Running BulletProof behind a LinkSys Router?

Discussion in 'Windows Desktop Systems' started by drdoug26, Apr 23, 2002.

  1. drdoug26

    drdoug26 Guest

    Hi all,

    I’m having trouble getting my FTP Server setup. I’m using Bullet Proof 2.15 as my ftp program. I’ve got a good tutorial on the setup for this version but my problem is that I’m behind a linksys router which I use to share/split our cable broad band between our five home computers.

    In the “Dynamic IP” section of Bullet Proof, it only detects the IP assigned to me by the cable modem. It a public one, you know 192.168.1.100. I've tried to log on to my FTP server but no luck.

    Is it possible to setup the FTP program behind the linksys? If so how do I get BulletProof to see the ‘dynamic’ ip of the cable modem?????

    Thanks

    HillHammer
     
  2. redsolar

    redsolar Guest

    Forward whichever port you use for FTP server to the internal computer IP. Btw, 192.168.1.100 is not an external IP. It's your lan IP. To learn how to forward the port, read the router manual.

    Good luck.
     
  3. drdoug26

    drdoug26 Guest

    Thanks but....

    In order to use port forwarding I must turn off DHCP on my router. With out DHCP, I would not be able to share my broad band connection amoung my workstations.

    Unless I could turn on DHCP on the Cable modem itself?? I do not know if this is possible?

    drdoug
     
  4. redsolar

    redsolar Guest

    Not exactly true

    Actually even with DHCP, the ip addresses are pretty static
    They are MAC address dependent. So it will not hurt to forward the port to a dynamic ip. It would probably not change. Also, most routers allow having no DHCP whatsoever, as my DLink does. So I don't use router's DHCP, but I still can use all of its features. Just set a static IP on all the clients.

    If you really want DHCP, then there might be anohter solution. Most routers allow to make DHCP assign IPs according to same MAC address, so you basically make a client's IP static on the router.

    The final choice is yours, but I would really say you use static ip addressing on the clients. If you need help with it, post your questions

    Good luck
     
  5. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    Mostly there is no problem using port forwarding if DHCP is on (why should it?). If you want to you can set the FTP server to static and the others to dynamic. But as said before, the DHCP IP:s are pretty static. A client will always try to get the same IP as it had before.
     
  6. drdoug26

    drdoug26 Guest

    Thanks guys

    I'll turn off the dhcp and assign the same ip's as each work station and server have right now.

    I've got to go work now but I post later today if I run into problems.

    Thanks so much for the help.

    doug
     
  7. Misteek

    Misteek Guest

    I had a similar problem when I moved from one part of the state to another and had no choice but to switch from DSL to Cable modem service. My DSL connection did everything perfectly and worked well with ICS. I was told I would need a router, however, to share my cable modem connection with the rest of my network. After getting everything to work I realized that my FTP site was no longer accessible for the same reasons you outlined.

    After some research and a little reading of the LinkSys Router Manual, I discovered that in the administrator mode, (which is accessible by typing "192.168.1.1" in your browser on any PC on your network)

    The default login is: Login: <leave blank>
    Pass: admin

    You can then go to the "Advanced--> DMZ " tab and enable "DMZ Host" on the PC that you want to run your FTP.

    This feature sets one local PC to be exposed to the Internet. Any user on the Internet can access in/out data from the DMZ host.
    So this allows you to use some special-purpose service such as internet gaming, FTP or Video-conferencing. Fill in the IP address and click Apply button, 0 is inactive.

    One thing to note, any firewall protection of the local DMZ host will be disabled.

    P.S. Also in the advanced section in admin mode is a tab labeled "Dynamic Routing", click there and you will see on the page that opens, another tab you can click that will show the routing tables for you network. This way you can determine by computer name, the IP for the PC that needs to have the DMZ Host enabled. This is the number that you need to enter in the DMZ Host enable option.

    Hope this helps, I'd like to know if it does as this is the very first time I have had the courage or knowledge to offer tech advice.
     
  8. LPDad

    LPDad OSNN Addict

    Messages:
    205
    When setting up the ftp...

    I get it setup and forwarded through the linksys router, but after a computer connects I get a connection to the ftp, but then I get a socket error.

    How do you go about solving a socket error??? Is there supposed to be a certain setting you use on the ftp??

    I enabled sharing on the portions of my computer that the ftp accesses, although I am not sure if this is necessary or not.:confused:
     
  9. Misteek

    Misteek Guest

    :eek: As far as I know, you should NOT enable ICS because ICS will also try to assign IP's just like the Linksys which will cause conflicts. You should never have 2 DHCP servers on any network.

    I would disable ICS and soley use the Linksys to facilitate internet connection sharing as oulined in my previous post.
     
  10. Pady

    Pady Guest

    make sure you are forwarding enough ports for the ftp server - normally 20-22, including any necessary ports for passive mode - these are up to you.
     
  11. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    20-21 acctually. 22 is for SSH.
     
