Windows Firewall wont allow outside connection

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
User avatar
Dave ftp user
504 Command not implemented
Posts: 8
Joined: 2009-12-07 07:45
First name: David
Last name: Hall

Windows Firewall wont allow outside connection

#1 Post by Dave ftp user » 2009-12-07 08:27

I have been reading everthing I could get my hands on about the passive mode, and I must be missing something. I have tried everything I could find so far and still cannot see the server listings from outside the network with windows firewall enabled. Inside the network works fine with it windows firewall enabled, and it works fine outside the network with windows firewall disabled.

I am using the latest version 0.9.33. I am running it on Win XP w/sp3. IIS and FTP installed, and the windows ftp server works fine with IIS and current firewall settings.

I installed the Filezilla Server and set it up as described in the configuration documentation.

I specified my external IP for the passive mode settings. I set a passive mode range of 50000 - 50050. I set the external firewall to forward port 21, and checked the FTP Server box in the advanced tab for windows firewall that references Port 21. I also tried setting the exception for the Filezilla Server.exe in the exceptions tab for windows firewall.

The server works fine outside the network as long as windows firewall is disabled.

I get this message from ftptest.net when I try to test the server with windows firewall enabled:
Error: Server returned unroutable private IP address in PASV reply

•Make sure the server is configured to allow passive mode connections.
•If the server is behind a NAT router, make sure the server knows its external IP address.
•The range of ports used for passive mode must be opened in all involved firewalls.
•The range of ports used for passive mode must be forwarded by all involved NAT routers.
•Try uninstalling all firewalls and plug your computer directly into your modem, thus bypassing the router.

So I typed all 50 passive ports in the windows firewall exceptions tab, and set the passive IP range in the hardware firewall/router to forward the port numbers to my server IP address. Still not connecting as it is should. The server is seen from the outside with windows firewall enabled, but has a problem with passive mode apparently, so final connection is not established.

I am stumped for the moment, so that is why I am here to ask the experts. :)
On a mission to use Filezilla Server as my main FTP program.

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: Windows Firewall wont allow outside connection

#2 Post by boco » 2009-12-07 18:44

I specified my external IP for the passive mode settings.
.
.
.
Error: Server returned unroutable private IP address in PASV reply
Your stupid router modifies FTP traffic by exchanging IPs. Obviously it fails miserably. Try specifying your internal IP in Passive settings.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Windows Firewall wont allow outside connection

#3 Post by botg » 2009-12-07 18:51

Looks like Windows firewall is broken.

User avatar
Dave ftp user
504 Command not implemented
Posts: 8
Joined: 2009-12-07 07:45
First name: David
Last name: Hall

Re: Windows Firewall wont allow outside connection

#4 Post by Dave ftp user » 2009-12-07 22:27

Hi boco:

I tried to enter the servers IP address in the passive mode settings, but got the same result when tested on ftptest.net. Not 100% sure, but I dont think the hardware router is at fault here, because I have been able to use MS IIS ftp service just fine, even with windows firewall. I also installed another basic ftp server program (I dont want to spam so I wont mention name) and it worked just fine with my current router settings and windows firewall with no special settings.

Hi botg

I really think there are definately issuses with Filezilla Server and windows firewall. I have several machines I can use as testbeds for new software, and I just tried a new machine and was able to use the server software with windows firewall disabled, but received the same error message when enabled.

I just tested the server with a new machine on ftptest.net with the default setting in the passive mode setting, and no range of IP's set for passive mode, and the server worked fine without windows firewall, yet failed agian once enabled. I also tried settting my router to minumum security, which essentially turned off the hardware firewall to allow all incoming and outgoing traffic, and still got the same messages with windows firewall enabled.

I am determined to get this to work, on at least one machine, and I am willing to go to freinds workshops to try different routers if I have to, but I am stuck with my coax fiber optic router at this site. But again I dont believe this is an issue with my hardware since the zilla server (and others) works with this router and without windows firewall. It has to be an issue with windows firewall imo, and I am open to any suggestions. I can provide more details if it will help.
On a mission to use Filezilla Server as my main FTP program.

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Windows Firewall wont allow outside connection

#5 Post by botg » 2009-12-07 23:47

definately issuses with just windows firewall.
Fixed it for you.

