|
|
 | | From: | Reader | | Subject: | ZoneAlarm blocks FTP apps | | Date: | Fri, 21 Jan 2005 22:09:34 +1100 |
|
|
 | I'd like to use FTP Explorer (www.ftpx.com) to upload files to my web site,
however, ZoneAlarm blocks the connection. I have been shutting down ZA to
allow FTPX to access the remote web server. Basically, ZA lets me actually
log in to the remote web server (ie. name/pass are accepted) but then it
prevents the remote file listing from showing in FTPX's pane. If I quit ZA,
I can view the remote file list normally and upload/rename/etc. I tried a
different FTP client (FTP Commander) with the same result: connect okay, but
no file list unless I quit ZA. I'm running ZoneAlarm with Antivirus, the
latest version (v5.5.062.004) and a "manual update" check says I have the
latest version. I'm running Windows XP Pro + SP2, with the Windows Firewall
disabled. Any ideas? As a side-note, I used to be able to use FTPX and ZA
just fine in the past, but that was before I had XP -- and I'm not going to
drop XP just to gain FTP access. ;) Using passive mode (or not) hasn't
made any difference. I don't know how to allow both ports 20 and 21 in
ZA... I can't find any option for it?
For the record, in the "Firewall" section of ZoneAlarm: if I select "Medium"
for the Internet Zone Security, then FTP works. It's only when I leave it
on
the (default) setting of "High" that it blocks FTP from listing site
contents.
Thanks for reading, and for any advice anyone can give. :)
|
|
| | From: | in2minds | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Fri, 21 Jan 2005 13:02:21 -0000 |
|
|
| > For the record, in the "Firewall" section of ZoneAlarm: if I select
> "Medium"
> for the Internet Zone Security, then FTP works. It's only when I
> leave it on
> the (default) setting of "High" that it blocks FTP from listing site
> contents.
>
it's not ZA, it's more than likely the remote server blocking your
access because it can't do reverse DNS (or so I've been told).
ZA set on High hides your IP address, so you'll just have to set it to
medium when you're FTPing... I have the same problem
LJ
|
|
| | From: | Jason Edwards | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Fri, 21 Jan 2005 14:55:58 -0000 |
|
|
| "in2minds" wrote in message
news:35ccrqF4ejmbiU1@individual.net...
> > For the record, in the "Firewall" section of ZoneAlarm: if I select
> > "Medium"
> > for the Internet Zone Security, then FTP works. It's only when I
> > leave it on
> > the (default) setting of "High" that it blocks FTP from listing site
> > contents.
> >
>
> it's not ZA, it's more than likely the remote server blocking your
> access because it can't do reverse DNS (or so I've been told).
> ZA set on High hides your IP address,
In that case where do these sites get your IP address from?
http://www.lagado.com/proxy-test
http://www.whatsmyip.info/
etc
I assume you have ZA "set on high".
Jason
> so you'll just have to set it to
> medium when you're FTPing... I have the same problem
>
> LJ
>
>
|
|
| | From: | ABC | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Fri, 21 Jan 2005 16:00:56 -0000 |
|
|
|
"Jason Edwards" wrote in message
news:35cjg1F4lopg1U1@individual.net...
> "in2minds" wrote in message
> news:35ccrqF4ejmbiU1@individual.net...
>> > For the record, in the "Firewall" section of ZoneAlarm: if I select
>> > "Medium"
>> > for the Internet Zone Security, then FTP works. It's only when I
>> > leave it on
>> > the (default) setting of "High" that it blocks FTP from listing site
>> > contents.
>> >
>>
>> it's not ZA, it's more than likely the remote server blocking your
>> access because it can't do reverse DNS (or so I've been told).
>> ZA set on High hides your IP address,
>
> In that case where do these sites get your IP address from?
> http://www.lagado.com/proxy-test
> http://www.whatsmyip.info/
> etc
>
> I assume you have ZA "set on high".
>
> Jason
>
>
>> so you'll just have to set it to
>> medium when you're FTPing... I have the same problem
>>
>> LJ
>>
>>
>
>
They are getting the IP address by using a little java app. Your IP address
is required for all internet traffic.
Reverse dns is a different kettle of fish. Websites don't need to d a rDNS,
but with the likes of ftp, they may use rDNS to see if the request comes
from the address it says its coming from (i.e. the IP address has not been
spoofed).
S
|
|
| | From: | Jason Edwards | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Fri, 21 Jan 2005 16:36:40 -0000 |
|
|
| "ABC" wrote in message
news:csr8vo$pps$1@nntp0.reith.bbc.co.uk...
>
> "Jason Edwards" wrote in message
> news:35cjg1F4lopg1U1@individual.net...
> > "in2minds" wrote in message
> > news:35ccrqF4ejmbiU1@individual.net...
> >> > For the record, in the "Firewall" section of ZoneAlarm: if I select
> >> > "Medium"
> >> > for the Internet Zone Security, then FTP works. It's only when I
> >> > leave it on
> >> > the (default) setting of "High" that it blocks FTP from listing site
> >> > contents.