  12. keylo

    keylo Guest

    First of all, this is a simple problem made difficult by some ppl throwing suggestions that dont seem to use linksys products. FYI, linkysys products are great, just dont plan on any good tech support ;)

    Solution: (if you havent found one yet)

    So far the only correct information about this problem is that the internal lan IP is 192.168.1.1

    Now, the only thing that has been asked on how to, is setting up the ftp server. DO NOT enable the DMZ host. There is NO need. All you have to do is go to the advanced tab/forwarding and forward port 21 or whatever port you choose as long as it doesnt conflict with any other RUNNING program you have up and running.

    Now then, after you have done that, you can go a few ways. Speaking about how I seen that you have the ftp up, but you get the socket error connection:

    Reason for this is the client ftp can not get an echo request response from server because the router is blocking this,( it looks for a response to a 192.168.1.100 and that is not the address your server is on, maybe on the lan internally, but no the wan address which is your IP address no matter if its dynamic or static, it doesnt matter) hence if you go to grc.com with your ports all closed and do a scan, by linksys default, grc will tell you that you are stealth, not even a 137 identd response.

    This is because of the BWR turned on or enabled, if you have firmware 137 or higher. I suggest you atleast have up to 139 as it has fixed some issues with just this ftp issue, but I wouldnt suggest going any higher than 139 as they have caused some issues and are bugged do to more feature implementation done by linksys, wait till the fix them.

    Back to the issue at hand. Now that you have the server up, the DMZ disable, and your ftp port you chose open, I will give you a few choices to use.

    1.)You can enable the BWR (located on the advance tab "home page") and then use th passive port rage settings in the MULTI IP SETTINGS on the BPFTP. Reason for this is for the socket connection just on port 21, a linksys issue still.

    **caution** enabling the BWR makes you pingable now, this happens if you have been to a tweak site and you have seen where it has asked you to "become pingable" this is how you become pingable, no longer stealth.

    2.) Now if enabling the BWR is not your choice, then you can just set the server on port 21 and login to your server with PASV mode turned off or if you need to use pasv, then use a client that can bypass the IP Masq/nat/or Non-Routeable IP. This may be a pain, or you may NEED pasv mode or want it. Using the IP Masq feature (Masqing it is your router) will bypass and search the lan for a response from the client on the specified port #. One other feature to use instead of port forwarding is the PORT TRIGGER. If you do not have the 139 firmware or higher, you will not see this feature, if you do, and do not know what it is or how to use it, the help section will plainly explain what and how to use it.

    This should help you out and pretty much solve your issue at hand. Just tell ppl that login to turn the PASV mode feature on the client to off or disabled.
     
  13. drdoug26

    drdoug26 Guest

    Thanks for the reply Kelo,

    I'm confused about where to find this 'BWR'. When I go to the advaced tab there in no option for "home Page" as you instructed. I am using firmware 140, maybe this is the problem.

    I turned of DMZ as you instructed, but am just lost on your other instructions. Could you 'spoon feed me' this a little better please.

    I'm an MD by trade so I'm a real newbie setting up this FTP program.

    My other dumb question is about G6/bullet proof ftp program. I've been instruted to type in a "server name". I chose a generic one: http://www.NetKnowledgebase.com. Do I have to have this 'registered' in order for this to work or can I just pick any name I want. If I do not have to register it, how can it be resolved?? I guess I do not really understand how FTP's work.

    Thanks for the help

    Doug
     
  14. LPDad

    LPDad OSNN Addict

    Messages:
    205
    Hey, Dr Doug,...

    I am doing almost the exact same thing as you are. (Clin Pharmacist here though:D ). Got the ftp up and running--now I am testing it out--it works most of the time, but I am getting a few strange things pop up, probably because I have something either set wrong or I am using a wrong command.
    Anyway, I know exactly what problems you are having--I have to solve the same ones.
    I will fill you in on how I end up, once I get a couple of more problems solved.

    btw, if you are like me, you have a dynamic ip address to your router from the isp. Because this changes you have to somehow keep it updated if you want ppl to connect to your ftp. The easiest way is to use a service that automatically redirects to your current ip, whatever it is at the moment. There are a couple of free services and also some pay services. I am currently trying out www.tzo.com (pay service but with a 30 day free trial) to see how well it works. Basically what you do is pick out a domain name -> anything--> something like drdougsserver which is then registered with the service. henceforth whenever anyone wants to go to your ftp you give them the address:
    ftp://drdougsserver.tzo.com <-- example only
    which then goes to tzo, who looks up your current ip and redirects it to your ftp server.

    Waddy had a freebie dns service listed as a news item yesterday.

    :D
     
  15. drdoug26

    drdoug26 Guest

    Thanks for the reply.

    The BulletProof version I'm running or trying to run has a feature that check every thirty minutes for a new IP. If it find one it updates everything for you.

    I will look forward to your explaination of how you solved the problem of getting the internal ip through the linksys.

    Doug
     
  16. keylo

    keylo Guest

    DrDoug: You shouldnt HAVE TO name your server, I am sure there is a default G6/BPFTP uses, thats just to personalize.

    The BWR should be located at the bottom of the advanced tab page along with 4 other disable/enable options.

