Firewall blocking Sharepoint designer 2007

lucdc · Apr 2, 2015, 3:20 PM

I have a PC behind pfsense with windows.
Standard I block everything. For everything I want to do, there are rules to allow it.
I have a rule for alowing port 21 for FTP.
But when I want to plublish my wetsite it aint working. Anybody knows if there are other ports I have to open?

kind regards,
Luke

doktornotor · Mar 31, 2015, 1:10 PM

=> https://social.technet.microsoft.com/Forums

lucdc · Mar 31, 2015, 3:21 PM

If I allow the following Pv4 TCP LAN net * destination :195.238.0.64
for ports 5000 - 60000 , where 195.238.0.64 is the ip-address for the FTP-server of my ISP,
it works.

muswellhillbilly · Apr 1, 2015, 8:41 AM

Have you tried seeing if you can ftp to the host from another internal machine before trying to access it from outside the firewall? Are you sure you've set your ftp server to listen on port 21 (ftp doesn't normally listen on ports 5000-60000)? Do you have any kind of Windows firewall running on your server? Judging from your last post you seem to be trying to access an ftp server outside of your network - are you trying to open up ftp from inside to the outside or port forward ftp from outside to the inside?

A little information - like a breakdown of your inbound/outbound rules and NAT rules - wouldn't go amiss.

lucdc · Apr 1, 2015, 8:00 PM

running Windows 7 workstation not server and Sharepoint Designer 2007.
By making some logs, find out that I did not alowed to access the outside FTP server for port 80 also?

First I have to find out how to post images before I can show my outgoing rules

lucdc · Apr 2, 2015, 8:47 AM

here a printscreen of my outgoing rules

my pond www.decockluc.net

muswellhillbilly · Apr 2, 2015, 1:17 PM

Ok, these are your outbound (LAN -> WAN) rules. Are you saying that you're trying to access your ftp server from inside the LAN to an outside address elsewhere? Or - and I'm guessing here - are you putting your external interface as a target for your internal hosts to access your internal ftp server?

I think you'll need to write up a short network diagram to show us where your ftp server is located in relation to your internal hosts and what your LAN addressing is. It might help knowing what your pfSense external IP address is as well - or at least indicate the general address range (eg: 212.54.23.x)

You need to clarify whether the website you're trying to make visible is running behind your pfSense firewall or if it's running remotely behind another firewall. As it is I don't know whether you're trying to port forward inbound to your ftp server or if you're trying to simply access a remote ftp server from inside your LAN.

doktornotor · Apr 2, 2015, 1:26 PM

When you block passive ports used, passive FTP does not work… Kinda obvious. http://slacksite.com/other/ftp.html#passive

lucdc · Apr 2, 2015, 3:36 PM

@muswellhillbilly:

Are you saying that you're trying to access your ftp server from inside the LAN to an outside address elsewhere?

Yes

My external address lies in the following range : 109.131.0.0 /16

@muswellhillbilly:

or if you're trying to simply access a remote ftp server from inside your LAN.

Yes

@doktornotor:

When you block passive ports used, passive FTP does not work… Kinda obvious.

Thats kind of Chinese to me. Do you know if I have to open any extra ports or less ports?

doktornotor · Apr 2, 2015, 4:47 PM

Yeah. The passive ones. Except that they are usually random unless set up to some specific range on the FTP server (which you normally have no control over). You are seriously shooting yourself in foot with your restrictive firewall design.

jimp · Apr 2, 2015, 8:37 PM

Reason #193752983529 why very strict outbound rulesets are a pain to create and maintain. :-)

If you're on 2.2.x, the FTP Client Proxy package may help you out there.