Hey Everyone, I'm trying to secure my server here, I have been implementing an IPSEC policy, to close up all my ports and only open particular ones. Everything looks to be working fine, except for my FTP! I have IPSEC policy setup with a filter that allows traffic from ANY IP to MY IP from ANY PORT to PORT 21. cuteFTP connects fine without the policy Assigned, when I assign the policy. It shows this error... STATUS:> Connecting FTP data socket 216.133.226.226:5002... 425 Can't open data connection This error means the server is dropping the connection, so how would I setup my IPSec policy to accept incoming FTP connections on port 21. Hope to hear from you all soon! Cheers

I hope this may help. http://www.slacksite.com/other/ftp.... http://www.analogx.com/CONTENTS/art... I read it wrong and answer it wrong too. So get off my case you peanut.

Im lost there is no where in IPSec to set a range for ports, at least that I know of. I can see that my FTP server is connecting and it accepts the creditials I supplied. It always freezes right at this line: ____________________________________________ STATUS:> Connecting FTP data socket 216.139.226.226:5004... ____________________________________________ then comes up with this error. ____________________________________________ ERROR:> The remote host actively refused the attempt to connect to it. 1) Verify that the destination server name or IP address is correct 2) Verify that the connection port number is correct (under Site Settings | Type tab). 3) The remote server may be temporarily or permanently inaccessible (try again later). 4) Verify that you have chosen the right protocol (SSH2, SSL, FTP, etc.) and have setup all required options for that protocol. 5) Verify that the destination IP address and port numbers are correct. 6) The remote server may be refusing multiple connections from the same client. Try using only one connection thread when connecting to this particular server (Site Settings | Options). 7) Try pinging the address. 8) If you are using a router, verify the router is up and running (check by pinging it and then ping an address outside of the router). 9) Do a traceroute to the destination to verify all routers along the connection path are operational. 10) Verify that your subnet mask is setup properly. 11) Verify that your local software or hardware firewall is not blocking outbound connections originating from CuteFTP. 12) Verify that your anti-virus software is not at fault (try disabling it). ERROR:> PASV failed, trying PORT. STATUS:> Waiting 0 seconds... STATUS:> Getting listing "/"... STATUS:> Connecting to FTP server 216.139.226.226:21 (ip = 216.139.226.226)... STATUS:> Socket connected. Waiting for welcome message... 220-FileZilla Server version 0.9.24 beta 220 Welcome to your FTP directory! Your IP will be Logged STATUS:> Connected. Authenticating... COMMAND:> USER rcct 331 Password required for rcct COMMAND:> PASS ***** 230 Logged on STATUS:> Login successful. COMMAND:> PWD 257 "/" is current directory. STATUS:> Home directory: / STATUS:> This site supports features. STATUS:> This site supports SIZE. STATUS:> This site can resume broken downloads. COMMAND:> REST 0 350 Rest supported. Restarting at 0 COMMAND:> PORT 192,168,0,104,0,21 200 Port command successful COMMAND:> LIST 150 Opening data channel for directory list. ERROR:> Timeout (30000 ms) occurred on accepting data connection from server. 425 Can't open data connection. ERROR:> Trashed response received. ____________________________________________ I see everytime it trys to connect it wants to connect to ftp datasocket on port 5004 or 50XX, it changes all the time. So how would i set my IPSec policy to allow taht threw? There has to be something so simple that I'm missing.... Any help is most appreciated