FTP server questions 1

[ngagne]

I have been trying to set up an FTP server at home with limited results. I'm running W2K pro with a DSL connection behind a Linksys 4 port router with a NAT firewall. I have enabled port forwarding for ports 20&21 (FTP), and forwarded them to the IP address of my system. Users can log in, but it's a mixed bag as to what they can list in directories. I have tried 10 different servers, from Serv-U to WarFTPd to Bulletproof, but all seem to have the same problem. I'll explain:

Users have their root directory mapped as /, which is really c:\ftp on my system. In / there are sub-level folders (/music, etc.). Permissions are set to read/write/delete/create/list/recursive(inherit). The user logs in and can see the folders and any files under /. When they try to cd to /music, the client hangs. This happens with multiple clients, including FTP Explorer, CuteFTP, and also the built in Windows client (command line based). Different clients have different results - for example, I cannot list folders using the ls command in the Windows client. I can see the files, but not the folders. If I use dir, it works but won't let me list the contents of sub-dirs.

I have set up different FTP servers on other machines before without a hitch. I can't figure out what is going on - if anyone could help, I'd appreciate it. I can setup a test login account for anyone that can help me, just e-mail me at nathan.gagne@verizon.net for more info.

Thanks guys (and gals!)

Nate Gagne
nathan.gagne@verizon.net
AKA Nick Burns - Your Company's Computer Guy
"Would you like me to save your game of Minesweeper first?"

Like my post? Let me know it was helpful!

 

[sobak]

Run into the same problem with my FTP server, the issue is the firewall that is between you and the internet. What I do is tell my clients to set their FTP clients up for "Passive Transfers" What is happening is the login comes in on the proper port the you have open but once it negotiates a connection the server chooses a random port above 1024 and attempts to send data back to the client. Setting the connection up for "Passive Transfers" forces the connection to use port 20/21.

Now since my company wont spring for a good FTP server I would think you should be able to control this on the server side as well. Take a look in your documentations for setting up a "Passive" Connection with a client. I would think you should force the connection from the server down port 20/21 as required.

Let me know if this works out for you....

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[ngagne]

sobak -

Thanks! I have not tried this yet but will do so when I get home. It makes perfect sense. I'll let you know how it goes.

Nate Gagne
nathan.gagne@verizon.net
AKA Nick Burns - Your Company's Computer Guy
"Would you like me to save your game of Minesweeper first?"

Like my post? Let me know it was helpful!

 

[ngagne]

Well, I tried opening up some ports on the router for PASV, but the problem is still there. My understanding of passive mode transfers are as follows:

PASV allows you to "connect" to a FTP server using a specified port (usu. 21). With PASV mode enabled, any commands issued after the initial connection will try to negotiate on a random port above 1024.

I have decided to stick with Serv-U, here's what I have done so far:

Enabled PASV transfers.
Specified the PASV port range to 13000-13014.
Forwarded same ports to IP address of my machine. Configured clients to use PASV transfers.

Still no juice, any other suggestions? Nate Gagne
nathan.gagne@verizon.net
AKA Nick Burns - Your Company's Computer Guy
"Would you like me to save your game of Minesweeper first?"

Like my post? Let me know it was helpful!

 

[sobak]

Can you run some logging on your firewall view them on-line? If you can’t you can forward the logs to a daemon (Kiwi syslog is a good one) after you get logging configured, you can attempt a connection then look at the log files. If it is your firewall blocking you then you can make the adjustments as necessary. I know I had a heck of a time trying to get mine to work through a Cisco ACL but finally got it nailed down. I don’t work with Linksys so I don't know if you can view the log while connected to the router. Cisco routers I can view the log file which makes troubleshooting lots faster.

Another way you can try is to drop your firewall for a short time (if you can on linksys) and test it without any protection at all. If it works, then we can focus on making the FTP server compatible with your firewall.

Hope we can get this working for you..


david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[sobak]

Okay a little more investigation and I found this document...


About passive mode data transfers to servers behind a firewall

If FTP Serv-U is running behind a firewall with address translation, passive mode data transfers (as used by all Web browsers) do not work. The reason is that the IP address of the server is not the same as the IP address outside users should use to connect to the server. FTP Serv-U does not know this, and when the FTP client program asks for its passive IP address it will give the wrong (internal) address.