User avatar
Dave ftp user
504 Command not implemented
Posts: 8
Joined: 2009-12-07 07:45
First name: David
Last name: Hall

Re: Windows Firewall wont allow outside connection

#6 Post by Dave ftp user » 2009-12-08 00:28

Hi botg:

So, since it seems it is a windows firewall issue with Filezella Server, what would you recommend? Run it with windows firewall disabled? Maybe try another software firewall?

I have curently opened up all the required ports in hardware and software (and opened up the hardware firewall), and put an excemption on filezilla server.exe in windows firewall and still get this message with it enabled. And I have tried all possible settings in the passive mode menu on several machines. I know this is not an isolated issue, but people must be running this software.

Error: Server returned unroutable private IP address in PASV reply

Disable windows firewall and it works perfectly. There must be a solution, or should I just give up and try another firewall software and hope it works with Filezilla Server?
On a mission to use Filezilla Server as my main FTP program.

Cypress
226 Transfer OK
Posts: 121
Joined: 2008-09-13 19:39
First name: J

Re: Windows Firewall wont allow outside connection

#7 Post by Cypress » 2009-12-08 03:54

Dave ftp user wrote:I set the external firewall to forward port 21, and checked the FTP Server box in the advanced tab for windows firewall that references Port 21. I also tried setting the exception for the Filezilla Server.exe in the exceptions tab for windows firewall.
Have you been doing that advanced tab/advanced settings FTP server box checked everytime you tested?

User avatar
Dave ftp user
504 Command not implemented
Posts: 8
Joined: 2009-12-07 07:45
First name: David
Last name: Hall

Re: Windows Firewall wont allow outside connection

#8 Post by Dave ftp user » 2009-12-08 07:13

Hi Cypress;

Yeah, all those settings were setup for every test so far. And beyond that after those settings failed to work. I have not been able to get this software to work on 3 machines so far with windows firewall enabled. At least thats what ftptest.net has reported to me. Several colleagues have reported errors upon connecting also. All are using internet explorer to connect.

I just built a new machine today, and I will run a series of experiments with Filezilla Server, and document the findings here in this thread starting tomorrow. I know there must be something I am missing since others are using the software under Win XP with windows firewall.

I will be looking at my hardware router for all possible settings along with windows firewall. I set my hardware router wide open and it still fails with windows firewall enabled only, so I dont think it is hardware related, but I have not completely ruled it out yet.

Really not quite sure why this is happening at the moment, but I will do my best to figure this out.
On a mission to use Filezilla Server as my main FTP program.

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: Windows Firewall wont allow outside connection

#9 Post by boco » 2009-12-08 13:58

Use a better firewall,then.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

Cypress
226 Transfer OK
Posts: 121
Joined: 2008-09-13 19:39
First name: J

Re: Windows Firewall wont allow outside connection

#10 Post by Cypress » 2009-12-08 15:45

Dave ftp user wrote:Yeah, all those settings were setup for every test so far. And beyond that after those settings failed to work. I have not been able to get this software to work on 3 machines so far with windows firewall enabled.
Try it without using the FTP Server box checked on the advanced tab/advanced connection settings... should work?
Remember you will have to have the exceptions list properly filled out for it to work, simple way is to just do the the add program filezilla server.exe.
If it doesn't work after unchecking the ftp server box try rebooting pc, then test.

Have fun and good luck.

User avatar
Dave ftp user
504 Command not implemented
Posts: 8
Joined: 2009-12-07 07:45
First name: David
Last name: Hall

Re: Windows Firewall wont allow outside connection

#11 Post by Dave ftp user » 2009-12-09 07:40

Hi Cypress;

I believe I did try that combination of settings with the FTP Server box uncheck also, but I will make sure I try that again on the new set of tests I am about to conduct.

I did find another interesting checkbox in internet explorer options/advanced tab that I was not aware of that says:
"Use Passive FTP (for Firewall and DSL modum comapability)"

This box was not checked, and it potentially could be the cause of the problem, and I will know shortly.

I finished setting up my new system, and am about ready to start on the testing, and I will document all my results.

Hi boco:

After my testing with windows firewall is finished and I have exhausted all configurations, I will switch to McAfee Personal Firewall, and CA Personal Firewall to see if those are more freindly with Filezilla Server.

Let the testing begin!

I will start posting up the results tomorrow night.
On a mission to use Filezilla Server as my main FTP program.

