 IPSec packet filter and Passive Mode information, helpful if you run and 1and1 server |
  |
 Dec 18 2004, 10:48 AM
Post
#1
|
|
 New Member  Group: Members Posts: 5 Joined: 15-November 04 From: Salem, OR, USA Member No.: 617  |
Hello All,
This is just a bit of information which may or may not be helpful to most people. But for anyone leasing a windows server from 1and1 Internet, this will definatley come in handy. 1and1 installs an IP filter on each box. This works like any other filter in that it blocks all traffic unless told otherwise by a rule. I have had to create rules to allow webtraffic, mail, ftp, and MySQL to function. In creating the rules for the FTP server (Geen 6 v. 3.0.1 build 70) I overlooked something that very critical in order to make passive mode function correctly. But first the basics. Set up the IP Biniding for your domain as specified for firewall setting: Enter your domain/ip address in the Redirect field. Enter port ranges 50000-50100 Uncheck the "allow connections<1024 Now for the filter settings: -Open up the IP Filter (double click) located on the desktop (or where ever you may have it installed). -Select the "IP Security Policies on Local Computer" -In the list on the right open the Packet Filter -Click "Add" on the bottom -Click "Add" again -In the box that pops up type in a name for the filter list (i used "FTP PASV"). You can also enter a escription if you want. -Now, click add. This should bring you to the IP Filter Wizard. If not, hit Cancel and make sure "Use Add Wizard" is checked. -Hit Next, enter a description if you want (its not required), and hit Next again. -For "Source Address" select "Any IP Address" and hit next. -For "Destination Address" select "My IP Address" and hit next. -For Protocol type, select TCP and next again. -Now, tick off "From any port" on the top, and "To this port" on the bottom and enter 50000 for the value -click Next and Finish Port 50000 is now open. Do the same 2 more times with the "To this port" set to 50001 and 50002. You can test this by going back to the IP Binding option for your domain and setting the port range from 50000 - 50002 and logging in from the outside. In the status/command box for your FTP client you should see that PASV mode is active and going to one of the specified 500** ports. This only downside to this is that you have to repeat the above for any ports you want open. I created rules for the 50000-50100 range in about 30 minutes. This will definatley help out people who lease servers from 1and1 and possibly other companys who have a similar setup, or those who use the IP Filter. Hope this helps. Cheers |
 |
 
|
|
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 9th September 2010 - 04:19 PM |