I'm using a Linksys router to connect three computers to the internet via a cable modem. One of the computers is running an FTP site with the War-ftp server program. In the router setup, I set that computer as the DMZ host, meaning it should be outside the router's firewall. My ftp site is accessable to people not using a router. My buddy who has his computer directly hooked up to a dsl modem can get on no problem, and I can get on from my school, but a few other people who are on a network behind a router can't get on. They'll log in and get the greeting message, but right when they try to get the directory listing ("Opening ASCII mode data connection for /bin/ls...") their ftp program stops. There's got to be some setting I can change in my router setup or my War-FTP setup to fix this.
Any ideas?
Thanks,
-Brent_212
Using router with FTP server problem
Yeah, but...
It's not just one person, it's anyone behind a router. It seems like a person can log in to an ftp site if there's only one firewall inbetween them, but not two. People who aren't behind a router can access my site, which seems to be behind a router, but people behind a router can't.
I know putting my computer as the DMZ host should get me outside of my router's firewall but maybe its not, or maybe I have to set something in the War-FTP program to fix this.
I know putting my computer as the DMZ host should get me outside of my router's firewall but maybe its not, or maybe I have to set something in the War-FTP program to fix this.
Enable TCP and UDP connections on port 20 on your end. Your friends time out because they lack an open data port when FTP'ing from behind a firewall.
OMARNYC.COM - My place on the web
To establish a session with a FTP server, you can map the listening port to any other available port, and instruct your end users to configure this in their clients. However, in most cases, to establish a data connection to transfer a file, particularly if behind a firewall, port 20 must be enabled for both outgoing and incoming connections. This is a static IP port assignment, and I don't believe could be altered.
OMARNYC.COM - My place on the web
Two things to keep in mind:
1. Since you're behind a router, he needs to disable "Passive mode" in his FTP client, or he will be trying to connect to your server's internal IP. Chances are this will fix the problem.
2. There are two ports open in a FTP connection, a "control" and "data" port. It seems like his control port is connecting, but the data port won't work. You might want to get the complete connection attempt log and look through it.
1. Since you're behind a router, he needs to disable "Passive mode" in his FTP client, or he will be trying to connect to your server's internal IP. Chances are this will fix the problem.
2. There are two ports open in a FTP connection, a "control" and "data" port. It seems like his control port is connecting, but the data port won't work. You might want to get the complete connection attempt log and look through it.
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits), even though my tin foil hat is regularly audited for potential supply chain tampering. I also eat whatever crayons are put in front of me.
๑۩۞۩๑
๑۩۞۩๑
-
qqqutie
i have a similar setup......
you'll have to allow your router to port forward on the port the FTP server is running on, and that port - 1. Say you were running your servcer on port 7788, then you would forward 7788 and 7787. You'll also need an FTP server that can send out a different IP than that the machine is running on....otherwise yoiur sending out your internal IP with every packet, and the rewst of the world doesn't know your internal ip. G6 FTP server has this capability. The latest BPFTP also has a 'My IP' setting allowing those also behind a router to send out different ip's to FTP servers behind a router.
Hope this helps
you'll have to allow your router to port forward on the port the FTP server is running on, and that port - 1. Say you were running your servcer on port 7788, then you would forward 7788 and 7787. You'll also need an FTP server that can send out a different IP than that the machine is running on....otherwise yoiur sending out your internal IP with every packet, and the rewst of the world doesn't know your internal ip. G6 FTP server has this capability. The latest BPFTP also has a 'My IP' setting allowing those also behind a router to send out different ip's to FTP servers behind a router.
Hope this helps
yep thats the problem
ftp servers typycally use two ports, the main connect port - in your case port 21 and one port below that. In this case your friends would need to be able to connect to ports 20 and 21. The most likely problem is with your friends behind their routers (and firewall if they have em). They need to allow both ports. The problem you are seeing is indicative of them not using both ports because one is blocked on their end. They are obviously using port 21 but they are not using port 20 which they need also. so for any ftp server (in your class) remember to tell them if they are behind routers and firewalls that they need to enable : main connect port (21 in your case) and main connect port -1 as well.
*** In response to qqqutie ***
It doesn't really matter whether an outsider sees your internal IP or not. In a single IP, NAT setup, no one can hit your nodes from behind your firewall unless you instruct your router otherwise, and only through the port that you enable. Your internal IP is not public, and therefore not accessible.
It doesn't really matter whether an outsider sees your internal IP or not. In a single IP, NAT setup, no one can hit your nodes from behind your firewall unless you instruct your router otherwise, and only through the port that you enable. Your internal IP is not public, and therefore not accessible.
OMARNYC.COM - My place on the web
*** In response to bushpie ***
Nah.. The server needs to make sure it can listen on ports 20 and 21 from behind it's firewall. Clients make an outgoing connection, not incoming, when connecting to a FTP server. Unless the client's router is blocking these ports on outgoing connections, there is little tweaking that needs to take place on the client end.
Nah.. The server needs to make sure it can listen on ports 20 and 21 from behind it's firewall. Clients make an outgoing connection, not incoming, when connecting to a FTP server. Unless the client's router is blocking these ports on outgoing connections, there is little tweaking that needs to take place on the client end.
OMARNYC.COM - My place on the web
Depends on the mode that ftp is running in. One way, the client picks the data port, the other has the server doing it. Can be an arbitrary port that is used, depends on the ftp server.
Should also be noted from the first post that Linky doesn't make a firewall. NAT affords some protection. A rules-based firewall would make this a lot easier to configure. FTP and NAT have some issue in general because teh comm happens over two channels.
Skye
Should also be noted from the first post that Linky doesn't make a firewall. NAT affords some protection. A rules-based firewall would make this a lot easier to configure. FTP and NAT have some issue in general because teh comm happens over two channels.
Skye
anything is possible - nothing is free
Blisster wrote:It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)