[Lancaster] firewall

Wayne Ward wayne at lancastercomputers.co.uk
Wed Sep 23 12:35:28 UTC 2009 

This all seems odd can you not just setup a trusted ip from the box  
that is not allowing the connections
because opening them ports just isnt right!!

if the connection is say 192.168.1.1 -> all all from 192.168.1.1 ??  
instead of just port 21 etc

ive opened ftp on my firewalls before and never had this problem


can you send my a rough picture again so i can see whats going on !!  
sorry ive been busy and missed this one !! lol
On 23 Sep 2009, at 23/09/2009-10:49, Ken Hough wrote:

> Hi All!
>
> Further to my problem with having access to a vsftp server through a  
> firewall,
> it seems that I'm not alone in deciding to open up all TCP ports in  
> the range
> 49152 to 65535.
>
> See:<http://support.microsoft.com/kb/929851>
>
> but, then Microsoft are not known for always doing the right  
> thing.  ;-)
>
> Ken Hough
>
> On Tuesday 22 September 2009 15:01:33 Ken Hough wrote:
>> On Tuesday 22 September 2009 12:53:47 Mike Livsey wrote:
>>> Does your firewall have application level monitoring?
>>
>> Not that I've discovered.
>>
>>> It may be that you need to specifically allow the application to be
>>> accessed, as well as opening the relevant ports.
>>
>> Actually I've solved the problem, sort of!
>>
>> After many trials, I've discovered that at least two ports are being
>> accessed within the range 51000 to 65000.
>>
>> On checking with <http://www.iana.org/assignments/port-numbers>, I  
>> see that
>> ports in the range 49152 to 65535 are defined as "DYNAMIC AND/OR  
>> PRIVATE
>> PORTS".
>>
>> The vsftpd server is protected from the Internet by my Netgear  
>> DG834GT
>> router, and I get a clean bill of health from "Shields Up" at www.grc.com 
>> .
>> ie a report of "True Stealth Mode" for some of the open upper range  
>> ports.
>>
>> Also, I will only enabled vsftpd when I wish to upload/download  
>> files to
>> another PC on my LAN.
>>
>> So, until I can find more definative info, I will simply open the  
>> whole of
>> this upper port range.
>>
>> Thanks all for support and comments.
>>
>> Regards
>>
>> Ken hough
>>
>>> 2009/9/22 Ken Hough <kenhough at btinternet.com>
>>>
>>>> On Monday 21 September 2009 16:13:50 Richard Robinson wrote:
>>>>> On Mon, Sep 21, 2009 at 02:45:38PM +0100, andy baxter wrote:
>>>>>> Sorry I'm confused too. Did you try my suggestion of using
>>>>>> wireshark to look at what's happening over the network when you  
>>>>>> try
>>>>>> to connect?
>>>>>
>>>>> This is probably a stupid comment, I'm not a expert at this  
>>>>> stuff & I
>>>>> haven't really been paying much attention ... but :- it's not a
>>>>> question
>>>>
>>>> of
>>>>
>>>>> packet type, is it ? Does the firewall select for TCP / UDP ?
>>>>
>>>> I've tried enabling UDP on the firewall, but this didn't help.
>>>>
>>>> Recent tests as follows:
>>>>
>>>> 1. Accessed vsftpd locally as ftp://localhost (with the firewall
>>>> enabled) without any problems. This confirms that vsftpd is  
>>>> working as
>>>> I intended.
>>>>
>>>> 2. Accessing the vsftpd server remotely (with firewall enabled)  
>>>> via my
>>>> laptop
>>>> running Firefox under winXP again failed. On dropping the  
>>>> firewall on
>>>> the server machine, again all was well.
>>>>
>>>> Clearly:
>>>>
>>>> --  there is a problem with the firewall on the server machine.
>>>>
>>>> --  the setup on the laptop PC is working!
>>>>
>>>>
>>>> As Andy recommended, I installed 'wireshark' on the laptop machine.
>>>> This runs
>>>> OK, but before commenting on what I found, I'd like to spend a  
>>>> bit of
>>>> time figuring out all of what it told me.
>>>>
>>>> It does seem that with the firewall running, I get a connection,  
>>>> but
>>>> this is
>>>> then dropped.
>>>>
>>>> Ho hum! Life is fun!  :-)
>>>>
>>>> Further investigation has shown that one or more TCP ports in the  
>>>> range
>>>> 50000
>>>> to 55000 is/are being accessed. ie if I enable this range, I get  
>>>> full
>>>> access.
>>>>
>>>> A bit more experimentation should allow me to home in of the ports
>>>> needed.  :-)
>>>>
>>>> Ken Hough
>>>>
>>>> _______________________________________________
>>>> Lancaster mailing list
>>>> Lancaster at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/lancaster
>>
>> _______________________________________________
>> Lancaster mailing list
>> Lancaster at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/lancaster
>
>
>
> _______________________________________________
> Lancaster mailing list
> Lancaster at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/lancaster

Regards,
Wayne Ward

07957448652

Lancaster Computers

www.lancastercomputers.co.uk
wayne at lancastercomputers.co.uk

Computers - Laptops - Servers - Web Services






Wayne
Regards,
Wayne Ward

07957448652

Lancaster Computers

www.lancastercomputers.co.uk
wayne at lancastercomputers.co.uk

Computers - Laptops - Servers - Web Services







-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/lancaster/attachments/20090923/0e1804f1/attachment-0001.htm

More information about the Lancaster mailing list