Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

FTP Server Behind Linksys Router Problems 2

Status
Not open for further replies.
nonturbo

nonturbo

IS-IT--Management
Aug 27, 2001
78
US
I'm having very strange problems with the IIS FTP server behind my Linksys firewall/router. I've setup port forwarding for port 20 & 21 and allowed both TCP and UDP (I know I don't need UDP enabled) to forward to the FTP server's private IP. Being that I do not want the FTP server completely open on the Internet, I choose *NOT* to set the DMZ setting for security. It's running on a WinXP Pro box with IIS 5.1 installed, and from some computers I can connect and use the server fine, yet from others, nothing seems to work right. It'll connect, but cannot retrieve a file list or transfer files - Regardless of the Passive mode setting on the FTP client.

I've tried every trick up my sleeve, but now I've run outta ideas. Are there any hidden registry settings or something I've forgotten to set to force the server to use passive mode connections? I'm using the 1.42.4 firmware, although I see 1.42.6 is now available. I'll try upgrading the firmware, but I doubt that'll help my situation at all. Has anyone tried any 3rd party FTP servers with any success behind a firewall without DMZ? Please help! Also, is it possible to use a non-standard port behind a firewall? Any help would really be appreaciated! Thanks in advance!
 
Sort by date Sort by votes
I had a problem very similar, it has something to do with the settings the ftp client was using. I had to use cuteftp to connect to the server on PORT setting instead of Passive. I don't if that would help you in your case.

Chris
 
Upvote 0 Downvote
I've just upgraded my Linksys firmware to the 1.42.6 release, and as expected, this did not solve the problem.
As far as FTP clients go - I've tried using MSIE 6 and BulletProof FTP, as well as the DOS FTP command, and a few Linux clients. I'm mostly using the latest release of BulletProof FTP under Windows XP. Usually, using Passive FTP solves the problem, as the ports required for an Active connection are closed at the firewall. I really need to sit down at a box thats having the connection problems and see whats up, as I haven't gotten any good leads as to why things are screwy.
 
Upvote 0 Downvote

I have the same type of setup (different router though). Did you make sure you have port 20/21 mapped to the FTP server to also port 20 and 21? Not something like x.x.x.x:21 -> privateip, where is should be x.x.x.x:21 -> privateip:21 if you know what I mean. The FTP client wouldnthave to use pasv either.

This could be your provider/ISP...

- NT
 
Upvote 0 Downvote
I'm having the same (or similar) problem connecting to my IIS 5 server that's behind my Linksys BEFS41 router. I have used ftp.exe in Win2k pro, IE 5.02, and Procomm. All allow me to login, but I cannot get a directory listing. What I find causing a problem is that when using Procomm to connect in Passive mode, it connects and logs in fine, but then says it's trying to get the directory listing from 10.0.0.11, which is the LAN IP of the FTP server. I called Linksys and they told me to set "Block Wan Requests" to Disabled, and try turning off port forewarding and setup the server as the DMZ host. I did that and it didn't help. They say it's a problem with the server, but I think otherwise. I plan to test with BulletProof FTP in PORT mode per and will post a follow-up. Per that page, it says there is a problem with Linksys routers understanding PORT commands in lower case, who knows.

Here is an example (65.66.x.x was my router IP at the time, and the 206.136.x.x was the IP I was connecting from):

WINSOCK.DLL ver. 1.1 [ WinSock 2.0 ]
Connected to 65.66.23.187 port 21
[548] socket, from host 206.136.52.22 port 2309
220 finch Microsoft FTP Service (Version 5.0).
USER danielp
331 Password required for danielp.
PASS XXXXXXX
230 User danielp logged in.
SYST
215 Windows_NT version 5.0
Detected host system type (Windows NT)
PWD
257 "/danielp" is current directory.
PASV
227 Entering Passive Mode (10,0,0,11,12,243).
Error connecting to 10.0.0.11 FTP service.
connection timed out
Directory List Error (Code 0)

*****************

This is Passive mode turned off:

WINSOCK.DLL ver. 1.1 [ WinSock 2.0 ]
Connected to 65.66.30.154 port 21
[672] socket, from host 206.136.52.22 port 2373
220 finch Microsoft FTP Service (Version 5.0).
USER danielp
331 Password required for danielp.
PASS XXXXXXX
230 User danielp logged in.
SYST
215 Windows_NT version 5.0
Detected host system type (Windows NT)
PWD
257 "/danielp" is current directory.
[536] going to listen 206.136.52.22 port 2373
PORT 206,136,52,22,9,70
200 PORT command successful.
[536] listener 0.0.0.0 port 2374
LIST *
150 Opening ASCII mode data connection for /bin/ls.
Timeout cancelled command
Accept - : Blocking call cancelled
[536] Socket closed.
Directory List Error (Code 0)
quit
221
[672] Socket closed.
 
