SPI firewall interfering with FTP

February 14th, 2009

I recently set up a client with an FTP account so they could access the files on their website.

Before sending him the login details, I decided to confirm that the account worked. So I tried connecting using first an FTP client (Filezilla) and then the Windows XP commandline FTP. In both cases, I was able to get in part way (i.e my login id and password were accepted) but then I could not use typical FTP functions like CD or LS. The connection would just hang.

I contacted the folks that manage our server and busted their chops and they were convinced the problem was at my end… So I started poking around. I tried disabling the ZoneAlarm firewall on my local PC. I still had problems… So then I checked the log on my recently (a few months ago) purchased D-Link DIR-655 router. And, bingo, there was a number of log messages saying that it was blocking TCP activity with my remote server. Eventually I figured out that it was the SPI firewall that was causing the problem (i.e. I temporarily disabled SPI in the router admin interface and found that FTP then worked).

I imagine one could fix this by making some change in the SPI rules but since I normally use sFTP rather than FTP (and sFTP seems to work fine with the new router) I have not made the effort to figure it out.

This D-Link DIR-655 is the first router I have owned that used both an NAT and SPI firewall. I like extra protection on principle but I don’t understand the technology well enough to grasp what extra protection SPI affords…

But any one who is:

  1. Having odd FTP problems and has
  2. Recently installed a new generation router with an SPI firewall (particularly a D-Link DIR-655)

Should suspect that SPI and FTP are not playing well together.

Product Review: Skype Voice over IP

May 22nd, 2007

I recently traveled to Seoul, Korea on a business trip.

This was my first overseas business trip in a number of years. From previous trips, I had long since realized that calling home from overseas using the hotel operator was a complete rip-off. In the past, I had used a MCI or AT&T calling card account and their in-country direct dial back to the US. That meant that the per-minute charge was only a few cents.

This trip came up rather suddenly and I didn’t have time to set up a calling card account… So what to do? I knew that my hotel room would have an Internet (10/100Mb ethernet) connection so I figured, why not try Voice over IP? I believe there are a number of VoIP outfits out there (including some of the major telecomm’s like Verizon) but I decided to try Skype.

I downloaded the Skype software to my laptop, set up a Skype account. I also bought $10 worth of Skype dial out time which would allow me to call any regular phone number in the world for about $0.021 per minute (the $10 translates to more than 7 hours of talk-time). I also set up a Skype dial-in telephone number and voice mail so that folks to could call me and at least leave a message while I was in Korea. I think that cost $12 to rent the phone number for 3 months.

I also bought a $30 usb earphone/microphone headset at Best Buy.

In any case, I arrived in Korea, found my hotel and checked in. The next morning, I set up my laptop, connected it to the room’s ethernet jack and tried using Skype. Basically it worked once I figured out how to get the headset to work properly with Skype.

The Skype voice quality was not as good as my home office copper landline but it was, typically, better than I get with my cell phone around Boston.

And having a phone connection that allowed me to call anywhere in the world for about 2 cents a minute was very nice. I had to rearrange some flight reservations and ended up spending a lot of time on hold waiting for the next agent. Only spending a couple of cents a minute made that a lot less stressfull!

Definition: Shared Hosting

January 28th, 2007

Shared hosting means a website is hosted on a server which also hosts other (typically dozens if not hundreds) websites.

Every website needs a certain amount of hard disk space for storing files (e.g. html, image jpegs, php or other scripting languages). It also needs a certain amount of computer processing from the server’s cpu and it needs a certain amount of bandwidth to send webpages out to the website visitors over the Internet.

The amount of hard disk space needed is simply a function of the size and complexity of the site. The computer processing load and bandwidth are a function of the number of visitors to the site and whether it has a lot of image files or a lot of programmatic functions (Imagine how many financial transactions are being handled by Amazon at any given moment).

The vast majority of the websites on the Internet are neither large enough nor get enough visitors to justify having their own dedicated server. So the vast majority of websites use shared hosting.

Shared hosting has the following advantages and disadvantages:

Advantages

  • Less expensive: because one is sharing the cost of the server with many other websites, the cost per website is much reduced. A typical cost for a shared hosting account would be $10 per month, a dedicated server would cost on the order of $300 per month.
  • Preconfigured: the company providing the shared account will have provided the tools and capabilities needed by a typical website including a control panel, email services, webstatistics, means of installing various web applications (e.g. blogs, image galleries, etc.) With a dedicated server, it is assumed that you want to, and are capable of, configuring the server yourself.
  • Security: the company providing the shared hosting server will be responsible for maintaining a secure environment, and making sure that the operating system is properly patched. With a dedicated server, you will get some support from the hosting service but you will share the responsibility of keeping the server secure.
  • Reliability: because the shared hosting server is hosting dozens of websites, it is in the interest of the hosting service to ensure that the server stays operational and that it is returned to service ASAP if there is a failure. With a dedicated server, the hosting company will certainly assist you with problems but, since you will be the only customer involved, they may not give you priority if there are problems on their other servers.
  • Availability: there are literally thousands of companies offering shared hosting which is one of the reasons the cost is so affordable.

Disadvantages

  • Flexibility: because a share hosting server is pre-configured for the “average” website, one may find that it lacks certain capabilities that one needs… And that it may be difficult or impossible to add them. Typically this will be in the area of scripting languages. For example, most shared hosting will not have python or ruby (scripting languages) integrated with the webserver… Or the shared hosting server may not use the latest version of PHP.
  • Security: even though the hosting company takes responsibility for overall security, the fact that there are dozens of websites on the server means that each one constitutes a potential vulnerability. The entire shared hosting server (and all the sites it hosts) can be brought down by a vulnerability on a single site.
  • Reliability: as mentioned above, there are thousands of companies offering shared hosting at very low prices but finding a reliable hosting company can be very challenging.

On balance, of course, shared hosting is the best option for most websites. It is important to find a reliable hosting service and it is important to review the various packages offered to make sure they meet your needs.

Definition: Extranet

January 26th, 2007

An Extranet is a website that is present on the Internet but is only available to authorized individuals. It is typically protected by a mechanism that requires a visitor to provide an authorized login id and corresponding password. The Extranet mechanisms may also require that a visitor logging in do so using an encrypted connection.

The users of an Extranet are typically employees, customers, or suppliers with a relationship to the organization operating the Extranet.

See also Intranet.

Definition: Intranet

January 26th, 2007

An Intranet is a website residing on a computer on a local area network or LAN. It is usually not accessible from the outside world (i.e. the rest of the Internet) either because the local network is not connected to the Internet or, more commonly, because it is protected behind a firewall.

An Intranet is typically used to provide information to employees or members of the organization owning the local area network. The Intranet might be used to post company announcements and policies or run web applications (e.g. shared calendars or CRM software).

A common practice in small business is to take an obsolete Windows PC, install Linux and set it up as in inexpensive web server for the Intranet.

See also Extranet.