> >> >
> >>
> >> it's not ZA, it's more than likely the remote server blocking your
> >> access because it can't do reverse DNS (or so I've been told).
> >> ZA set on High hides your IP address,
> >
> > In that case where do these sites get your IP address from?
> > http://www.lagado.com/proxy-test
> > http://www.whatsmyip.info/
> > etc
> >
> > I assume you have ZA "set on high".
> >
> > Jason
> >
> >
> >> so you'll just have to set it to
> >> medium when you're FTPing... I have the same problem
> >>
> >> LJ
> >>
> >>
> >
> >
> They are getting the IP address by using a little java app.
> Your IP address is required for all internet traffic.
That was the point.
It does seem to be a fairly common misconception that a firewall can hide
your IP address.
Jason
>
> Reverse dns is a different kettle of fish. Websites don't need to d a
rDNS,
> but with the likes of ftp, they may use rDNS to see if the request comes
> from the address it says its coming from (i.e. the IP address has not been
> spoofed).
>
> S
>
>
|
|
| | From: | Reader | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Sat, 22 Jan 2005 14:04:59 +1100 |
|
|
| in2minds wrote:
> it's not ZA
How can it NOT be ZA if it works when ZA isn't running? :)
In any event, I got it working by putting the host address in
ZA's "Trusted" zone. Not the ideal solution, but works for now.
|
|
| | From: | Melvin Klassen | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Sat, 22 Jan 2005 19:10:58 GMT |
|
|
| On Fri, 21 Jan 2005 13:02:21, "in2minds" wrote:
> > For the record, in the "Firewall" section of ZoneAlarm:
> > if I select "Medium" for the Internet Zone Security, then FTP works.
> > It's only when I leave it on the (default) setting of "High"
> > that it blocks FTP from listing site contents.
>
> it's not ZA, it's more than likely the remote server blocking your
> access because it can't do reverse DNS (or so I've been told).
If the remote FTP-server has accepted your ID/password,
then your computer has already "passed" this security-check.
> ZA set on High hides your IP address,
Nonsense When you connect to the remote FTP-server,
you are *SENDING* your IP-address to the server,
so that it can *REPLY* to your request.
> so you'll just have to set it to medium when you're FTPing...
|
|
| | From: | Wolfgang Kueter | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Fri, 21 Jan 2005 17:26:14 +0100 |
|
|
| in2minds wrote:
>> For the record, in the "Firewall" section of ZoneAlarm: if I select
>> "Medium"
>> for the Internet Zone Security, then FTP works. It's only when I
>> leave it on
>> the (default) setting of "High" that it blocks FTP from listing site
>> contents.
>>
>
> it's not ZA,
Wrong.
> it's more than likely the remote server blocking your
> access because it can't do reverse DNS (or so I've been told).
Complete Nonsense.
> ZA set on High hides your IP address, so you'll just have to set it to
> medium when you're FTPing...
Again: Complete nonsense. If you IP is hidden, you don't get back a single
packet from any computer using whatever protocol. It is a problem that has
to do with the fact, that ftp use two (!) connections (command and the data
channel) using different ports and that there are two possibilities (active
and passive mode) about how the connection properties for the data channel
are handled and set up between client and server. When using active mode,
the client becomes the server and you need to allow an incoming connection
to Port 20.
> ... I have the same problem
which is that have no clue. Play around with ftp connecttions using both
modes and sniff the traffic. Read the RfC describing the ftp protocol,
analyse the results from your sniffer.
Wolfgang
|
|
| | From: | Casey | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Fri, 21 Jan 2005 23:47:14 GMT |
|
|
| In article , wolfgang@shconnect.de says...
> in2minds wrote:
>
> >> For the record, in the "Firewall" section of ZoneAlarm: if I select
> >> "Medium"
> >> for the Internet Zone Security, then FTP works. It's only when I
> >> leave it on
> >> the (default) setting of "High" that it blocks FTP from listing site
> >> contents.
> >>
> >
> > it's not ZA,
>
> Wrong.
>
> > it's more than likely the remote server blocking your
> > access because it can't do reverse DNS (or so I've been told).
>
> Complete Nonsense.
>
> > ZA set on High hides your IP address, so you'll just have to set it to
> > medium when you're FTPing...
>
> Again: Complete nonsense. If you IP is hidden, you don't get back a single
> packet from any computer using whatever protocol. It is a problem that has
> to do with the fact, that ftp use two (!) connections (command and the data
> channel) using different ports and that there are two possibilities (active
> and passive mode) about how the connection properties for the data channel
> are handled and set up between client and server. When using active mode,
> the client becomes the server and you need to allow an incoming connection
> to Port 20.
>
> > ... I have the same problem
>
> which is that have no clue. Play around with ftp connecttions using both
> modes and sniff the traffic. Read the RfC describing the ftp protocol,
> analyse the results from your sniffer.
