Firewall rules lost
Moderator: Project members
-
- 450 Internal Error
- Posts: 41
- Joined: 2023-07-04 08:52
- First name: Jeremy
- Last name: Poynton
Firewall rules lost
No idea what happened - seems like my Firewall lost the rules for many programs; each of which asked for firewall access again. This also seems to have clobbered the server, to which those outside my LAN seem to be able to connect to, but no directory structure appears.
Will a reinstall sort this out? Are the firewall rules included in a config export (I have one from when it was all working 2 or 3 days ago) so will an import fix this?
Else - help! I am not familiar with what is needed in the Firewall to enable the server to operate
See log in attachment
Will a reinstall sort this out? Are the firewall rules included in a config export (I have one from when it was all working 2 or 3 days ago) so will an import fix this?
Else - help! I am not familiar with what is needed in the Firewall to enable the server to operate
See log in attachment
-
- 450 Internal Error
- Posts: 41
- Joined: 2023-07-04 08:52
- First name: Jeremy
- Last name: Poynton
Re: Firewall rules lost
Here's the Port Forwarding setup on our router
Re: Firewall rules lost
FileZilla Server does not touch firewall rules. How could it anyhow? A firewall that lets its rules be changed by arbitrary programs would defeat the purpose of a firewall.
In addition to the control connection port, you also need to forward/open the assigned data connection port range. Please see our Network Configuration guide for further information.
In addition to the control connection port, you also need to forward/open the assigned data connection port range. Please see our Network Configuration guide for further information.
-
- 450 Internal Error
- Posts: 41
- Joined: 2023-07-04 08:52
- First name: Jeremy
- Last name: Poynton
Re: Firewall rules lost
"A firewall that lets its rules be changed by arbitrary programs would defeat the purpose of a firewall."
No - but other programs that do require firewall access ask for it. For example, qBittorrent, which I installed way back and asked for permission to go through the firewall, did so again when this problem started, and also a couple of other programs. So perhaps not unreasonable to expect the Server to at least do the same.
Thanks, I'll look at the network config and see if I can work it out. The setup was done by someone far more knowledgeable about such matters than I. Still baffled that it stopped working.
No - but other programs that do require firewall access ask for it. For example, qBittorrent, which I installed way back and asked for permission to go through the firewall, did so again when this problem started, and also a couple of other programs. So perhaps not unreasonable to expect the Server to at least do the same.
Thanks, I'll look at the network config and see if I can work it out. The setup was done by someone far more knowledgeable about such matters than I. Still baffled that it stopped working.
Re: Firewall rules lost
Firewalls only detect and ask for applications that are actively accessing ports. The program you mentioned is a client that is doing that. However FileZilla does not actively access the ports, it only listens on them. Listening on a port doesn't count as access and the firewall doesn't detect it. Some firewalls would ask once the the first incoming connection on the listening port is detected, others generally don't ask for incoming connections. Thus, you have to proactively open all FTP ports (the listening port and the complete Passive port range, TCP only) in the firewall, and also forward all of them.No - but other programs that do require firewall access ask for it. For example, qBittorrent, which I installed way back and asked for permission to go through the firewall, did so again when this problem started, and also a couple of other programs. So perhaps not unreasonable to expect the Server to at least do the same.
The picture shows the router, if the router did forget things then maybe a firmware update is at fault. For software firewalls, well, Windows does do some strange things, all the time.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 450 Internal Error
- Posts: 41
- Joined: 2023-07-04 08:52
- First name: Jeremy
- Last name: Poynton
Re: Firewall rules lost
Well, I put entries in for port 21 (in and out) and the listening ports (in and out) into the Windows firewall, and all seems to be well. Still no idea WHAT happened or why but others are now able to access the server and download ok.
Router is as it was originally configured to enable the FTP server. So I guess it was the firewall that went AWOL!
Router is as it was originally configured to enable the FTP server. So I guess it was the firewall that went AWOL!
-
- 450 Internal Error
- Posts: 41
- Joined: 2023-07-04 08:52
- First name: Jeremy
- Last name: Poynton
Re: Firewall rules lost
ok. So all well, confirmation from folks who use my server that it is working again. Something clobbered my firewall rules for sure, for as noted, qBittorrent, VLC Player and couple of other programs that request firewall passthrough when first run, all asked again for access to the outside world. Anyway, a bonus now is that I do know how to set up the firewall rules to enable the server.
Thanks to one and all
Jeremy
Thanks to one and all
Jeremy
-
- 500 Command not understood
- Posts: 5
- Joined: 2023-05-30 13:58
- First name: Patrice
- Last name: Vincent
Re: Firewall rules lost
I get a similar problem and adding ports 8060-8069 (which I did not see published in documentation anywhere ) did not change anything.
Currently going though the ISP IP address (using my Dynamic DNS URL), it blocks and times out at transfering the content of '/'.