Upvote 0 Downvote
the problem is the passive ports are blocked problem for me is when i set to forward ports 1024 to 5000(iis default) to my ftp server i can no longer asscess the WAN through the linkysys router 2000 - 5000 work fine but 1024 to 5000 no go im looking for a way to limit the passive ports used by iis to 2000 - 5000
 
Upvote 0 Downvote
take the linksys out of the picture and install your ppp0e on the pc. See if it works now and that will narrow down the possibilities.
 
Upvote 0 Downvote
Tom, I've been thinking of doing that. I know that it will work then, and the only reason I will be doing that is to have some proof that it is their router causing the problem and not my FTP server. I upgraded my firmare to the latest version and that didn't help. I also tried LeechFTP and Bulletproof FTP to no avail.
 
Upvote 0 Downvote
I solved the problem by switching the FTP server from IIS to Serv-U 4.0. Haven't had a single problem since.

In my Linksys I have ports 20 and 21 (TCP) forwarding to my FTP Server's Private IP.

Serv-U is a MUCH MUCH MUCH better FTP server with a whole slew of options, and its free to try out!

The great thing about Serv-U is that it lets you configure which extended ports to use for PORT connections, so if you set it to use ports 26450 to 26500, you can set the linksys to forward that range of 50 TCP ports to the server IP as well. I guarantee you won't have a problem after that.

HTH's..

BTW, does anyone happen to know of a Registry setting to set which ports IIS FTP server uses for PORT connections?



Serv-U can be found at for those that are interested.
 
Upvote 0 Downvote
i did at one point have the same configuration. linksys 4 port router, port forwarding at router 20/21 to internal server.

i was using iis 5 as the ftp server and servU.

they worked fine if i kept the server on the default ftp port. if i tried to change the port, both on the server and firewall, i would get the passive errors.

what kind of ftp server and on what os are u using.

 
Upvote 0 Downvote
Win2k Sever/IIS 5. I originally had it forewarding ports 20-21 to the server, but Linksys told me to put it as the DMZ and remove everything in the Port Forewarding section. So I did that and the problem remained the same. I could try going back to the way I had it to see if the firmware upgrade made a difference.

In your opinion, what is telling the FTP clients to go to the LAN address instead of the WAN address after it logs in? The router or FTP service?
 
Upvote 0 Downvote
i have been unsuccessful w/ the dmz thing... maybe i was doing it wrong or something. but...

i would go back to having port forwarding, port 21/20 to the server.

take the server out of dmz.
i have same router with the original firmware on it.

on the other question.

the client connects to the ftp server through port 21 going in to the server, through the firewall. next the server responds on 20 and then i think the client sends a response on 20 back to the server to set up an alternately, randomly generated port. don't quote me though, i read up on it while i was going through the same situation a while back.

but seriously, contact me and i'll help ya through it.

jason
 
Upvote 0 Downvote
If you have the original firmware on your Linksys Router, then it's probably time to upgrade. Visit Linksys.com and find the Firmware update for your router. As long as you know the IP address of the router and password, you should have no problems at all performing the update.

I have had a few instances where I was forced to update the firmware on a Linksys router where there were MANY connections and the upgrade crashed half-way. At first I thought this could be trouble, especially since it wouldnt recognize my password to allow me to update again, but I tried the defaul password "admin" and it updated fine on the 2nd shot. After that, it somehow remembered my original set password.
 
Upvote 0 Downvote
I was on version 1.36 and I upgraded to the newest version (1.42 i think) before May 10th, but that didn't help. I took it back off the DMZ and forewarded ports 20-21 UDP & TCP to the server again today, and that didn't help either.

I will give ServeU a try and see what happens. Will post next week if it doesn't work.

Jay,
Thanks for offering to help. If the above doesn't work out, I'll try to contact you.
 
Upvote 0 Downvote
IF you want to run a reliable, powerful FTP server with more configurablility, security, and options under Windows behind a Linksys (or other routers, I'm guessing) Serv-U is the best way to go (IMHO).

I run Serv-U as a service 24/7 and since switching from IIS > Serv-U I'd ***NEVER*** go back. I tried out almost every FTP Server software currently out there before choosing Serv-U.

The reason Serv-U works great behind Linksys routers is that it'll allow YOU to decide what port range to use for PASV connections. In port forwarding I've got Ports (20-21) and (35000-35049) both TCP&UDP forwarding to the FTP server private IP.
To set the PASV port range (35000-34049) in Serv-U config, just fire up the Serv-U Administrator and choose << Local Server >> Settings (Advanced Tab) and it's right there under &quot;Server&quot; with a feature-rich slew of other options.

Good luck!
 
Upvote 0 Downvote
..Oh yeah, almost forgot.. The reason I choose such high port numbers is so that I won't run into problems of having other services on any of the same ports (huge potential security risk). Allowing the default IIS's 1024-5000 to pass over to the server will no doubt be asking for trouble...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
205
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
255
Aquiles Vidal
Aquiles Vidal
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
266
DrB0b
DrB0b
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
297
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
219
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top