What other protocols must not be fire-walled for FTP to work?
- by Chris
my Netgear router randomly reset itself the other day loosing all of my config settings: DSL details, Firewall rules, the lot!
So I set about restoring all of the details manually, but when it came to configuring the firewall I wanted improve the security by explicitly setting 'deny' rules for everything that I figured is 'non-essential', and (although not necessary) whilst I was at it I set explicit 'allow' for the 'essential' protocols.
I'll admit now I didn't really know what I was doing and everything was just 'my best guess', but I enabled only DNS, HTTP, HTTPS, FTP, SFTP, TFTP with everything else blocked.
This did not work for me as I could not access 99% of web sites (although strangely Google worked!), so I played around a bit more and found that (oddly) if I disabled just the explicit 'allow' rules then everything worked fine, for browsing anyway.
Today I came to work on some web-sites via FTP and just could not get a consistent connection, it kept dropping out after a few files or being blocked by the server or simply not connecting. It would authenticate okay but then stop when retrieving the initial directory listing! e.g.:
Status: Delaying connection for 1 second due to previously failed connection attempt...
Status: Resolving address of ftp.domain.co.uk
Status: Resolving address of ftp.domain.co.uk
Status: Connecting to 123.123.123.123:21...
Status: Connecting to 123.123.123.123:21...
Status: Connection established, waiting for welcome message...
Status: Connection established, waiting for welcome message...
Response: 421 Too many connections (8) from this IP
Error: Could not connect to server
Status: Delaying connection for 5 seconds due to previously failed connection attempt...
Response: 421 Too many connections (8) from this IP
Error: Could not connect to server
Status: Delaying connection for 5 seconds due to previously failed connection attempt...
I've checked and re-checked the FTP settings (they worked before anyway), I have Googled the I.T. out of the various protocols that I have blocked in the fire-wall but none seem essential to FTP (other than FTP/SFTP etc. which I have passively enabled).
I'm (clearly) no server engineer, or protocols / fire-wall expert so I was hoping that some one could maybe shed some light on why my FTP is failing. I've been wondering if I ought to be allowing BGP, BOOTP and/or IDENT (or any others)?
What other protocols are required for FTP?
Thanks in advance!