But when connecting through my private network with the server's IP address, all works well and dandy.
It is not blocking at my Norton firewall since it runs locally on the server and works well locally.
I included all the following in my router port forwarding and still does not work (I inluded both UDP and TCP for each):
20-22
80
8080
989-990
3713
PS:
Listeners are at port 21 with Explicit TLS specified.
Currently going though the ISP IP address (using my Dynamic DNS URL), it blocks and times out at transfering the content of '/'.
But when connecting through my private network with the server's IP address, all works well and dandy.
It is not blocking at my Norton firewall since it runs locally on the server and works well locally.
I included all the following in my router port forwarding and still does not work (I inluded both UDP and TCP for each):
20-22
80
8080
989-990
3713
PS:
Listeners are at port 21 with Explicit TLS specified.
Re: Firewall rules lost
Why should they be documented? Those ports are nothing special. Passive ports have to be defined in the FTP server, and they can be chosen freely, apart from the first 1024 ports which are reserved. Passive port range is documented btw.I get a similar problem and adding ports 8060-8069 (which I did not see published in documentation anywhere ) did not change anything.
Use https://ftptest.net for testing, as neither the public IP nor the dynamic DNS name will work correctly from inside your network. From inside the NAT border, the private IP must be used.Currently going though the ISP IP address (using my Dynamic DNS URL), it blocks and times out at transfering the content of '/'. But when connecting through my private network with the server's IP address, all works well and dandy.
Depends. Locally from anther local machine? Good. Locally from the same machine? Not necessarily, as firewalls might not block localhost traffic.It is not blocking at my Norton firewall since it runs locally on the server and works well locally.
Sigh, what a mess.I included all the following in my router port forwarding and still does not work (I inluded both UDP and TCP for each):
20-22
80
8080
989-990
3713
PS:
Listeners are at port 21 with Explicit TLS specified.
You will need to forward and open only:
- 21 as it is the listening port,
- 990 (only if you want to use Implicit FTP over TLS), not needed for Explicit FTP over TLS,
- and your chosen Passive port range (that you defined in the FTP server).
FTP uses TCP only, never UDP.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 5
- Joined: 2023-05-30 13:58
- First name: Patrice
- Last name: Vincent
Re: Firewall rules lost
boco wrote: ↑2023-08-28 21:13Why should they be documented? Those ports are nothing special. Passive ports have to be defined in the FTP server, and they can be chosen freely, apart from the first 1024 ports which are reserved. Passive port range is documented btw.I get a similar problem and adding ports 8060-8069 (which I did not see published in documentation anywhere ) did not change anything.
Use https://ftptest.net for testing, as neither the public IP nor the dynamic DNS name will work correctly from inside your network. From inside the NAT border, the private IP must be used.Currently going though the ISP IP address (using my Dynamic DNS URL), it blocks and times out at transfering the content of '/'. But when connecting through my private network with the server's IP address, all works well and dandy.
Depends. Locally from anther local machine? Good. Locally from the same machine? Not necessarily, as firewalls might not block localhost traffic.It is not blocking at my Norton firewall since it runs locally on the server and works well locally.
Sigh, what a mess.I included all the following in my router port forwarding and still does not work (I inluded both UDP and TCP for each):
20-22
80
8080
989-990
3713
PS:
Listeners are at port 21 with Explicit TLS specified.
You will need to forward and open only:
- 21 as it is the listening port,
- 990 (only if you want to use Implicit FTP over TLS), not needed for Explicit FTP over TLS,
- and your chosen Passive port range (that you defined in the FTP server).
FTP uses TCP only, never UDP.
Thanks for the reply!
I will be looking at the passive ports range configuration and open the ports for them.
-
- 500 Command not understood
- Posts: 5
- Joined: 2023-05-30 13:58
- First name: Patrice
- Last name: Vincent
Re: Firewall rules lost
That was it!
I guess I had opened before all the default passive ports but got lost. I configured a smaller range and opened the port forwarding of that range and works now.
Many thanks @boko.
I guess I had opened before all the default passive ports but got lost. I configured a smaller range and opened the port forwarding of that range and works now.
Many thanks @boko.
-
- 450 Internal Error
- Posts: 41
- Joined: 2023-07-04 08:52
- First name: Jeremy
- Last name: Poynton
Re: Firewall rules lost
8060 to 9 were simply the ports the guy who installed FileZilla for me chose...
Re: Firewall rules lost
Well, 10 ports is way too few ports, you will run out of them fast. You need at least as many ports all online users together can saturate in 4 minutes at peak times. That's because a port can only be reused after 4 minutes minimum.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 450 Internal Error
- Posts: 41
- Joined: 2023-07-04 08:52
- First name: Jeremy
- Last name: Poynton
Re: Firewall rules lost
Hasn't been a problem so far, as the server is not in use all the time, but will bear that in mind!
Thanks
Thanks