WinGate Forums

[Indice]

Hi,

My Wingate firewall plug-in is active. Ports 20-21 (FTP) are opened because I need to get some information from one server but the firewall is bloking the port even if the access is allowed (from internet) at the port security tab.

How to open these ports to every one and how to open them just to a specific IP address?

Thank for your help!

JGM

[Pascal]

How to open these ports to every one and how to open them just to a specific IP address?

Can you post a sample of the System Log message / Firewall Hit it gives you when somebody tries to connect in, please ?

How to open these ports to every one and how to open them just to a specific IP address?

Does this mean you want to redirect the traffic coming in to a specific IP ? Or do you only want to allow a specific IP to be able to connect to the open port ?

[Indice]

Sure,

My IP is BBB.BBB.... while the remote server IP is AAA.AAA....

02/07/04 11:34:15 Authorisation failure: NAT STATUS: firewall block: TCP src
AAA.AAA.AAA.AAA:20 dst BBB.BBB.BBB.BBB:1557

02/07/04 11:34:39 Authorisation failure: NAT STATUS: firewall block: TCP src
AAA.AAA.AAA.AAA:20 dst BBB.BBB.BBB.BBB:1557

02/07/04 11:35:56 Authorisation failure: NAT STATUS: firewall block: TCP src
AAA.AAA.AAA.AAA:20 dst BBB.BBB.BBB.BBB:1579

02/07/04 11:36:42 Authorisation failure: NAT STATUS: firewall block: TCP src
AAA.AAA.AAA.AAA:20 dst BBB.BBB.BBB.BBB:1607

02/07/04 11:36:42 Authorisation failure: NAT STATUS: firewall block: TCP src
AAA.AAA.AAA.AAA:20 dst BBB.BBB.BBB.BBB:1612


I need this server to have access to my LAN (all pc´s) when they send some validation request, but just this server´s IP (AAA.AAA.....) and I would like to know how to allow everyone to access from any IP (via ftp)

I would like to know why ports 21 & 21 are closed if they are allowed (connections from internet)

[Pascal]

My IP is BBB.BBB.... while the remote server IP is AAA.AAA....

02/07/04 11:34:15 Authorisation failure: NAT STATUS: firewall block: TCP src
AAA.AAA.AAA.AAA:20 dst BBB.BBB.BBB.BBB:1557

I would like to know why ports 21 & 21 are closed if they are allowed (connections from internet)

It's a question of source vs destination. When you allow (open) a port in WinGate that is the destination of the packet. Not the source. So you'd have to open 1557, etc. for it to be allowed through.

I'm still not 100% clear on where the FTP Server is in this picture. Is there one on each of the machines behind your WinGate Server ? Or is the FTP Server on your WinGate machine itself and these requests are being made from some other application ?

[Indice]

Hi,

Look, I have 14 PC´s behid the WinGate and all of them send (ftp) one or some file(s) to a remote server (AAA...) that has to answer to the PC involved. The pc´s can´t recieve this answer because the firewall is blocking it. I can´t open a range of ports just to let this answer to get to the involved PC

As the example I wrote above, the remote server is answering through it´s port 20 (AAA.AAA.AAA.AAA:20), so why my Wingate server is blocking that server? Does that means that the remote server is not answering to my PC´s at port 20?

[genie]

Looks like your Wingate machine is trying to download files from the server using active mode - which is the problem for Wingate at the moment. I'd suggest you use passive mode for the FTP client on Wingate machine - it should solve the problem.

[Pascal]

Look, I have 14 PC´s behid the WinGate and all of them send (ftp) one or some file(s) to a remote server (AAA...) that has to answer to the PC

Ah. That makes it clearer. Now, just a few more questions. Do you use NAT for the clients ? Or do you use NAT+T/R or direct proxy connections ?

If you're using NAT alone, built in application support in the driver should take care of this for you, and if you're using Proxy / T/R this should be automatically handled for you by the proxy. When your clients behind WinGate connect to the remote server, which port number on the remote server do they connect to ? 21 ?

blocking that server? Does that means that the remote server is not answering to my PC´s at port 20?

No, it's answering back to 1557, 1558, etc. as, I assume, it's attempting to open the data channel.

[Indice]

Thanks for your answer,

Tell me please. Is there any way to make some kind of "Bypass" for one IP address?

I mean, is it possible to have open all my ports for this IP address and closed for any other IP ?

[genie]

It will be possible in the next version of Wingate. Unfortunately in the current version you cannot block traffic based on the source IP, except for banning certain IP address completely.