Windows firewall blocking FTP sites

[Ron Rosenfeld]

The Subject states my problem

I have Windows XP SP3 with the standard Windows Firewall set up.

If I have the Windows firewall enabled, I am unable to connect to an FTP site
using either Firefox 3.5.2, IE8 or a standalone ftp client (FileZilla 3.2.7.1).

These programs are all listed as "Exceptions" in the Firewall.

I have also tried listing Port 21 (TCP protocol) as an exception but without
results. The ftp connection remains blocked.

The scope on all these exceptions if for "any computer(including those on the
Internet).

If I turn off the firewall, the connection goes through without difficulty.

Any hints on how to configure things to allow me to connect to ftp servers
without disabling the Windows Firewall?
--ron

 

[Just D.]

RTFM. Configure your FTP client to use Passive Mode.

Just D.

"Ron Rosenfeld"

 

[Ron Rosenfeld]

RTFM. Configure your FTP client to use Passive Mode.

Just D.

I already RTFM with regard to the FTP client. And, although I did not post
every keystroke, I DID configure the FTP client to use Passive Mode. It falls
back to Active mode if Passive Mode fails.

However, I have not seen anything in either IE8 or FireFox to enable me to
configure passive mode when accessing FTP sites. Can you point me to where in
those programs this is differentiated?
--ron

 

[Jose]

The Subject states my problem

I have Windows XP SP3 with the standard Windows Firewall set up.

If I have the Windows firewall enabled, I am unable to connect to an FTP site
using either Firefox 3.5.2, IE8 or a standalone ftp client (FileZilla 3.2..7.1).

These programs are all listed as "Exceptions" in the Firewall.

I have also tried listing Port 21 (TCP protocol) as an exception but without
results.  The ftp connection remains blocked.

The scope on all these exceptions if for "any computer(including those onthe
Internet).

If I turn off the firewall, the connection goes through without difficulty.

Any hints on how to configure things to allow me to connect to ftp servers
without disabling the Windows Firewall?
--ron

Some FTP sites will not except passive mode connections. Good for
them.

Can you determine if it is a site, all sites, etc. Turning off the
firewall of course is a bad idea to solve this problem.

Firefox (and maybe all browsers?) by default only support passive
mode.

There is a suggested add on that may help with Firefox:
https://addons.mozilla.org/en-US/firefox/addon/684

 

[Ron Rosenfeld]

Some FTP sites will not except passive mode connections. Good for
them.

Can you determine if it is a site, all sites, etc. Turning off the
firewall of course is a bad idea to solve this problem.

Well, it was multiple sites, including both the test site for the FTP client,
as well as ftp.microsoft.com

And they worked perfectly OK, in client, IE and FF, with the firewall turned
off.

Today something very weird.

The FTP connection is working today, with the Windows firewall ENABLED, on my
FTP client as well as IE and FF.

The only thing different I can think of is that there was a Windows update
downloaded when I shut down (to a power-off state) last night. And, of course,
one more re-boot after that download. I had done at least one reboot in my
troubleshooting yesterday, although I did not do a power-off.

These kinds of malfunctions are very frustrating. I will keep my fingers
crossed that it does not recur.

Thanks for your thoughts.
--ron

 

[Jose]

Well, it was multiple sites, including both the test site for the FTP client,
as well as ftp.microsoft.com

And they worked perfectly OK, in client, IE and FF, with the firewall turned
off.

Thanks for your thoughts.
--ron

Curious...

There are other conditions, troubleshooting methods and resolutions if
the problem persists.

 

[Ron Rosenfeld]

Curious...
Very


There are other conditions, troubleshooting methods and resolutions if
the problem persists.

I will post back if the problem recurs.

Thanks.
--ron

 

[Just D.]

Ron,

There was one situation that I was not able to get resolved several years
ago. The problem was too serious - the routers (one or more) between my
machine with FTP server and the FTP client (my friend) had the bug in the
firmware. One of the sub-strings in the command to switch to the passive
mode was replacing by this router with another substring. I found that after
watching the log file on my server. As a result - all tries to start the
Passive mode were failing and my friend was not able to do anything on my
FTP server.

Here is one of the examples:

http://www.gbnetwork.co.uk/smcftpd/

This bug is knows as "FTP P@SW" bug. Probably te people who wrote this
replacement assumed that this is a feature, but it was actually the main
reason why my server was rejecting my friend's client coming in Passive
mode. Here is the quote from this page:

"SMC PASV Bug
Some SMC Barricade routers (specifically the 7004BR) have a bug/feature
where an incoming PASV command is converted to P@SW and rejected by the FTP
server. The intention of this feature was to make the client think that the
server does not support the PASV mode and resort back to using active mode
instead. In reality virtually no ftp client software will do this so all
this feature accomplishes is to stop FTP server software from working even
if it does have the features to support PASV from behind a firewall."

Just D.

 

[Just D.]

Ron,

However, I have not seen anything in either IE8 or FireFox to enable me to
configure passive mode when accessing FTP sites. Can you point me to
where in
those programs this is differentiated?

IE8 => Tools => Internet Options => Advanced => ...scroll to the middle and
find: "Use Passive FTP". That's it.

Just D.

 

[Just D.]

Ron,

Make a complete backup of your machine using, say, Acronis True Image Home.
You will have to pay for it, but it will save you time and nerves when one
of the MS service packs or simple updates will kill your machine. It
happens, for example, one time in couple years every December. And these
backups saved me from restoring the whole machine or spending several days
of installing/configuring things. I'm a developer, the system drive has over
330,333 different files and it usually takes from 3 to 4 days of initial
installation and customization to get everything working and correctly
updated regadless of a very good Internet connection and etremely fast
machine. So keep that in mind. Trust me, it's more convenient to spend 20-30
minutes to roll the system drive back that use the system restoration
services, etc. to get it at least bootable to save your data. Btw, to move
your personal files and mail from C: to D: sounds like a very good idea. I
always do that and after complete restoration of the system drive I can move
on with my work. Doing incremental backup or partial, just ot save links or
some temp files, can also save time and disk space and prefent from the
loss.

