GeneFTP ftp/ssl ? anyone use this? firewall issues

itdaddy · 02:10 AM

Quote:

425 Cannot open data connection.
Attemping PASV mode transfer...
PASV
227 Entering Passive Mode (192,168,15,10,118,111)
192.168.15.10 -> 209.94.168.243
LIST
Connect socket #944 to 209.94.168.243, port 30319...

hey guys anyone use GeneFTP server. I really like it but
I have my ASA and it says some how I have a data port screw up.
Cause I cannot get it to list outside on the public WAN. If I use it in simple ftp mode port 20/21 i can access everything fine on the public wan
But i want to use it in ftp/ssl mode i want to keep it secure. I know it is myt firewall because in can use the ftp/ssl on my inside LAn fine but when it traverses inside to outside or really outside to inside. it authenticates fine but the data pathway is screw up and I have not a clue what to do.
I have allowed port 1024 and checked the box on the ftp server to force this port but no good. Anyone have this kind of issue? like i said the authentication works but when it tries to list the directories says the above issue. error.
thanks for your help...

tiersten · 06-01-2009, 02:48 AM

I have no idea what you wrote there. Are you saying that passive FTP can't traverse your ASA?

msteinhilber · 06-01-2009, 03:05 AM

Did you open up the ports that you have defined for passive mode FTP? The ASA supports options to inspect FTP traffic which can determine the passive ports being used for a session, but in your case since you are using secure FTP, the control channel will be encrypted and the ASA would not be able to inspect the packets to determine which port to dynamically open.

itdaddy · 06-01-2009, 03:40 AM

I really am trying to say that something is not allowing the Listing of the directories. when i do not use ftp/ssl it works fine but for some reason
I do not know what is not allowing the listing of data..I am not sure how ftp/ssl works. I mean I am using port 21 and I guess port 20 but what port is used for SSL? I am unfamiliar with really some of things my coreftp client needs. and how to set up my GeneFTP server..it has settings for passive mode on the server. I forced it to use 1024 on the server and did some static entries on the asa but something is not allowing the directory listing of data. it says that in the error message..was hopeing someone used GeneFTP server. I have used titan and ftp/ssh and it works fine with my asa firewall settings. I have never setup a ftp/ssl before and I am unfamiliar in what it is needed. Thanks for helping....

msteinhilber · 06-01-2009, 04:05 AM

I checked out the Gene6 site, did you enable redirect passive IP and enter your public IP?

itdaddy · 06-01-2009, 02:34 PM

msteinhilber

I saw that config inthe ip bind section. But wasnt sure I had to do that.
will try it and see what it does. do you know what it does?
plus my public ip changes and will try my DNS name and see if
i can get it work; but it i must be blocking something or some port;(

itdaddy · 06-01-2009, 02:56 PM

Gene6 FTP Server v3 - Manual

I think I see what you mean. I will look at config and see what I messed up; thanks for the help

itdaddy · 06-01-2009, 05:45 PM

msteinhilber

dude you are a genius. As soon as I added my website sftp.itdaddy.net
and made the PASV port static 1024 and of course added some ACLs and a static entry in my ASA 5505 bam FTP/SSL works perfect.

thanks for pointing that out to me and cutting thru my babbling.

I appreciate your guidance mate!

Robert