Vista firewall problems

[Guest]

I am trying to connect to an ftp site from my laptop, running on Vista Pro .
I have tried using FileZilla, IE, and Firefox; in each case, I am able to
connect to the ftp site if the windows firewall is off, but not able to
connect if the windows firewall is on. I have selected each of these programs
as "exceptions" to the firewall.

Any suggestions? This is a really frustrating problem. What would the
downside be to simply leave the windows firewall off?

 

[Mr. Arnold]

I am trying to connect to an ftp site from my laptop, running on Vista Pro
.
I have tried using FileZilla, IE, and Firefox; in each case, I am able to
connect to the ftp site if the windows firewall is off, but not able to
connect if the windows firewall is on. I have selected each of these
programs
as "exceptions" to the firewall.

You don't have the right rules set on the FW, and communication is being
blocked.

Any suggestions? This is a really frustrating problem. What would the
downside be to simply leave the windows firewall off?

If the machine is not behind a router then it's going to be compromised in a
matter of seconds by self populating Trojans and worms, coming over the
Internet from other machines that have been compromised. The machine may
already be compromised.

 

[Guest]

Thanks for telling me what I'm doing wrong: "You don't have the right rules
set on the FW."

Now can you tell me how to fix it?

 

[dean-dean]

Check in IE7 Tools > Internet Options, on the Advanced tab, regarding the
use of Passive FTP, and the Passive FTP settings in your other programs.

 

[Guest]

Thanks, Dean. In IE, "Use Passive FTP" is clicked, and the other programs are
set to passive, as well. I think the setting has to be passive to be able to
connect with the server (with the firewall off).

Any other ideas?

 

[dean-dean]

I should add that by default, "Use passive FTP" has a checkmark, to help
alleviate triggering the Firewall.

 

[dean-dean]

Well, you could try, with the Firewall on, and in Internet Options, on the
Advanced tab, having "Use Passive FTP" checked, click to clear the Enable
folder view for FTP sites check box.

Internet Explorer, at least on Windows XP, behaves as a Standard mode FTP
client if you select the Enable folder view for FTP sites check box, even if
you also select the Use Passive FTP check box. See:

How to configure Internet Explorer to use both the FTP PORT mode and the FTP
PASV mode in the Windows Server 2003 Family:
http://support.microsoft.com/kb/323446

As yet, I'm not sure if this applies to Vista as well. In my own
experience, I've not experienced problems with the Firewall on and having
both "Enable FTP folder view" and "Use Passive FTP" checked. In an FTP
client like FileZilla, check to see through it's logging function just what
commands are being used (PORT or PASV), and which are being accepted by the
server.

 

[Mr. Arnold]

Thanks for telling me what I'm doing wrong: "You don't have the right
rules
set on the FW."

Now can you tell me how to fix it?

Well, with Vista FW enabled, I was only able to connect to one FTP site that
happened to be a MAC site, out 10 FTP sites I went to.

That was using IE 7. So, I don't know what the problem is and I'll take your
word that all sties worked when you dropped the FW. I'll have to investigate
what is happening.

 

[dean-dean]

Too, I guess you could see what happens when you use Windows Explorer to
connect, with the Firewall on. There are basically three ways to do this
("Enable folder view for FTP sites" must be checked):

1. In IE7, by clicking on Page on the Command bar, and then click Open FTP
Site in Windows Explorer.
2. Typing, say, ftp://ftp.microsoft.com/ in the address box of Windows
Explorer. (Right-click the box, choosing Edit Address).
3. Putting a shortcut in Computer, by using the "Add a Network Location"
Wizard. (Right-click inside Computer, choosing "Add a Network Location").

Of course, option 1 is not viable for you, since, for purposes of this test,
the Firewall is on, and that seems to disallow access your site using IE7.
My guess is that your server is only allowing Standard, not Passive, mode,
whereby the FTP server always starts the data connection from TCP port 20.
(The FTP server must open a new connection to the client when it sends or
receives data, and the FTP client requests this by using the PORT command
again).

 

[Guest]

None of those three methods works with the firewall on. If I take the
firewall off, each of the methods works perfectly.

 

[Guest]

Do people not use ftp anymore? I assume that most people will eventually
upgrade to Vista with firewall. Does this mean that ftp will be abandoned as
a file transfer method? Or are most people going to turn their firewalls off?

Thanks,
A

 

[Marco Desloovere]

I am trying to connect to an ftp site from my laptop, running on Vista Pro .
I have tried using FileZilla, IE, and Firefox; in each case, I am able to
connect to the ftp site if the windows firewall is off, but not able to
connect if the windows firewall is on. I have selected each of these programs
as "exceptions" to the firewall.

Any suggestions? This is a really frustrating problem. What would the
downside be to simply leave the windows firewall off?

FTP uses ports 20 and 21 (TCP/UDP). Make sure that the firewall is not
filtering them in the exceptions list.

I have no problems reaching any FTP site, and I have had no need to
modify Vista's firewall for this purpose.

Marco