User avatar
Dave ftp user
504 Command not implemented
Posts: 8
Joined: 2009-12-07 07:45
First name: David
Last name: Hall

Re: Windows Firewall wont allow outside connection

#12 Post by Dave ftp user » 2009-12-09 12:41

Cypress wrote: Try it without using the FTP Server box checked on the advanced tab/advanced connection settings... should work?
Remember you will have to have the exceptions list properly filled out for it to work, simple way is to just do the the add program filezilla server.exe.
If it doesn't work after unchecking the ftp server box try rebooting pc, then test.

Have fun and good luck.
Initial tests have proved that you are right on when it comes to unchecking that stupid FTP setting. While probably necessary for IIS, it looks like it was the problem when it came to Filezilla Server. Funny thing is now I dont have any special settings to get the server to run except the exclusion of Filezilla Server.exe. No exceptions for Port 21 at all for windows firewall.

I will work with it more tomorrow to finalize setup and test it completely. I knew it had to be something simple like that, but until I got some hands on, and some good advice, the problem was a mistery to me.

Thanks so much Cypress for leading me in the right direction. Now it looks like I have an awesome server to go with Filezilla Client, which I love also.
On a mission to use Filezilla Server as my main FTP program.

User avatar
Dave ftp user
504 Command not implemented
Posts: 8
Joined: 2009-12-07 07:45
First name: David
Last name: Hall

Re: Windows Firewall wont allow outside connection

#13 Post by Dave ftp user » 2009-12-10 09:30

Ok, thanks to the tip from Cypress about Unchecking the FTP Server check box in windows firewall, the server is running perfectly, and is blazing fast with my internet connection.

My only router setting right now is to allow port 21 to be forwarded. My only windows firewall setting is the exception for Filezilla Server.exe in the exceptions tab.

Server settings are Listen on Port 21 (default setting), Passive Mode setting is set at default, I did not set it to use custom port range.

Next step is to setup the SSL/TLS settings and make the transactions more secure. I created a certificate in the server software, and it went flawlessly.

I checked the boxes for:
Enable FTP over SSL/TLS support (FTPS)
Allow explicit FTP over TLS
Force PROT P to encrypt file transfers over SSL/TLS mode
Left the default port at 990

At first the server had trouble creating a listening port at 990, but after a reboot of the computer everything went fine. I am able to communicate with encryption over the local network without any trouble, and without any firewall issues whatsoever.

Next step will be to run it from outside the network to test the encrypted connection, and if that goes well, set the check the box for forcing encryption. Then finish it off by setting it up under a Limited Access Account on the production machine, and that should do it.
On a mission to use Filezilla Server as my main FTP program.

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: Windows Firewall wont allow outside connection

#14 Post by boco » 2009-12-10 11:29

My only router setting right now is to allow port 21 to be forwarded.
.
.
.
Next step is to setup the SSL/TLS settings and make the transactions more secure.
Expect problems down the road. You must forward/open more ports. With SSL, your router won't open the additional anymore by itself. Network Configuration
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

User avatar
Dave ftp user
504 Command not implemented
Posts: 8
Joined: 2009-12-07 07:45
First name: David
Last name: Hall

Re: Windows Firewall wont allow outside connection

#15 Post by Dave ftp user » 2009-12-11 06:36

boco wrote: Expect problems down the road. You must forward/open more ports. With SSL, your router won't open the additional anymore by itself. Network Configuration
Thanks for the heads up boco,

I am going on the road this weekend to give the server a good test with the encryption feature, and I will be armed with Team Viewer to let me go into the network from the remote site and open up the ports in the system and the router if necessary (most likely).

I forwarded port 990 so far to start on the router, and put an exception for that port in windows firewall also. I will work with it from there to see if the passive settings and the firewalls start giving me any issues with the encryption. On a side note I did notice some issues when I enabled port 990 in the server software because I think it was having trouble dealing with Microsoft ActiveSync, which I think also uses port 990. That wont be an issue with the final server or on my new test machine on my network now.

It works great so far without encryption, and my people have reported great results without encryption through web browsers.

I love this software so far! Thanks for the support you guys have given. I will report on all results from the remote site this weekend, and if sucsessful, then I'll start working on the Windows security issues before this goes live.
On a mission to use Filezilla Server as my main FTP program.

Post Reply