid of is that if I open say ports 48000-48005 like you suggested, couldnt I get hacked through those ports?

Also, how do I open those ports for just my FTP program?

Thanks in advance.



Ok I got my friend to get access to my server, however I had to open ports 48000-48005 like you said. I’m still afraid of possible hacking attacks on those ports since they are open now.

Am I being paranoid or …? And anything I can do about it?

Ok thanks

Even if you open those ports in network monitor, they are still in stealth. When you use them no other app can use them. The only way to be sure that no other of your programs use them, is to specify ports for all your programs in application monitor. Thats why you should set a fairly high port number that no other program use. It’s the same for P2P programs. I only set them between 40000-65000.
You can say that when you start your FTP program, and have set it to use certain ports, then only your FTP can use those ports.
I you want to control them, you can tick the log box in your rule, and check the logs if it seem to work as you expected.

I hope I explained it so you understood it… ;D

Hmmm i didn’t understand that myself… :wink:

Even if it’s a IN rule, YOU have to start it! (your FTP program)

And when you have started it, no other program can use those ports.

If you still are skeptic, and only use your FTP server occasionally, you can move that rule belove the block rule when not in use…

Alrighty, I totally forgot that comodo hides your ports even if they are open for a certain program. I used a couple of port scans on the net to scan my computer after I opened the ports and none could find anything.

Well I got it working now, I changed some settings in my ftp program too, to listen to certain ports only and added the rule in the network monitor.

Thanks a lot!


I’m glad it worked for you!
I will put resolved on this thread, so other can benefit from it.
I will lock it too.
If you have other questions, just start a new thread and/or do a search on the forum.