FTP server behind Alcatel router (510)

Digdis · January 3rd, 2005

Hi there,
Been trying to setup an FTP server on my PC, without success. here's the info:
- FTP server: GuildFTPd 0.999.13. Passive mode properly configured to my WAN address.
- Router: Alcatel Speedtouch 510.
- OS: XP, no SP (thank god).
- No firewall running (when trying this).
- Did port forwarding on ports 20 & 21. This works for me for other applications (p2p mainly).
- ISP doesn't seem to block port 21, but I'm not sure about that (how can I be sure?) - at least they say they don't.
- When trying to access with an FTP client or command line from my work PC (got a VNC connection there), the connection fails. The client (WS-FTP) is setup to passive mode. In the command line mode, BTW, the error message is "connection refused".
- Furthermore, when running a packet sniffer (sniffem), I never saw any incoming packet with port 21.

BTW, tried the same with an HTTP server, opening port 80. Same failure.

Any help here would be appreciated.
D.

**Heeter** · January 3rd, 2005

First, Digdis.

Welcome to OSNN!!, glad you can join us.

First, make sure that your ISP is not blocking the port21. How to make sure, Port forward 21 on the router, then disable any/all firewalls on that computer just for now. Using that computer, goto www.grc.com and use their "Sheilds Up" port tester. Don't worry, it is a very secure site. If you still getting port 21 blocked, then your ISP controlling that port.

Heeter

**Zedric** · January 3rd, 2005

Welcome to the forums!

- First off, forget about port 20, it's not needed.
- Like you said you forwarded port 21. This is correct if your ISP allows port 21.
- You also said you enabled passive mode, but not if you've forwarded a passive port range in the router. This has to be done in order for passive mode to work (and you should use passive mode). So forward the same range of ports that you specified for passive mode in the server. If you don't know how many you need, the rule is one port per concurrent connection (so 100 ports is more than enough).

Digdis · January 4th, 2005

First of all thanks for the help. Forwarded the ports in the passive mode port range. The problem remains with port 21 - ShieldsUp says it's closed. So - this means either my ISP lies and blocks this port, or my router port forwarding configuration doesn't work (lamer). I think I can manage this from this point on.

Thanks again,
D.

ve3ofa · January 4th, 2005

Betcha that your isp is blocking port 21,25,80. At least mine is, and causing me no end of grief.. having to have my dns sent to a port forwarder and then onto my site(s). outbound on those ports are blocked as well so I'm paying for bandwitdth x 2. But currently still the only local solution. Use my own web server software and others.. If I didn't write it then I don't trust it. Haven't found an Isp where I can put my custom box in and have them plug it in..

**Zedric** · January 4th, 2005

Originally Posted by Digdis

First of all thanks for the help. Forwarded the ports in the passive mode port range. The problem remains with port 21 - ShieldsUp says it's closed. So - this means either my ISP lies and blocks this port, or my router port forwarding configuration doesn't work (lamer). I think I can manage this from this point on.

OR, the Windows firewall blocks the ports unless you've fixed that part.

Digdis · January 4th, 2005

Originally Posted by ve3ofa

Betcha that your isp is blocking port 21,25,80. At least mine is, and causing me no end of grief.. having to have my dns sent to a port forwarder and then onto my site(s). outbound on those ports are blocked as well so I'm paying for bandwitdth x 2. But currently still the only local solution. Use my own web server software and others.. If I didn't write it then I don't trust it. Haven't found an Isp where I can put my custom box in and have them plug it in..

I'm not sure about that. When running ShieldsUp (great service BTW), all these ports appear as "closed" (as opposed to "stealth"). According to their explanation, this means my PC (or my router modem to be more exact) is reached, but doesn't reply. Am I correct? If I am, doesn't this mean these ports aren't blocked by the ISP? Just to compare, I borrowed a friend's account user and password that belong to another ISP, and when running ShieldsUp while logged in into this account, these ports appeared as "stealth". I'd assume that in this case the ISP blocks these ports.

Originally Posted by Zedric

OR, the Windows firewall blocks the ports unless you've fixed that part.

Don't have a Windows firewall, ZoneAlarm was disabled at the time I did the tests.

Thanks again to everyone here.
D.

**Admiral Michael** · January 4th, 2005

Originally Posted by Digdis

Don't have a Windows firewall, ZoneAlarm was disabled at the time I did the tests.

Yes, but Windows XP has a b uilt i firewall. Not sure, but I dont think its enabled by default. Its in the properties of Control Panel>Network Connections, properies of the Local Area Connection, Advanced Tab.