Just D.

 

[Twayne]

The Subject states my problem

I have Windows XP SP3 with the standard Windows Firewall set up.

If I have the Windows firewall enabled, I am unable to connect to an
FTP site using either Firefox 3.5.2, IE8 or a standalone ftp client
(FileZilla 3.2.7.1).

These programs are all listed as "Exceptions" in the Firewall.

I have also tried listing Port 21 (TCP protocol) as an exception but
without results. The ftp connection remains blocked.

The scope on all these exceptions if for "any computer(including
those on the Internet).

If I turn off the firewall, the connection goes through without
difficulty.

Any hints on how to configure things to allow me to connect to ftp
servers without disabling the Windows Firewall?
--ron

Hi Ron,

This apparently has happened to a lot of people within the last couple
of weeks. Just this morning I finally got it to work again, for my case
at least so I'll give you what I know. I'm sure there are other
possibilities, but this one seems the most likely. In my case I use ftp
to update web sites and it just suddenly "quit working" for me. There
are posts all over the web about it, but not many solutions and the ones
that were there didn't work.

Symptoms were:

ftp sign-in OK, PW accepted, reacted to PASV OK (passive mode entry),
etc, but when the LIST command was sent, it just sat there until it
timed out and gave the message "Failed to retrieve directory listing".
It didn't seem right that it could be a firewall based on the successful
ftp sign-in, etc, but that's what it was.
Somewhere along the line, either an MS udate or a modem update caused
my NAT firewall to start blocking ftp LIST commands but gave me NO hints
in any of its logs.

If you have a NAT router, set it for its lowest security setting and see
if it works. If not, and you have a software firewall, turn off the
software firewall while keeping the NAT router set at its min setting,
and see if it works.
It seems either or both firewalls might be doing the blocking but
most often so far in my tests and contacts, it seems to be the NAT
routers or router firewall. I have Norton NIS 2009 and it has no
problems with the ftp. But my NAT router did.
Since the min security setting worked, the next task is to go back to
my original setting (intermediate) and add a port-forward for ftp. Only
problem is, I don't know how to do that<g>! So, until I get that
figured out I'm lowering the settings to do my ftp uploads and then
putting them back when I'm done.
FWIW, my router is a Westell 327W gateway router. If you should have
the same one, all you have to do is set the security to "low", not "off"
to get it to work for ftp. But like I said, that's not a desirable
setting so the right fix will be the higher setting with a
port-forwarding setup.

Fix: Test by setting firewall/s to min or off settings and try ftp.
It'll likely work. Then figure out how to implement a safe way to do it
other than the min or off settings. Easy to say, harder to do<g>.

HTH,

Twayne`

 

[Ron Rosenfeld]

IE8 => Tools => Internet Options => Advanced => ...scroll to the middle and
find: "Use Passive FTP". That's it.

Just D.

Just checked and that, indeed, is how it is set. I've never changed it.
--ron

 

[Ron Rosenfeld]

Hi Ron,

This apparently has happened to a lot of people within the last couple
of weeks. Just this morning I finally got it to work again, for my case
at least so I'll give you what I know. I'm sure there are other
possibilities, but this one seems the most likely. In my case I use ftp
to update web sites and it just suddenly "quit working" for me. There
are posts all over the web about it, but not many solutions and the ones
that were there didn't work.

That's very interesting. I didn't realize others were having problems. I use
this infrequently but was trying it to download a particular driver.

In my case, it never got as far as the LIST command, and I actually saw nothing
using a packet sniffer. That is why I suspected the Windows firewall rather
than my NAT router. And when I turned off the Windows firewall, all worked
well in passive mode.

And, for me too, it started working OK this morning -- perhaps the Windows
update did have something to do with it.
--ron

 

[Ron Rosenfeld]

This bug is knows as "FTP P@SW" bug. Probably te people who wrote this
replacement assumed that this is a feature, but it was actually the main
reason why my server was rejecting my friend's client coming in Passive
mode.

I had read about that, but thought it probably wasn't the case -- unless the
Windows firewall was engaging in this behavior.

In any event, there didn't seem to be anything even getting out of my machine
(no activity on a packet sniffer) unless I turned off the Windows firewall.
With it off, the ftp transfer functioned normally.

Oh well, the problem seems to have fixed itself this morning. Twayne mentioned
that others had been having a problem, so maybe the Windows update really did
fix something. We'll see.
--ron

 

[onslow286]

The Subject states my problem

I have Windows XP SP3 with the standard Windows Firewall set up.

If I have the Windows firewall enabled, I am unable to connect to an FTP site
using either Firefox 3.5.2, IE8 or a standalone ftp client (FileZilla 3.2.7.1).

These programs are all listed as "Exceptions" in the Firewall.

I have also tried listing Port 21 (TCP protocol) as an exception but without
results. The ftp connection remains blocked.

The scope on all these exceptions if for "any computer(including those on the
Internet).

If I turn off the firewall, the connection goes through without difficulty.

Any hints on how to configure things to allow me to connect to ftp servers
without disabling the Windows Firewall?
--ron

In Internet Explorer, go to TOOLS...INTERNET OPTIONS...ADVANCED.

Scroll down to the option to USE PASSIVE FTP and UNCHECK IT. Fire up your FTP client and all should be well.

I had the same problem as you and all the answers seemed to point to ENABLEING this option. Being a rebel I dissabled it and it worked.