FlashFXP Forums - View Single Post - Connection timeout when XP SP2 Firewall is enabled.

bigchief · 01-23-2005, 10:55 AM

* FlashFXP v[3].[0.2], build [1045], [X]registered, [ ]unregistered, [ ]pirated
* OS [X] WinXP, [ ] Win2K, [ ] Win98, [ ] WinME, [ ] Other
* Running behind NAT/router [X] Yes & Model [FreeBSD 5.3-RELEASE-p3], [ ] No, [ ] Not sure
* Running firewall [X] Yes, Name [Windows XP SP2], Ver. [ ], or [ ] No
* Running Antivirus [X] Yes, Name [Norton Antivirus 2005] or [ ] No
* Network [X] xDSL, [ ] CABLE, [ ] Dail-Up, [ ] Other

Hi,

I'm having some trouble connecting to various FTP Sites with Windows XP Service Pack 2 firewall enabled.

Whenever I connect to a site, it just times out. If I disable the SP2 firewall, there is no problem connecting.

Possible solutions tried:
* Disabled XP SP2 Firewall: Worked (not an acceptable solution in the long run though

* Removed Installergenerated FlashFXP entry from Windows Firewall: no change
* Disabled Antivirus: no change
* Updated FlashFXP to latest BETA version (3.1.8 build 1062): no change.
* Flush firewall rules from FreeBSD Machine: no change

Log output:
[16:43:57] [R] Connecting to ftp.freebsd.org -> DNS=ftp.freebsd.org IP=62.243.72.50 PORT=21
[16:44:18] [R] Connection failed (Connection timed out)
[16:44:18] [R] Delaying for 120 seconds before reconnect attempt #1

tcpdump on the FreeBSD firewall shows:
16:44:42.744360 arp who-has 172.21.203.3 tell 172.21.203.4
16:44:42.744380 arp reply 172.21.203.3 is-at 00:08:74:20:18:bb
16:44:42.744490 IP 172.21.203.4.1590 > 172.21.203.3.53: 4424+ A? ftp.freebsd.org. (33)
16:44:42.934429 IP 172.21.203.3.53 > 172.21.203.4.1590: 4424 2/4/3 A 62.243.72.50, (209)

( FlashFXP is allowed to lookup the name, but not to connect further).

The time on the 2 hosts isn't 100% in sync, it's a laptop that seems to drift a bit

I've tried with various internal and external hosts, all to no avail, and all of them work once I disable the Windows XP SP2 Firewall.

Furthermore I've tried to enable Logging on the XP Builtin firewall, but nothing shows up in the log, which only baffles me further.

For now, I've turned off the firewall on the laptop, and thats perfectly fine while on my own LAN, but it being a laptop, I'm bringing it around the world to various unsafe locations, and having a firewall on the machine is a must.

--
Regards
SÃ¸ren Klintrup
Senior UNIX Administrator

01-23-2005, 10:55 AM
bigchief Junior Member Join Date: Aug 2002 Posts: 6	Connection timeout when XP SP2 Firewall is enabled. * FlashFXP v[3].[0.2], build [1045], [X]registered, [ ]unregistered, [ ]pirated * OS [X] WinXP, [ ] Win2K, [ ] Win98, [ ] WinME, [ ] Other * Running behind NAT/router [X] Yes & Model [FreeBSD 5.3-RELEASE-p3], [ ] No, [ ] Not sure * Running firewall [X] Yes, Name [Windows XP SP2], Ver. [ ], or [ ] No * Running Antivirus [X] Yes, Name [Norton Antivirus 2005] or [ ] No * Network [X] xDSL, [ ] CABLE, [ ] Dail-Up, [ ] Other Hi, I'm having some trouble connecting to various FTP Sites with Windows XP Service Pack 2 firewall enabled. Whenever I connect to a site, it just times out. If I disable the SP2 firewall, there is no problem connecting. Possible solutions tried: * Disabled XP SP2 Firewall: Worked (not an acceptable solution in the long run though * Removed Installergenerated FlashFXP entry from Windows Firewall: no change * Disabled Antivirus: no change * Updated FlashFXP to latest BETA version (3.1.8 build 1062): no change. * Flush firewall rules from FreeBSD Machine: no change Log output: [16:43:57] [R] Connecting to ftp.freebsd.org -> DNS=ftp.freebsd.org IP=62.243.72.50 PORT=21 [16:44:18] [R] Connection failed (Connection timed out) [16:44:18] [R] Delaying for 120 seconds before reconnect attempt #1 tcpdump on the FreeBSD firewall shows: 16:44:42.744360 arp who-has 172.21.203.3 tell 172.21.203.4 16:44:42.744380 arp reply 172.21.203.3 is-at 00:08:74:20:18:bb 16:44:42.744490 IP 172.21.203.4.1590 > 172.21.203.3.53: 4424+ A? ftp.freebsd.org. (33) 16:44:42.934429 IP 172.21.203.3.53 > 172.21.203.4.1590: 4424 2/4/3 A 62.243.72.50, (209) ( FlashFXP is allowed to lookup the name, but not to connect further). The time on the 2 hosts isn't 100% in sync, it's a laptop that seems to drift a bit I've tried with various internal and external hosts, all to no avail, and all of them work once I disable the Windows XP SP2 Firewall. Furthermore I've tried to enable Logging on the XP Builtin firewall, but nothing shows up in the log, which only baffles me further. For now, I've turned off the firewall on the laptop, and thats perfectly fine while on my own LAN, but it being a laptop, I'm bringing it around the world to various unsafe locations, and having a firewall on the machine is a must. -- Regards SÃ¸ren Klintrup Senior UNIX Administrator