FTP-server probs

Discussion in 'Windows Desktop Systems' started by Glaanieboy, Jan 13, 2004.

  1. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    I am having problems with my FTP-server, Bulletproof. This server is running behind a firewall (built-in router and a software called Kerio), I opened up the ports 1024-1536 (needed for passive FTP, because I am behind an internet router) as well as in the built-in and software firewall.

    Now the problem: At school I have a similar situation, the class's network is running through a custom built gateway (Linux) to an ADSL connection. When I try to connect to my home FTP from school using passive mode, it tries to connect, stalls, and then says the connection timed out. When I use PORT mode, the FTP-server responds by saying it needs the originating IP address, which is strange, because the IP ain't masked or sump. This is the error I get when using PASV and PORT mode:
    As I said I am using 2 firewalls, one built-in an internet-router (Sitecom DC202 version 1, firmware build 1633) and a program called Kerio Personal Firewall. The FTP-server is from Bulletproof. I opened up ports raging from 1024-1536 for use with Passive mode.

    The only thing that works is disabling both firewalls (the built-in one can't be disabled, but I can put my FTP-server in a DMZ, effectively meaning the same), but that would kill the security features.

    As I said, I opened up the ports 1024-1536, and I set up my FTP-server in such a way that it listens to ports 1024-1536 for Passive connections.

    Can anyone help me?

    Changes code tags to quote tags
    PseudoKiller
     
  2. PseudoKiller

    PseudoKiller Zug Zug

    Messages:
    3,858
    Location:
    Ice Crown Citadel
    ok... first turn off pasv mode. go to the router and forward the ports you want to the ftp server (lan IP - 192.168.x.x). make sure your ftp server is listening to ports specified.
    It sounds like any incoming connections are not finding the ftp whic mean the ftp is not listening to the correct ports on the machine or the router is not fowarding the packets to the ftp. What does the log on the ftp say?? If nothing shows up in the ftp log its most likely because the router isnt forwarding.
     
  3. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    I have set the router to forward the ports (20 and 21) to my network IP. Also my software firewall should accept any incoming transfers. Unfortunately I can't check this, because Kerio decided to restart itself and forget all settings, including the logs. I can login from Geffy's server (using a remote SSH connection to Geffy, I can FTP from his computer to mine).
    I can't test this at school now, because I am at home. Thanks for your quick reply.
     
  4. PseudoKiller

    PseudoKiller Zug Zug

    Messages:
    3,858
    Location:
    Ice Crown Citadel
    you can test it from home... just connect to your ftp via IP address. Make sure its not the LAN IP thats all.
     
  5. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    It works from home, so I guess it's ok. I will ask our teacher (the server admin) if he has done weird things so there may be connection problems.

    Now I have another question about Bulletproof FTP:
    I see it only accepts virtual directories when mounted on the home directory. Bproof uses Windows shortcuts for the redirect. Is there any way (hack? Maybe another (free) FTP server?) to get the virtual directories in a subdirectory?
     
  6. PseudoKiller

    PseudoKiller Zug Zug

    Messages:
    3,858
    Location:
    Ice Crown Citadel
    I am not that familar with BulletProof and its workings. I use Serv-U ... and I can set VD's from the Admin console.
     
  7. Johnny

    Johnny .. Commodore .. Political User

    Messages:
    5,015
    Location:
    Happy Valley
    YIP .. Serv-U is the best one to use, it is more user friendly than bulletproof and easy rot set up. you can do everything right in the admin console as apposed to making stupid text files. Also you don't need to have 500 ports open for passive mode. serv-u will only allow 50.

    when you set it up with bulletproof you have to go multiple ip addresses settings and add your static ip there. then set it up for dynamic ip or fixed ip in the passive mode settings. once that is done you set the passive ports up in the same tab. and then make the settings for the rest of the server ..
     
  8. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    Well, back at school and I am trying and trying. I have set up my server and client in a way that they only use the PORT command. Now I see when my client opens up a connection, it chooses a random port number above 1024. I have tried to set the PORT port to 21 (like FTP should be, right?), but still no connection can be made.
    Now I understand why DMZ worked. All the unknown ports were then redirected from my router to my PC, where the FTP server is installed.
    Help me!

    ps, I want to ask the teacher if he has done something funny with the connection (IP mask?), but I haven't seen him lately in class.)
     
  9. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    No, acctually it's not. Port 21 is the port used for control data (CWD, GET and so on), the PORT (or PASV) ports are ports used for data, one port per transfer. So the best way to set up the FTP server behind the router is to use passive mode (PASV) IMO. This way clients also using routers can connect (I'll skip the technical details, post if you want them).

    1. Forward port 21 (you did this, but I'll mark up all steps anyway).
    2. Forward a passive range > 1024 (say 30000-30100 or so).
    3. Open these ports in the local firewall as well, allow for incoming requests.
    4. Set the FTP server to listen to port 21 (default) and use 30000-30100 in passive mode. Also set it to listen to you external IP.

    That should be it.
     
  10. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    Thank you. I will try it when I get home (normally I could do it remotely, but my router just reset and I got a new IP :mad: )
     
  11. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    Just got my connection back. I configured the server/router/firewall according to the steps you provided, but still no connection.

    It looks like there is a problem with my router not redirecting ports to my computer. I already sent them (Sitecom) a mail and posted on their support forums. Maybe someone else has had problems with it? It's a Sitecom DC202 v1 router with firmware 1633.
     
  12. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    Well it apparently forwards port 21 ok...
    According to the log in your first post it's using PORT which is wrong in this case. Also since you are using dynamic IP from your ISP I suggest you get a DNS redirect (www.no-ip.com) and use that instead of the IP in the server. This way you don't have to reconfigure the server software everytime you get a new IP.
     
  13. Glaanieboy

    Glaanieboy Moderator

    Messages:
    2,626
    Location:
    The Netherlands
    Yes, I am using a redirect service form dyndns.org. My router is capable of sending out a new DNS entry to dyndns everytime the IP has changed because of a reconnection. I forgot to mention that, but I set up bulletproof with my dyndns.org account.