**Zedric** · January 4th, 2005

Originally Posted by Digdis

I'm not sure about that. When running ShieldsUp (great service BTW), all these ports appear as "closed" (as opposed to "stealth"). According to their explanation, this means my PC (or my router modem to be more exact) is reached, but doesn't reply. Am I correct? If I am, doesn't this mean these ports aren't blocked by the ISP? Just to compare, I borrowed a friend's account user and password that belong to another ISP, and when running ShieldsUp while logged in into this account, these ports appeared as "stealth". I'd assume that in this case the ISP blocks these ports.

Curious. Ports appear as stealthed if a firewall drops them (routers usually do this too when it comes to non-forwarded ports). Ports appear closed if they reach your computer and it responds "No I'm not running any service on this port" (well sort of anyway). Of course if your ISP blocks these ports, they could appear as either stealthed or closed as well, depending on the equipment of your ISP.

The easiest way to get around this (and test it as well) would be to move the FTP server to listen on port 2100 (or whatever) instead. Once you get that to work, you could move back to port 21 to see if your ISP indeed blocks access.

Digdis · January 5th, 2005

Well, here's some new info:

- When logged in from my friend's ISP account, and probing my PC using ShieldsUp with port 21, it appeared as open (FTP server running). Also saw the packets with dest port 21 using sniffer. When logging into my ISP account, the port appeared as closed, and no such packets appeared on my sniffer. Conclusion: My ISP blocks this port. This will be taken care of.

- Using my friend's ISP account once again, I've tried FTP login from work PC to my home WAN address (passive mode, port 21). This time - no success, Sniffer at home doesn't see any packet with dest port 21. I've managed to log in to other FTP sites from work, meaning that the firewall there doesn't block FTP access. Any idea? Trying with other ports (as you suggested Zedric) ain't possible, as I believe the firewall at work will block them. This BTW is the reason for all this trouble: Trying to transfer large files between home & work using FTP (as all other ways are blocked).

Thanks,
D.

**Zedric** · January 5th, 2005

That does indeed sound strange. I can't really see the problem at the moment, but might I come with another suggestion for the file transfer? You could use SFTP/SCP instead. This does away with the problem with passive port ranges, plus it's encrypted. This would run over port 22 only (which is rarely blocked).

SSH (SFTP/SCP) server: http://sshwindows.sourceforge.net/
Download, install and set up according to quickstart.txt.

Many FTP clients can handle SFTP/SCP, but rarely in their free versions. There are some however.
Filezilla: http://filezilla.sf.net (Full FTP client)
WinSCP: http://winscp.sf.net (SFTP/SCP client only)

All the software above is open source and totally free.

Weasel · January 9th, 2005

ZoneAlarm's known to run even when "disabled" so I'd be a little warry about that. Do what Zedric said and change your FTP port to something non-standard like 2100 and put the server in to active mode instead of passive. Also be sure to tell the client to use active mode (I suggest SmartFTP http://smartftp.com) instead of passive. This'll force the client to use only the connecting port and not a range which might be blocked.

Digdis · January 10th, 2005

(Sorry for the late reply)

Well, mystery resolved. I received my ISP account from my wife's work for free, so I did some checking, and it appears the account is setup automatically as IP-VPN, meaning that I get into her work's VPN automatically when I connect (silly method IMHO, as you only need to have the user and password of the ISP accout in order to get into the VPN). This means that discovering my WAN IP returns the VPN's IP, and my PC doesn't have a WAN IP. Can't complain about something I get for free, can I

. Anyway, this of course is the reason I didn't manage setting up any server on my PC (neither FTP nor HTTP). I guess we'll have to settle for third party FTP (or HTTP) servers in order to transfer large files between home and work, unless anyone here has a creative way to bypass this as well. BTW, can't setup an FTP server on her PC as well, as the firewall in her work blocks such inbound access.
Thanks for all the help everyone. This is a real cool community, and I'll be sure to check it more often.
D.

**Heeter** · January 10th, 2005

Yeah Digdis,

Due to the fact that company that your wife works for has total control over the ports, you will be left out in the cold. The only creative way to get around this while using your existing connection setup is if you get really, really close to the IT person from the company. LOLOL.

Hope to see you around the forum/IRC channel. Again, Welcome!!!

Heeter

Digdis · January 10th, 2005

Originally Posted by Heeter

Due to the fact that company that your wife works for has total control over the ports, you will be left out in the cold. The only creative way to get around this while using your existing connection setup is if you get really, really close to the IT person from the company. LOLOL.

Well their IT folks don't know squat, so they basically ordered this service from their ISP. I don't know if they realize the danger of this solution; I once borrowed a laptop from my friend, then it came to my mind I left the login info remembered in the laptop pptp dialer. I deleted it in the first occasion I had, but I guess this wasn't the only situation their network had been out in the open. Anyway the ISP support people bragged about how safe this solution was. Had no time arguing with him...

Originally Posted by Heeter

Hope to see you around the forum/IRC channel. Again, Welcome!!!

You bet.

D.