What is needed is some way to tell FTP Serv-U what IP address it should hand out to FTP clients when they want to do a passive mode data transfer, the right address is the IP address the outside world should use to connect to the server. This can be done via the Setup - Multi-Home IP dialog. In that dialog box is an entry for IP for passive mode, that is where the IP address to report to FTP clients goes.

Its actual use is very much like the multi-homed IP setup. For example, say a server is behind a firewall, and has an IP address 192.168.0.10. The outside world accesses the server by using, for example, address 243.56.78.1. To make passive mode work, enter'192.168.0.10' for Home IP number, some description at Descriptive name and'243.56.78.1' at IP for passive mode. After pressing the Add button a special IP home is created, which does passive mode address translation. To make the passive IP address work for FTP users make sure to select it in the Setup - Users dialog as the user's IP home.

The above assumes the firewall is set up to pass all the needed packets on to the server. In particular, this means the firewall has to allow incoming TCP connections to port 21 on the server, allow outgoing TCP connections from port 20 (for regular mode data transfers), and allow incoming TCP connections to any random port over 1023 on the server (for passive mode transfers). Depending on what the firewall allows to pass it may be that despite passive mode address translation it is still not possible to use passive mode for data transfers.

On-line help for Serv-U v2.5a


Let me know if this helps any. david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[ngagne]

sobak -

I read that document this weekend, and it doesn't work because...

Its actual use is very much like the multi-homed IP setup. For example, say a server is behind a firewall, and has an IP address 192.168.0.10. The outside world accesses the server by using, for example, address 243.56.78.1. To make passive mode work, enter'192.168.0.10' for Home IP number, some description at Descriptive name and'243.56.78.1' at IP for passive mode. After pressing the Add button a special IP home is created, which does passive mode address translation. To make the passive IP address work for FTP users make sure to select it in the Setup - Users dialog as the user's IP home.

Since I'm on a dynamic external IP, I have no way of putting the current WAN IP into this settting. I do use DDNS, but the fields referred to in the article only accept IP addresses, not host names.
Nate Gagne
nathan.gagne@verizon.net
AKA Nick Burns - Your Company's Computer Guy
"Would you like me to save your game of Minesweeper first?"

Like my post? Let me know it was helpful!

 

[sobak]

Nate,

Heck, thought I had that one figured out since you told me Serv-u (that is what I use). I guess since you're with Verizon, there is no chance of them giving you a static (without paying the price for it). I am going to have to think this one out. I am sure there's a way but for the life of me it's not coming to me.....give me til tomorrow, I'll run it by a few to see if we can come up with any ideas for you.

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[ngagne]

Verizon does not offer static IPs in my area yet (nor would I want to pay for one).

I appreciate all the help you have provided! Let me know how the thought process goes

Nate Gagne
nathan.gagne@verizon.net
AKA Nick Burns - Your Company's Computer Guy
"Would you like me to save your game of Minesweeper first?"

Like my post? Let me know it was helpful!

 

[ShackDaddy]

Ok, standard Active-mode FTP has the ftp CLIENT assign a high-range port (using the PORT command) for the ftp server, in essence telling the server which port it will be listening on. The server then opens up a data connection back to that address\port, typically when an actual transfer of files is going to be made. This often fails because of the firewall restrictions on the CLIENT side network, typically which disallow preestablished sessions on high ports through the firewall, not due to traffic restrictions on the server side.

In PASSV mode, the server supplies the client with an IP and port range, and the client makes a connection to what was specified. As was described, with NAT things get tricky since the server isn't always aware of what the external address is. You might be better off trying to get Active mode working.

Is there any way you can adjust the firewall of your potential client? That's what I've had to do several times.

ShackDaddy

 

[ngagne]

The client is not behind a firewall. Nate Gagne
nathan.gagne@verizon.net
AKA Nick Burns - Your Company's Computer Guy
"Would you like me to save your game of Minesweeper first?"

Like my post? Let me know it was helpful!

 

[sobak]

Okay, thought I actually found some useful information for you. On one site they specifically has a FAQ on setting up a FTP server behind a LinkSys router using a Firewall and DDNS. I looked at that information and it told me to refer to the LinkSys users manual.

