How do I fix the built-in Windows Firewall which is blocking packets despite a configured exception?
-
I have configured my built-in Windows Firewall (Windows XP SP3) to allow this box to serve as a local FTP server (FileZilla server). The configuration was working until <insert some recent date>. Specifically, I had configured these exceptions on the Windows Firewall -> Exceptions tab: File Transfer Program (C:\WINDOWS\system32\ftp.exe) scope of "Any computer" FileZilla (C:\Program Files\FileZilla\FileZilla.exe) scope of "My network (subnet) only" ftp-data01 (Port number: TCP 2001) scope of "My network (subnet) only" . . . similar rules down to port 2010 As mentioned, this configuration was working until recently. If I look at the Windows Firewall Security Logging, I can see that the TCP SYN packets from my client to this server's port 21 are being dropped. How should I configure Windows Firewall to allow the packets? One solution that works is to use the "Advanced" tab -> "Local Area Connection" settings and enable "FTP Server", but the dialog box states that opens the exception for Internet access. I am looking for a solution that allows access for only the local subnet.
-
Answer:
First, try to figure out what happened on the date in question. Did your system install an update? Did you change the configuration of some other security related application, such as an Anti-Virus or Anti-Spyware application? Did something change your network configuration? Did you install a VPN or SSL-VPN client which may have affected your systems internal routing tables? If you can figure out what changed, try and see if you can undo the change. Just be warned, undoing may not be possible for a variety of reasons. For the case that raised this question, it a change to the anti-spyware application coincided with the break in FTP service, but it was not possible to restore functionality by restoring the anti-spyware application configuration. One solution is, on the Windows Firewall Exceptions tab, create an exception for Port 21 TCP and then scope the exception for "My network (subnet) only. Essentially, one is duplicating the functionality from the "Advanced Tab", but the Exceptions tab allows for the limit of scope. This exception allows one to delete the "FileZilla" application exception and still permit access to the ftp server. The File Transfer Program exception is a red herring - that entry allows the ftp client on the server to access ftp servers on other hosts. The next time one tries to use the ftp client, Windows Firewall will pop-up a dialog box to create the exception, assuming a default configuration of Windows Firewall.
pcapademic at Server Fault Visit the source
Other answers
What happened on May 23? Are you running antivirus which has a built-in firewall? I've had cases where I enabled an exception in the Windows firewall and not realized my AV's firewall was also blocking.
K. Brian Kelley
Related Q & A:
- How do I fix a corrupted flash drive?Best solution by Yahoo! Answers
- Why am I receiving a malformed text data error and how do I fix it?Best solution by Yahoo! Answers
- How do I fix a DNS error on a PSP?Best solution by wikihow.com
- How Do I Fix This Windows 7 Wireless Connection Problem?Best solution by Yahoo! Answers
- How do I fix this error I have on MSN? "Windows Live Communications Platform has stopped working?Best solution by Yahoo! Answers
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.