**Zedric** · January 12th, 2005

Originally Posted by Weasel

ZoneAlarm's known to run even when "disabled" so I'd be a little warry about that. Do what Zedric said and change your FTP port to something non-standard like 2100 and put the server in to active mode instead of passive. Also be sure to tell the client to use active mode (I suggest SmartFTP http://smartftp.com) instead of passive. This'll force the client to use only the connecting port and not a range which might be blocked.

Active mode is not a good idea. It makes it easier to configure the server, true, but if the client is behind a firewall or NAT router, it won't work despite what you do (short of DMZ:ing the client pretty much). So allways use passive mode. It's worth the extra work.

Sorry to hear about the network topology Digdis, there's really not much to do about it. Sadly.

Weasel · January 12th, 2005

Originally Posted by Zedric

Active mode is not a good idea. It makes it easier to configure the server, true, but if the client is behind a firewall or NAT router, it won't work despite what you do (short of DMZ:ing the client pretty much). So allways use passive mode. It's worth the extra work.

Interesting, I'll keep this in mind. My experience is a freebsd box behind a m0n0wall router running proftpd in which I'd just use active mode since passive was giving me a headache. Different solutions to the same problem.

January 3rd, 2005	Top \| #1
Digdis OSNN Addict Joined: January 2005 Posts: 91 Reputation: 30 Power: 91	FTP server behind Alcatel router (510) Hi there, Been trying to setup an FTP server on my PC, without success. here's the info: - FTP server: GuildFTPd 0.999.13. Passive mode properly configured to my WAN address. - Router: Alcatel Speedtouch 510. - OS: XP, no SP (thank god). - No firewall running (when trying this). - Did port forwarding on ports 20 & 21. This works for me for other applications (p2p mainly). - ISP doesn't seem to block port 21, but I'm not sure about that (how can I be sure?) - at least they say they don't. - When trying to access with an FTP client or command line from my work PC (got a VNC connection there), the connection fails. The client (WS-FTP) is setup to passive mode. In the command line mode, BTW, the error message is "connection refused". - Furthermore, when running a packet sniffer (sniffem), I never saw any incoming packet with port 21. BTW, tried the same with an HTTP server, opening port 80. Same failure. Any help here would be appreciated. D.

January 3rd, 2005	Top \| #3
Zedric NTFS Guru Joined: January 2002 Location: Sweden Posts: 4,006 Reputation: 890 Power: 175	Welcome to the forums! - First off, forget about port 20, it's not needed. - Like you said you forwarded port 21. This is correct if your ISP allows port 21. - You also said you enabled passive mode, but not if you've forwarded a passive port range in the router. This has to be done in order for passive mode to work (and you should use passive mode). So forward the same range of ports that you specified for passive mode in the server. If you don't know how many you need, the rule is one port per concurrent connection (so 100 ports is more than enough). Did I help you? Please use the reputation system. Click the icon on the left! Proud host of the OSNN.net folding sigs. Want one? Check the folding thread! http://zedric.no-ip.com/

January 4th, 2005	Top \| #6
Zedric NTFS Guru Joined: January 2002 Location: Sweden Posts: 4,006 Reputation: 890 Power: 175	Originally Posted by Digdis First of all thanks for the help. Forwarded the ports in the passive mode port range. The problem remains with port 21 - ShieldsUp says it's closed. So - this means either my ISP lies and blocks this port, or my router port forwarding configuration doesn't work (lamer). I think I can manage this from this point on. OR, the Windows firewall blocks the ports unless you've fixed that part. Did I help you? Please use the reputation system. Click the icon on the left! Proud host of the OSNN.net folding sigs. Want one? Check the folding thread! http://zedric.no-ip.com/

January 4th, 2005	Top \| #7
Digdis OSNN Addict Joined: January 2005 Posts: 91 Reputation: 30 Power: 91	Originally Posted by ve3ofa Betcha that your isp is blocking port 21,25,80. At least mine is, and causing me no end of grief.. having to have my dns sent to a port forwarder and then onto my site(s). outbound on those ports are blocked as well so I'm paying for bandwitdth x 2. But currently still the only local solution. Use my own web server software and others.. If I didn't write it then I don't trust it. Haven't found an Isp where I can put my custom box in and have them plug it in.. I'm not sure about that. When running ShieldsUp (great service BTW), all these ports appear as "closed" (as opposed to "stealth"). According to their explanation, this means my PC (or my router modem to be more exact) is reached, but doesn't reply. Am I correct? If I am, doesn't this mean these ports aren't blocked by the ISP? Just to compare, I borrowed a friend's account user and password that belong to another ISP, and when running ShieldsUp while logged in into this account, these ports appeared as "stealth". I'd assume that in this case the ISP blocks these ports. Originally Posted by Zedric OR, the Windows firewall blocks the ports unless you've fixed that part. Don't have a Windows firewall, ZoneAlarm was disabled at the time I did the tests. