FTP server

Frequently Asked Questions (FAQ) for Comodo firewa
1

I am trying to setup a custom home FTP server with filezilla. I found out that COmodo is what blocks access (it works fine when I shut it off)

What are the settings I must do for that?

2

You need some network rules to allow port 21 to be used by filezilla:

Action = Allow
Protocol = TCP
Direction = Out
Source IP = Any
Destination IP = Any
Source port = 21
Destination port = Any

Action = Allow
Protocol = TCP
Direction = IN
Source IP = Any
Destination IP = Any
Source port = Any
Destination port = 21

You also need to add filezilla as trusted app.

3

Thank you so much… half of it works…

Are those settings for active or passive modes?

I heard that passive mode demands otherports open

and what about port 20?

4

forgot to say. half of the friends i had to check told me they get the error ‘can’t open data connection’

5

You only have to have IN rules, since there is a default OUT rule for any, any, any…
Add your FTP program as a trusted app in application monitor and also check the “skip advanced security checks” in the misc tab.

You should also go to security/advanced/misc and tick the box “skip loopback… TCP”

I don’t know, but you can try to make a IN rule with destination port 20, and see if that works. Also remember to move your rules ABOVE the default block rule.
I think it only goes OUT on port 20, but you can try it…

Tell your friends that they can try to use PASV (passive) mode if they haven’t tried that.

Reboot after you have made the rules.

If you have more problems, check the log in CFP.

To really work good (passive) you might have to open some high ports range like 52000-52020 and do the appropiate settings in the application monitor rule for your server.

6

I too have almost the same problem as Palatinus. The problem that I have, tested now for 1-2 hours, is that I can´t log in to my server. One time when I changed my settings in comodo I could log in but didn´t see my files. It was a blank directory. But now I have played with this settings and that doesn´t come up more. I get only a message “can´t establish connection” or something. :frowning:
When I use my ftp client from my computer I can see everything and it works fine. The problem is when other ppl logging in…

I have read this thread and used (?) the same settings that is writting (I hope, don´t know anymore more because of all my changings).
Question is, do someone know what I´m doing wrong?

Thanks in advanced.

Rules that I have:

In Application Monitor (I got two trusted servers):
FileZilla Server Interface
Action= Allow
Protocol= TCP
Direction= OUT
Destination IP= Any
Destination Port= Any
Miscellanous= skip advanced security check

FileZilla Server
Action= Allow
Protocol= TCP or UDP
Direction= IN
Destination IP= Any
Destination Port= 2511 (my ftp server is listening on that port)
Miscellanous= skip advanced security check

When this didn´t work I put a rule in Advanced, above the rule that is standard in comodo, with this settings:
Action= Allow
Protocol= TCP or UDP
Direction= IN
Source IP= Any
Source Port= Any
Destination Port= 2511

When I used Sygate before comodo (that is a greater Firewall) it worked fine… :frowning:

7

Normally when you set up a FTP server you have to have some IN rules in network monitor, like you have done with your port 2511.
Usually you do it for port 21 and you also have to do it for a range of ports so that both active and PASV (passive) mode works.
Choose a range in let’s say 52250-52300
Try it and see if it works.
You also need to set those ports in your FTP server settings.
Try this and if it doesn’t work, you can check the log in CFP and see if anything gets blocked.

8

Hi AOwL, thanks for helping me. I really appreciate it. :slight_smile:

Ok, now I have done like you said. Open port 2511-2530 in both ftp server and comodo “application”.
I can see the user logging in, but in his ftp I can´t see anything. Its an empty directory. :frowning:
This is some part of the log that I got:

Ip-adress: 85.225.yyy.yyy is the computer where the user is trying to log in (ftp client).
Ip-adress: 85.225.xxx.xxx is the computer where the FTP server is.

Date/Time :2007-02-04 14:08:00
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 85.225.yyy.yyy, Port = 2515)
Protocol: TCP Incoming
Source: 85.225.yyy.yyy:4440 (computer that is trying to log in to server)
Destination: 85.225.xxx.xxx:2515 (computer that have server going)
TCP Flags: SYN
Reason: Network Control Rule ID = 7