total commander 6.51 + norton firewall 2005 = problems

konnektowiec · Post by *konnektowiec » 2005-02-13, 15:21 UTC

Previously i was using xp sp 2 + total commander 6.01 + norton firewall 2004 and everything has been alright but now i'm using xp sp 2 + total commander + norton firewall 2005 and it seems there's some problems with it.

When i'm creating new ftp connection in totalcmd and trying to connect to it, firewall asks if should it allow or block - naturally i choose ALLOW and firewall adds totalcmd to his list but despite that i can't connect to FTP. If i turn off firewall, everything's fine.

Anyone knows what's wrong and where problem lies ?

icfu · Post by *icfu » 2005-02-13, 15:38 UTC

I recommend the following:
1. Secure your system with the batch file offered at http://ntsvcfg.de/ntsvcfg_eng.html
2. Uninstall the Norton "firewall" from your system.
3. Use TC and be happy.

If you are in a LAN and therefore can only choose the LAN option in the batch which results in port 445 still vulnerable to theoretical future exploits, activate the XP firewall, plain and simple.

This way you still can play rather pointless "allow access yes/no" games and port 445 is secured anyway.

If you are not in a LAN and use the "(3) ALL" option you will not need any firewall anymore as all ports in the service range 0-1023 are safely closed.

Icfu

JohnFredC · Post by *JohnFredC » 2005-02-14, 03:16 UTC

I have encountered all sorts of "interesting" issues since SP2.

Try your TC/FTP connections in PASSIVE mode! Worked for me.

Maxwish · Post by *Maxwish » 2005-02-14, 09:49 UTC

It's not SP2 but Norton 2005, other users have also reported strange stuff:
see here: http://www.ghisler.ch/board/viewtopic.php?t=6342

my guess is that Passive will work,
Probably Norton2005 does allow TC to connect to the outside FTP server with a certain port but then 'forgets' that the FTP server uses different ports to connect back during an active FTP sesssion and blocks them. During a Passive connection, the server will keep using the same port.

JohnFredC · Post by *JohnFredC » 2005-02-14, 14:11 UTC

I don't use Norton, not allowed in my shop/on my systems.

Something additional must be going on with that active/passive FTP behavior.

Maxwish · Post by *Maxwish » 2005-02-14, 16:00 UTC

2JFC,
my first post was mainly meant for konnektowiec, as in his case it's clear the upgrade to Norton2005 is the cause and not sp2 as he was using that already...

In general, Active FTP problems mostly are caused by a firewall blocking more than it should (maybe the WinXPsp2 firewall in your case) or a Router (these days mostly intergrated in an ADSL modem combined with an own firewall) not forwarding (or blocking) the data to your PC on your local newtork.

icfu · Post by *icfu » 2005-02-14, 16:33 UTC

Maybe you have activated the XP firewall AND have set it to "don't allow exceptions"? Then all connections from the outside will be blocked and you won't get noticed and you won't see a box "still wanna block blabla yes/no".

An active FTP connection is initiated by the server and this doesn't work if the attempt gets blocked.
Passive connections are initiated by the client and therefore don't show these problems.

Icfu