Problems with ftp clients: I've tried all suggested solutions [RESOLVED]

Hi, I have problems connecting to my remote ftp server from home. It is a Comodo related problem, since if I remove the firewall protection I can connect.

The problem I get is a 425 error (can’t establish data connection).

I have already tried out the suggested solutions in other threads but I cannot seem to make it work. If I set my ftp client (Total Commander or FireFtp on Firefox) as a trusted application I can’t connect anyway. This only happens with this particular server, the only one I need to connect to in active mode. I don’t know what to do right now.

[Topic Closed: If issue returns PM an online mod to open]

Do you have a network rule to Allow Incoming FTP-DATA Requests for those applications?

This rule was recently added in 309 to the Predefined Firewall Policiy for the FTP Client.

Allow, TCP, In, Allow Incoming FTP-DATA Requests, Any, Any, Port 20, Any


Yes that rule is present but it doesn’t seem to work in my case.

Check your global rules. Do you have a “block all incoming” at the end? If so, you will need to add the “allow/tcp/in/any/any/20/any” for the active FTP data connection ahead of it.

I don’t have block all incoming, I have tried anyway to add the “allow/tcp/in/any/any/20/any” rule at the top of the global rules but the problem persists.

Change your application rules for your ftp client to include logging, and add a block and log at the end to see what is happening there. Have you tried to constrain the ports used by your ftp client or server?

BTW, Total Commander uses a subprogram to do FTP, which also needs permissions, and I think Fireftp uses the basic rules for Firefox, which probably don’t support active ftp. I haven’t used TC (I use Powerdesk the same way) but I recall problems in providing separate rules for Fireftp when trying to modify the web browser rules. Try Filezilla if nothing else works. :slight_smile:

I installed Filezilla but as I feared this is not application related, since Total Commander doesn’t actually use anymore a subprogram for ftp connection.

I had the same problem with Filezilla, there seems to be a connection but then the ftp directory listing is impossible.

Here is an excerpt from the log file:

C:\Internet\FileZilla FTP Client\filezilla.exe Blocked Source IP Source Port 2026 Destination IP Destination Port 80

Port 80 is not an ftp port at all. Should be going to port 21. This looks like an http download. ???

When I tried with firefox/fireftp earlier today the block was on port 20 and the destination IP was which is the address of my ftp server. I don’t know what that Filezilla block is all about. Fact is, the result is the same with any software. And if I disable Comodo I can connect with any software. I really don’t know what to try next.

I’ve tried again with Filezilla, with the same result but this time there’s nothing in the log.

Take a look at Active FTP vs. Passive FTP, a Definitive Explanation . From your client point of view, port 20 and your ftp server are always a source, port 21 and your ftp server are always a destination. The block you quote looks like the rules have source and destination reversed. Without Comodo, none of the port specifications or IP specication matter, so things should work anyway. To try to work around the Firefox Issue, go to your firefox rules and add the allow/tcp/in/any/any/20/any rule there-that should allow fireftp to do active ftp. I don’t understand the log entries you gave me in the last 2 messages-the first one is for an http download, not ftp at all. The second is an active ftp rule with the source and destination IP reversed. Can you capture and post your actual log and rules you are using for filezilla? We need to understand better what you are actually doing. :slight_smile: BTW, if you don’t already have a screen capture program, you can get a free copy of Snagit (most popular) previous ediition by going to Earn Cash Back at stores you 💜 and following the instructions.

You can find yesterday’s log here:

For filezilla I’m using the default Ftp client rules.

For Filezilla, it looks like the message is because it is checking for an update. Can you try adding logging to the ftp client rules for the control connect and the active data connect, and a block and log at the end. I still don’t understand the firefox attempts to connect to port 20 of your server. BTW, which CFP3 version are you using? The default rules for ftp client have changed a bit along the way. I have attached mine for verification-they work fine with Filezilla and the other ftp clients I use.

[attachment deleted by admin]

My ftp rules are the same as yours, the firewall is updated to the latest version.
Strange thing is, I tried to add a log to all the rules for the ftp client, but nothing comes up in the event log. I’ve fired up FileZilla many times and I always got the same error but there’s absolutely nothing in the log today.

Something to try: go to firewall/advanced/behavior settings/alert settings and make sure that all but ICS gateway are checked. Set the alert level to very high. Then log only the connect request, the active ftp request and the block and log. Run filezilla and see if the logging works now and tells you anything.
Another thing to try:
Delete both the firewall and D+ rules for filezilla. Set both FW and D+ to training mode. Run filezilla and examine/record/allow the popups.

FTP works for me on several programs, as well as for lots of other users. I just checked Filezilla 3 in active mode and it worked fine, listed directories and programs in the directories. So we hope there is a way to make it work for you too. :slight_smile: But the outgoing to port 20 still bothers me-this is not a part of the ftp protocol you see for connections, although you see the data if you use a packet sniffer. The logging is from Comodo, BTW? Another thing to do a little more in depth logging is to download Wireshark (free) from actually do some sniffing of what is happening at your NIC.

Yes the logging is from Comodo. I’ve tried setting the alert settings as you said, and something interesting has come up while trying to get a directory listing with Filezilla:
here is the related logging.

And another strange thing: even if I remove Filezilla from the Application Rules, the firewall doesn’t ask questions, and everything happens exactly as it did before.

OK, with your setup you need to add the rule “allow/tcp/in/any/any/20/any” under WOS. There must be a block in (implicit or explicit) there in your version. Filezilla works fine for me without such a rule, but the log says you need it. I use no global rules at all, and my WOS rules (attached) don’t have an explict allow for active ftp. That may be the alg problem too, btw-I think it gets lumped with WOS. Are you using XP? I am a Vista user, and things do work a little differently for ftp between the two-alg is not involved at all for Vista.
If you don’t currently have any WOS rules, you can go to add/running processes and find it, then make the rule for it.

[attachment deleted by admin]

It works! Adding that rule to WOS solved the problem!
Thanks a lot, this was really bugging me. I use XP on this rig by the way.

Great! :slight_smile: I don’t know why CFP3 treats XP and Vista differently, but suspect the two OS just have different support structures for FTP clients. Probably should have been loggin alg. Do your other FTP clients work also?

Yes, FireFTP too! Now I have a bucketload of working ftp clients :wink: