Firewall blocking Sharepoint designer 2007



  • I have a PC behind pfsense with windows. 
    Standard I block everything.  For everything I want to do, there are rules to allow it.
    I have a rule for alowing port 21 for FTP.
    But when I want to plublish my wetsite it aint working.  Anybody knows if there are other ports I have to open?

    kind regards,
    Luke


  • Banned



  • If I allow the following Pv4 TCP LAN net * destination :195.238.0.64
    for ports 5000 - 60000 , where 195.238.0.64 is the ip-address for the FTP-server of my ISP,
    it works.



  • Have you tried seeing if you can ftp to the host from another internal machine before trying to access it from outside the firewall? Are you sure you've set your ftp server to listen on port 21 (ftp doesn't normally listen on ports 5000-60000)? Do you have any kind of Windows firewall running on your server? Judging from your last post you seem to be trying to access an ftp server outside of your network - are you trying to open up ftp from inside to the outside or port forward ftp from outside to the inside?

    A little information - like a breakdown of your inbound/outbound rules and NAT rules - wouldn't go amiss.



  • running Windows 7 workstation not server and Sharepoint Designer 2007.
    By making some logs, find out that I did not alowed  to access the outside FTP server for port 80 also?

    First I have to find out how to post images before I can show my outgoing rules



  • here a printscreen of my outgoing rules

    my pond  www.decockluc.net



  • Ok, these are your outbound (LAN -> WAN) rules. Are you saying that you're trying to access your ftp server from inside the LAN to an outside address elsewhere? Or - and I'm guessing here - are you putting your external interface as a target for your internal hosts to access your internal ftp server?

    I think you'll need to write up a short network diagram to show us where your ftp server is located in relation to your internal hosts and what your LAN addressing is. It might help knowing what your pfSense external IP address is as well - or at least indicate the general address range (eg: 212.54.23.x)

    You need to clarify whether the website you're trying to make visible is running behind your pfSense firewall or if it's running remotely behind another firewall. As it is I don't know whether you're trying to port forward inbound to your ftp server or if you're trying to simply access a remote ftp server from inside your LAN.


  • Banned

    When you block passive ports used, passive FTP does not work… Kinda obvious. http://slacksite.com/other/ftp.html#passive



  • @muswellhillbilly:

    Are you saying that you're trying to access your ftp server from inside the LAN to an outside address elsewhere?

    Yes

    My external address lies in the following range : 109.131.0.0 /16

    @muswellhillbilly:

    or if you're trying to simply access a remote ftp server from inside your LAN.

    Yes

    @doktornotor:

    When you block passive ports used, passive FTP does not work… Kinda obvious.

    Thats kind of Chinese to me.  Do you know if I have to open any extra ports or less ports?


  • Banned

    Yeah. The passive ones. Except that they are usually random unless set up to some specific range on the FTP server (which you normally have no control over). You are seriously shooting yourself in foot with your restrictive firewall design.


  • Rebel Alliance Developer Netgate

    Reason #193752983529 why very strict outbound rulesets are a pain to create and maintain. :-)

    If you're on 2.2.x, the FTP Client Proxy package may help you out there.


Log in to reply