What other protocols must not be fire-walled for FTP to work?

Posted by Chris on Server Fault See other posts from Server Fault or by Chris
Published on 2012-09-21T15:35:00Z Indexed on 2012/09/21 15:40 UTC
Read the original article Hit count: 371

Filed under:
|
|
|

my Netgear router randomly reset itself the other day loosing all of my config settings: DSL details, Firewall rules, the lot!

So I set about restoring all of the details manually, but when it came to configuring the firewall I wanted improve the security by explicitly setting 'deny' rules for everything that I figured is 'non-essential', and (although not necessary) whilst I was at it I set explicit 'allow' for the 'essential' protocols.

I'll admit now I didn't really know what I was doing and everything was just 'my best guess', but I enabled only DNS, HTTP, HTTPS, FTP, SFTP, TFTP with everything else blocked.

This did not work for me as I could not access 99% of web sites (although strangely Google worked!), so I played around a bit more and found that (oddly) if I disabled just the explicit 'allow' rules then everything worked fine, for browsing anyway.

Today I came to work on some web-sites via FTP and just could not get a consistent connection, it kept dropping out after a few files or being blocked by the server or simply not connecting. It would authenticate okay but then stop when retrieving the initial directory listing! e.g.:

Status: Delaying connection for 1 second due to previously failed connection attempt...
Status: Resolving address of ftp.domain.co.uk
Status: Resolving address of ftp.domain.co.uk
Status: Connecting to 123.123.123.123:21...
Status: Connecting to 123.123.123.123:21...
Status: Connection established, waiting for welcome message...
Status: Connection established, waiting for welcome message...
Response:   421 Too many connections (8) from this IP
Error:  Could not connect to server
Status:     Delaying connection for 5 seconds due to previously failed connection attempt...
Response:   421 Too many connections (8) from this IP
Error:  Could not connect to server
Status: Delaying connection for 5 seconds due to previously failed connection attempt...


I've checked and re-checked the FTP settings (they worked before anyway), I have Googled the I.T. out of the various protocols that I have blocked in the fire-wall but none seem essential to FTP (other than FTP/SFTP etc. which I have passively enabled).

I'm (clearly) no server engineer, or protocols / fire-wall expert so I was hoping that some one could maybe shed some light on why my FTP is failing. I've been wondering if I ought to be allowing BGP, BOOTP and/or IDENT (or any others)?

What other protocols are required for FTP?


Thanks in advance!

© Server Fault or respective owner

Related posts about firewall

Related posts about ftp