The sight is here...

you are behind a firewall, adding a hostname will only make an alias to your firewall and not your individual machine. In order to direct the requests to a computer behind the firewall you must setup port forwarding on the firewall. If you have control over the firewall, NAT or proxy you can open certain ports to allow access for outside connections. If this is the case, MyServer.Org Dynamic DNS will work fine behind a firewall, NAT or proxy. In some situations your IP address may not show up properly. When this happens you can use alternate methods to set up the proper IP address. Information on how to do this is in the manual for your firewall, NAT or proxy. Here is a step by step instruction sheet for the Linksys DSL router.


With that in mind, did you take a look at the manual. I know I never look at the manual unless it's the last resort, but it may have some special insight into this secific problem. david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[ngagne]

I'll double check the manual. What site did you get this info from? Nate Gagne
nathan.gagne@verizon.net
AKA Nick Burns - Your Company's Computer Guy
"Would you like me to save your game of Minesweeper first?"

Like my post? Let me know it was helpful!

 

[sobak]

I got it at....

http://www.myserver.org/faq.asp

It's a DDNS service provider. I looked under their FAQ's and found that little information. The link under that FAQ goes into explaining how to "Port Map" something that I'm sure you've already done....I'm still looking for you..

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[wybnormal]

Also look at:

http://www.tzo.com/MainPageServices/index.html

for DDNS

MikeS Find me at

http://www.packetattack.com

"The trouble with giving up civil rights is that you never get them back"

 

[Guest_imported]

Try this link...I've ben having some probs myself

http://www.allaboutjake.com/network/linksys/bpftp.html

 

[ngagne]

The problem seems to be that you cannot specify a domain name in the BFTP software - only an IP address. Since I don't know my IP all the time (only my domain), this will not work for me. Nate Gagne
nathan.gagne@verizon.net
AKA Nick Burns - Your Company's Computer Guy
"Would you like me to save your game of Minesweeper first?"

Like my post? Let me know it was helpful!

 

[Guest_imported]

One thing you can do is use dynamic ip software that you install on the server side. Such a service is noip (

http://www.no-ip.com).

They provide free software which will dynamically update a hostname that you register with them (

http://www.whatever.no-ip.com).

The great thing is that you can then find out what your ip address is by pinging that domain name or just point your ftp client at it and it will automatically translate into the address.

Hope this helps.

busa_blade

 

[Guest_imported]

Hi,
I¡¦m having the same problem with my ftp server and a Linksys Cable/DSL Router, my setup is as follows:

Verizon DSL with a Westell modem PPPoE ƒ¼.
The Cable/DSL Router with a 4-Port Switch (Firmware Ver# 1.40.1)
Another 16port hub behind that
A Win2k Pro machine with my ftp server on it (FTP Serv-U2.5) connected to the router.
And several other machines connected to the hub.

My problem is clients from the WAN can connect to my server, view and upload files but they can¡¦t download any thing, yet others on the LAN have full functionality. I have Ports 20/21 forwarded to the server and I¡¦ve even tried setting the server as a DMZ Host but it still didn¡¦t work. After reading more into it I enabled the Passive mode data transfer and forwarded ports 20/21 and ports above 1023 all the way to 9000 (just to try and get it to work) to my server, and set the ftp client to PASV. But it still won¡¦t let me download files over the WAN, it brings up a download box and just hangs. I think this may be due to some setup in the router but I don¡¦t know what. Any help would be greatly appreciated.

Thank you

 

[Guest_imported]

Hi there,
I have the same problem like ngagne, I allways have to setup the passive mode IP in BPFTP manually when my internet connection is dropped after 24h by my provider.
There seems to be no other solution but to wait for a proper update of the BPFTP srv where u can define a dyndns a file or a site to obtain the IP from.
The other solutionj might be a Visual Basic script that reads out a file with the IP adress, updatet by a dyndns-client like dynsite, an places it into the right position of the BPFTP srv .ini file. I guess the server must be restarted then to make it work.
Im not a scripting at all, so i cant try it for myself but if someone might understand VB basics it should be easy.
Any volunteers?

regards
kowalski