>
>
> Wolfgang
>
Yes, absolutely. For a definitive definition how active ftp
and passive ftp work take a look here:
http://slacksite.com/other/ftp.html
Casey
--
micro..........Who?
|
|
| | From: | Wolfgang Kueter | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Sat, 22 Jan 2005 01:11:05 +0100 |
|
|
| Casey wrote:
> Yes, absolutely. For a definitive definition how active ftp
> and passive ftp work take a look here:
> http://slacksite.com/other/ftp.html
It is somewhat frustrating that completely clueless people post their crazy
ideas in a technical newsgroup. THey have not the slightest idea how the
protocol, they are talking about functions but instead spread false
information that have nothing to do with technical specifications but a lot
with belief, firewall voodoo, rain dance and similar practices.
Thanks for the link, it might help some of the clueless.
Wolfgang
|
|
| | From: | Arthur Hagen | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Fri, 21 Jan 2005 19:42:27 -0500 |
|
|
| Wolfgang Kueter wrote:
> Casey wrote:
>
>> Yes, absolutely. For a definitive definition how active ftp
>> and passive ftp work take a look here:
>> http://slacksite.com/other/ftp.html
>
> It is somewhat frustrating that completely clueless people post their
> crazy ideas in a technical newsgroup. THey have not the slightest
> idea how the protocol, they are talking about functions but instead
> spread false information that have nothing to do with technical
> specifications but a lot with belief, firewall voodoo, rain dance and
> similar practices.
>
> Thanks for the link, it might help some of the clueless.
Indeed. Hopefully *your* cluelessness. I quote:
>>> When using active mode, the client becomes the server and you
>>> need to allow an incoming connection to Port 20.
The above is false (and as you would say: clueless) -- with active FTP, the
client specifies the IP and port the remote should connect to, and the
remote connects *from* port 20.
--
*Art
|
|
| | From: | maduser at bagspammers.net | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Fri, 21 Jan 2005 21:38:55 -0500 |
|
|
| On Fri, 21 Jan 2005 22:09:34 +1100, "Reader"
wrote:
>I'd like to use FTP Explorer (www.ftpx.com) to upload files to my web site,
>however, ZoneAlarm blocks the connection. I have been shutting down ZA to
>allow FTPX to access the remote web server. Basically, ZA lets me actually
>log in to the remote web server (ie. name/pass are accepted) but then it
>prevents the remote file listing from showing in FTPX's pane. If I quit ZA,
>I can view the remote file list normally and upload/rename/etc. I tried a
>different FTP client (FTP Commander) with the same result: connect okay, but
>no file list unless I quit ZA. I'm running ZoneAlarm with Antivirus, the
>latest version (v5.5.062.004) and a "manual update" check says I have the
>latest version. I'm running Windows XP Pro + SP2, with the Windows Firewall
>disabled. Any ideas? As a side-note, I used to be able to use FTPX and ZA
>just fine in the past, but that was before I had XP -- and I'm not going to
>drop XP just to gain FTP access. ;) Using passive mode (or not) hasn't
>made any difference. I don't know how to allow both ports 20 and 21 in
>ZA... I can't find any option for it?
>
>For the record, in the "Firewall" section of ZoneAlarm: if I select "Medium"
>for the Internet Zone Security, then FTP works. It's only when I leave it
>on
>the (default) setting of "High" that it blocks FTP from listing site
>contents.
>
>Thanks for reading, and for any advice anyone can give. :)
>
I have no advice, but am running XP Pro with SP2 and the latest
version of ZA Pro (just the firewall, nothing else), with ZA set to
high security for the internet zone. AVG 7 and SpySweeper are also
installed and active.
I use Absolute FTP, and have had no problems moving files to/from a
web server on the internet, so it's likely your problem lies
elsewhere.
|
|
| | From: | Melvin Klassen | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Sat, 22 Jan 2005 19:08:07 GMT |
|
|
| On Fri, 21 Jan 2005 11:09:34, "Reader" wrote:
> I'd like to use FTP Explorer (www.ftpx.com) to upload files to my web site,
> however, ZoneAlarm blocks the connection.
Correct.
> I have been shutting down ZA to allow FTPX to access the remote web server.
> Basically, ZA lets me actually log in to the remote web server (ie. name/pass
> are accepted) but then it prevents the remote file listing from showing in FTPX's pane.
> If I quit ZA, I can view the remote file list normally and upload/rename/etc.
Correct.
> I tried a different FTP client (FTP Commander) with the same result: connect okay,
> but no file list unless I quit ZA.
FTP connects on a "control" port (21), to exchange IDs/password,
but exchanges data (such as file-lists) on a "data" port
In your case, the "unsolicited" traffic to the "data" port
on your computer is being blocked by Zone Alarm.
> I'm running ZoneAlarm with Antivirus, the latest version (v5.5.062.004)
> and a "manual update" check says I have the latest version.
> I'm running Windows XP Pro + SP2, with the Windows Firewall disabled. Any ideas?
Turn on the Windows XP Firewall, and turn off the Zone Alarm firewall.
You'll be protected by the XP Firewall, and FTP will work.
|
|
| | From: | Reader | | Subject: | Re: ZoneAlarm blocks FTP apps | | Date: | Sun, 23 Jan 2005 11:42:10 +1100 |
|
|
| Melvin Klassen wrote:
> Turn on the Windows XP Firewall, and turn off the Zone Alarm firewall.
Hahaha, yeah right! :)
|
|
|
