ipcop support

community support forum
It is currently Sun Oct 26, 2014 12:30 am

All times are UTC [ DST ]




Post new topic Reply to topic  [ 14 posts ] 
Author Message
Unread postPosted: Wed Nov 12, 2008 4:47 pm 
New User

Joined: Wed Nov 12, 2008 3:49 pm
Posts: 6
I have set up an FTP server in the DMZ and it works fine through Red, both read and write. However through green it is read only which is a problem because I need to synchronise the data on the FTP server with data on a server on the green side. I have port forwared 20 and 21 to the FTP Server and put pinholes for port 20 and port 21 just in case they are needed.

I can open the FTP site from the green side in Internet Explorer as read only but when I select the option to view the page in Windows Explorer I get the message, "The folder ftp://****** is read-only because the proxy server is not set up to allow full access". Can anyone tell me what settings I need to allow full access.

Thanks.


Top
 Profile  
 
Unread postPosted: Thu Nov 13, 2008 4:01 am 
Site Moderator

Joined: Wed Apr 28, 2004 1:27 am
Posts: 6967
Location: Beaumont, TX, USA
LaserLevel wrote:
I have port forwared 20 and 21 to the FTP Server and put pinholes for port 20 and port 21 just in case they are needed.
Traffic from Green -> Orange is OPEN by default. DMZ pinholes are to allow Orange -> Green.

LaserLevel wrote:
I can open the FTP site from the green side in Internet Explorer as read only but when I select the option to view the page in Windows Explorer I get the message, "The folder ftp://****** is read-only because the proxy server is not set up to allow full access". Can anyone tell me what settings I need to allow full access.
Have you tried connecting with a ftp client (i.e. NOT windows explorer) like Filezilla?


Top
 Profile  
 
Unread postPosted: Thu Nov 13, 2008 9:29 am 
New User

Joined: Wed Nov 12, 2008 3:49 pm
Posts: 6
I have tried to use FileZilla but it won't connect through green at all whereas Internet Explorer will, although only in "read only". I don't have experience of setting up FTP, in the past it has just worked on default settings.

Any advise on how to set up FileZilla to access an FTP server in the DMZ through green?

Thanks.


Top
 Profile  
 
Unread postPosted: Fri Nov 14, 2008 3:28 am 
Site Moderator

Joined: Wed Apr 28, 2004 1:27 am
Posts: 6967
Location: Beaumont, TX, USA
LaserLevel wrote:
I don't have experience of setting up FTP, in the past it has just worked on default settings.
Please READ the Orange Mantra (search the wiki).

LaserLevel wrote:
Any advise on how to set up FileZilla to access an FTP server in the DMZ through green?
As I said before, Green -> Orange is OPEN. NO setup is required. Configure your server correctly per the Orange Mantra.


Top
 Profile  
 
Unread postPosted: Fri Nov 14, 2008 9:39 am 
New User

Joined: Wed Nov 12, 2008 3:49 pm
Posts: 6
I know and can chant the Orange Mantra from memory. My observation of the Orange Mantra has been religious. Unfortunately I have not found enlightenment!

My DMZ FTP server works fine in all respects except that it is "read only" from green. It's driving me nuts and help from anyone who has set one up before and been able to read over green would be appreciated.

Thanks.


Top
 Profile  
 
Unread postPosted: Fri Nov 14, 2008 7:41 pm 
Site Moderator
User avatar

Joined: Sun Jun 06, 2004 3:38 am
Posts: 3852
Location: Colorado, USA
My FTP server in ORANGE has NO problems.

Since I run a split-zone DNS server on ORANGE as well, I connect from GREEN exactly like I connect from RED (i.e. by FQDN). Of course I use a REAL FTP client to access my REAL FTP server (i.e no clue if a WEB browser would work or not).

So, like you've been advised, use a REAL FTP CLIENT and see what happens. There is NOTHING in a firewall that would cause your READ-ONLY problem (the firewall either ALLOWS the traffic or BLOCKS the traffic - it doesn't change file permissions).

_________________
For the 2.5^15th time :: Better Details = Better Answers


Top
 Profile  
 
Unread postPosted: Fri Nov 14, 2008 10:32 pm 
Expert

Joined: Sat Sep 23, 2006 11:23 am
Posts: 2483
Location: LDK | Hessen | Germany
I guess your green client's routing/gateway is fubar.

In your case IE uses a proxy for FTP to get to orange and does not need proper routing.
Filezilla obviously is not set up to use a proxy and hence does not work.

Time to fix your client.