    Basicaly Doug, I wouldnt mess with the BWR until you get a little more acquainted with the router some. For the time being, unless you have some reason why you want to use PASV mode, just turn off the pasv mode on the client FTP, and you will connect without the socket error problem. Linksys has had this problem with pasv and port 21, and really using pasv mode entirely with the router. They are working on this solution, SLOWLY tho, along with a few other minor uses that not alot of ppl run into, and until they have a largeer # of ppl complaining, I dont think they are worried about getting off their butt anytime soon. I have not went up to 140 or higher as I have the motto of many, "if it aint broke, dont fix it". After you have tried this, and if it still doesnt work, go back to firmware 139 by visiting the ftp site @ ftp.linksys.com/pub/befsr41/ and search for the firmware.

    a direct link to firmware 139

    ftp.linksys.com/pub/befsr41/befsr-1-39.zip

    **NOTE** when applying firmware, all settings will be wiped out, you will need to enter your router config info again ***

    For getting an internal IP, and having it to stick to a certain computer ALL the time, just go to the network settings on that particular client computer and enter an assigned IP such as 192.168.1.2 and the default gateway (which is the gateway of the router, not your modem) 192.168.1.1 and your DNS server(s) provided by your ISP, most the time :rolleyes: Then you can go to the port forwarding tab, and then specify the 192.168.1.2 and the tcp port of 21. Even enabling the DMZ host for that client will not solve the Pasv socket issue, you will still need to turn off PASV



    FTP and the LinkSys Router
    Running FTP clients and servers with the LinkSys routers is a real quagmire. The FTP protocol is an old and strange one to deal with. Here's my findings (mostly based on f/w 1.37-9):

    FTP CLIENTS behind the LinkSys - Standard Port 21

    The LinkSys firmware actually does address translating of FTP commands (the PORT command in particular) and forwards accordingly. To connect to standard port 21 FTP servers on the internet, full functionality for FTP clients should work.

    FTP CLIENTS behind the LinkSys - Non-Standard Ports

    Unlike standard port 21, the LinkSys does NOT translate the FTP "PORT" command on other ports. The only way a client behind a LinkSys router can connect to an FTP server on a non-standard port is to use PASV mode.

    FTP SERVERS behind the LinkSys - Any Port

    Just the opposite of the client case, when a server is behind the LinkSys it can NOT do PASV mode for the outside world. Notice the irony - if both client AND server are behind LinkSys' AND non-standard ports are used, no connection can be made easily. Standard Port 21 is the only quick way.

    Why can't clients and servers connect?

    In the case when the CLIENT is behind the LinkSys, and PASV is not used, the client may use a PORT command to send an address. Only on standard port 21 does the LinkSys translate the LAN address to the needed WAN address.

    In the case when the SERVER is behind the LinkSys, and the client uses PASV, the server must respond to the PASV command with an address. The LinkSys will not translate this reply properly so the other end gets the server's LAN address instead if the needed WAN address.

    Note: Serv-U has a setting "IP For Passive Mode" that gets around this - but that's only half the battle.

    Can I run an FTP server behind a LinkSys that covers all cases?

    I have, but with mixed results. Here's what I did:

    1). Use Serv-U and set the "IP For Passive Mode" to your WAN address.

    2). Put the FTP server in the DMZ.

    3). You can forward the FTP port (21 or whatever) but this is redundant since the box is in the DMZ.

    That's for servers, what about clients?

    The LinkSys handles clients well as long as it's standard port 21. Other ports I know of no way other than you MUST use PASV mode.

    What is PASV mode?

    PASV (passive) mode was designed for clients behind firewalls. When NOT using PASV mode the client actually becomes a server for the data channel (that's right!). Since firewalls typically prevent this, PASV mode is used and this switches the data channel to be served by the server side.

    Browsers (like Netscape and MSIE) may use PASV mode exclusively but it's really been pot-luck. I found MSIE 5.5 has a setting that seems to lie about what it uses. Most ftp programs (like CuteFTP and WS_FTP) can be set to run PASV or not.

    See what I mean about FTP being such a strange protocol?

    What does that "PORT" command do?

    Clients *may* use the PORT command when NOT running PASV to tell the other end what address and port they will be listening on. Again, the LinkSys only translates this command on standard port 21 (else, the server gets your LAN address which doesn't work!).

    How can I tell what's happening in my system?

    Many clients and servers can log or view the FTP session. Take a look and you may see when things go bad. Chances are they are after a PORT or PASV command.

    Is there any hope for FTP servers and clients on the LinkSys?

    LinkSys is trying SPI (Stateful Packet Inspection) techniques. It's possible they will start translating ALL of the FTP commands. Currently, they only do client commands (PORT) on port 21. Time will tell if they actually add other ports and the SERVER commands (PASV), too.

    All Comments, Corrections and Bitches Welcomed.
     
  17. drdoug26

    drdoug26 Guest

    Wow,

    Thanks for all that information!!! Its going to take me a while to digest it.

    I'll let you know if I've got any furter questions.

    Thanks again

    doug