FTP ALG problem to your FTP server
Guru Member
ZyWALL 110 V4.33(AAAA.0)ITS-WK30-r89425
I have no rule that allows like from DMZ to WAN all services I allow like service port 21 and the ALG in the ZyWALL allows the other ports be it in Passive or Active mode.
works fine in Passive or Active mode with firewall on
does not work in Passive or Active mode but with firewall off Active mode is forced to Passive and works.
using Core FTP LE 2.2
Comments
-
Hi @PeterUK,
The same issue is reproduced in our lab.
We will investigate what the root cause is and keep you informed of the status.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Hi @PeterUK,
The root cause is on the ftp server.
In ftp.zyxel.com, it doesn't support Active mode.
1. When client uses Active mode, it will return “550 Permission denied”.
2. In passive mode case, the server will response incorrect passive IP address. This incorrect IP cause it not find the correct expected conntrack and the passive port which doesn't not belong to 21 will be dropped by firewall.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Well Active mode did work on ftp.zyxel.com some months back so maybe something has changed on your server?
And ftp2.zyxel.com works in Active mode even with “550 Permission denied”
0 -
Hi @PeterUK,
After FTP ALG is enabled on the ftp server "ftp.zyxel.com", it should be working now.
Try it again and share the test result with us.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Active mode still don't work but passive mode works on ftp.zyxel.com theirs no reason why Active mode can work as well like on ftp2.zyxel.com.
0 -
Hi @PeterUK,There is no extra setting for active mode connection.When using active mode on the Core FTP client and connecting to ftp.zyxel.com, it is changed to passive mode automatically and it is still able to connect to ftp.zyxel.com successfully.It is the current behavior of ftp.zyxel.com.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Yes know Core FTP client changed to passive mode automatically but I'm saying I used to connect to ftp.zyxel.com in Active mode and now I can't so something has changed.
0 -
Hi @PeterUK,
The old FTP server ftp.zyxel.com was migrated to a new server a few months ago.
That's why the behavior on the old server and the current server are different.
We apologize for the inconvenience.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Even on a new server Active mode should still work maybe your blocking the outgoing connection from your server? As Active mode you connect to me for Data.
I have never known a FTP server not being able to do Active mode unless setup not too.
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