_________________
Image

-=[ If you want answers: provide lots of information, including tiny details! ]=-


Top
 Profile  
 
Unread postPosted: Mon Nov 17, 2008 10:12 am 
New User

Joined: Wed Nov 12, 2008 3:49 pm
Posts: 6
Thanks, for the comments. I've come to the conclusion that it's a routing problem but I haven't got it sorted. Using FileZilla I can connect using my red external IP address so the port forward to the FTP server in the DMZ is working but it connects at snail speed.

I obviously want to connect directly through green. IE explorer is connecting because I have told it that my IPCOP firewall green side IP address is the proxy server. For the Web proxy I have specified port 800. IE explorer is happy to connect to my DMZ FTP server using its IP address which is obviously in a different subnet, although as read only.

What I can't understand is that when I have set up FileZilla with the IPCOP green IP address as my generic proxy address it won't connect. FileZilla gives me the choice of Socks 5 or HTTP/1.1. can you tell me which one to use for IPCOP. It also has a user name and password for the proxy which you don't need for IE. Do I need to set up IPCOP on the Proxy Web page to have a user name and password?

Thanks.


Top
 Profile  
 
Unread postPosted: Mon Nov 17, 2008 11:41 am 
Pro User

Joined: Thu May 08, 2003 4:24 am
Posts: 3809
Location: London, UK
1. You don't need to proxy green->orange, it is already open
2. Connect directly to it using its REAL IP address (check that the name you are using resolves to a real IP address, not a red alias)
3. Set your ftp client to connect in "passive" mode


Top
 Profile  
 
Unread postPosted: Mon Nov 17, 2008 2:38 pm 
New User

Joined: Wed Nov 12, 2008 3:49 pm
Posts: 6
Well I've made 2 steps forward and one back.

I have found out that you can get FTP access through an HTTP proxy but only directory listing and download. Upload is not supported through HTTP proxy hence IE explorer being read only through green.

I also discovered that the gateway IP address on my network card was not set to the IPCOP firewall but another access point. Consequently FileZilla couldn't contact my FTP server behind the IPCOP firewall.

FileZilla now contacts the FTP server but stalls after handshaking and generates the following error:

"450 Data transfer not implemented for client default data port. Need port command first."

The FileZilla Connection Wizard reports that the firewall is corrupting the ports command. Any idea how to setup IPCOP to stop this happening?

Thanks.


Top
 Profile  
 
Unread postPosted: Tue Nov 18, 2008 1:40 am 
Pro User

Joined: Thu May 08, 2003 4:24 am
Posts: 3809
Location: London, UK
Have you set passive transfers (PASV)?


Top
 Profile  
 
Unread postPosted: Tue Nov 18, 2008 3:47 am 
Site Moderator

Joined: Wed Apr 28, 2004 1:27 am
Posts: 6967
Location: Beaumont, TX, USA
LaserLevel wrote:
The FileZilla Connection Wizard reports that the firewall is corrupting the ports command. Any idea how to setup IPCOP to stop this happening?
How about not connecting through the proxy?


Top
 Profile  
 
Unread postPosted: Tue Nov 18, 2008 11:08 am 
New User

Joined: Wed Nov 12, 2008 3:49 pm
Posts: 6
It looks like I've sorted it.

I'm using a Snap NAS, (aka DELL 705n) as the ftp server. I came across a comment in a Snap forum that not all ftp clients will work with these servers and a recomendation that you use WS_FTP as the ftp client. Sure enough it works, though for the life of me I don't know why as all the settings were the same as those set on FileZilla. The Professional version of WS_FTP has the ability to do a sheduled sync of my internal server directories to my FTP server in the DMZ. So I'm a happy bunny.

I've reduced the IPCOP settings down to the minimum necessary, no pinholes, just port forward 20 and 21 to the FTP server real IP address and it works a dream.

The lessons I learned are:

1. You can't upload FTP through an HTTP proxy.
2. Make sure your client network card gateway is set to the IPCOP green IP address.
3. Not all FTP clients are created equal.
4. IPCOP works exactly as it should.

Thanks for the comments.


Top
 Profile  
 
Unread postPosted: Tue Nov 18, 2008 1:36 pm 
Pro User

Joined: Thu May 08, 2003 4:24 am
Posts: 3809
Location: London, UK
>1. You can't upload FTP through an HTTP proxy.
You can't proxy to orange, but ftp proxying green>red is fully supported by ipcop.

>2. Make sure your client network card gateway is set to the IPCOP green IP address.
That should be the case for all clients in green

>3. Not all FTP clients are created equal.
So true, but IE is not an FTP client, despite it's claims it is is a windows browser that partially understands ftp

>4. IPCOP works exactly as it should.
Yep - it really is quite stable and does what it says on the tin.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 14 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group