Rule settings for FTP? [Resolved]

Help for v2
#1

I thought I understood how this firewall worked, but I can’t get ftp traffic to pass so I obviously do not :slight_smile:

Server is at home sitting on a cable modem, has Serv-U ftp server running on port 21. This is also the machine I installed Comodo on.

At work, I fire up the dos based ftp client and try to connect to my server at home, I can see it deny the ftp request in the Comodo log from my work ip address and it shows TCP and port 21. It shows that it is blocking it because of Rule 8, which is the default block rule at the bottom on my list.

Ok, I go into the rule and create a new one to allow ftp traffic.

Action = Allow
Protocol = TCP or UDP
Direction = In/Out
Source IP = Any
Dest IP = Any
Source Port = 21
Dest Port = 21

Save the rule and move it to the top so the default block one is at the bottom again.

Reboot server.

try to connect from work and it still block it via the standard block rule…

If I shut off Comodo (Right click try icon and choose exit), I can connect via ftp fine.

Am I missing something here? It seems like the rule I made is being overrided by the default block rule, but from what I’ve read here it goes from the top down and if a top rule allows a hole in the firewall than the default block rule at the bottom won’t override it?

#2

Hi,

I dunno if this will help, i’m not a techie, but i did manage to get Gene6 FTP up and running.

As you already have done …setup a rule for port 21…but if like gene6 it also needs a rule for Passive mode. Gene6 used a PASV port range (1024 - higher number sorry cant remember). I set this range in my FTP prog to 1024 - 1025 to restrict the amount of ports. I then made rules in comodo.

My two rules were;

ALLOW TCP IN or OUT from IP [ANY] to IP [any] where source port is [any] and destination port is 21

ALLOW TCP IN or OUT from IP [ANY] to IP [any] where source port is [any] and destination port is 1024 - 1025

with block rule as final rule.

When i found out my mate had a static ip address if tweeked this rule to allow only his ip.

Hope this make some sense and helps.
Also you could rt click [edit] your port 21 rule and tick the create an alert if this rule is fired box. It should give you some idea what is getting blocked…hopefully it will be the port 1024 range.

good luck

#3

I think the mistake lays here Source Port = 21 . The source port would not be 21 but a random port within a range. Try ANY.

#4

That was it, thank you!