SPI firewall interfering with FTP

I recently set up a client with an FTP account so they could access the files on their website.

Before sending him the login details, I decided to confirm that the account worked. So I tried connecting using first an FTP client (Filezilla) and then the Windows XP commandline FTP. In both cases, I was able to get in part way (i.e my login id and password were accepted) but then I could not use typical FTP functions like CD or LS. The connection would just hang.

I contacted the folks that manage our server and busted their chops and they were convinced the problem was at my end… So I started poking around. I tried disabling the ZoneAlarm firewall on my local PC. I still had problems… So then I checked the log on my recently (a few months ago) purchased D-Link DIR-655 router. And, bingo, there was a number of log messages saying that it was blocking TCP activity with my remote server. Eventually I figured out that it was the SPI firewall that was causing the problem (i.e. I temporarily disabled SPI in the router admin interface and found that FTP then worked).

I imagine one could fix this by making some change in the SPI rules but since I normally use sFTP rather than FTP (and sFTP seems to work fine with the new router) I have not made the effort to figure it out.

This D-Link DIR-655 is the first router I have owned that used both an NAT and SPI firewall. I like extra protection on principle but I don’t understand the technology well enough to grasp what extra protection SPI affords…

But any one who is:

  1. Having odd FTP problems and has
  2. Recently installed a new generation router with an SPI firewall (particularly a D-Link DIR-655)

Should suspect that SPI and FTP are not playing well together.

Return to Top

Fatal error: Call to undefined function adsense_deluxe_ads() in /home1/salemcom/public_html/web/weblog/wp-content/themes/weblog/comments.php on line 59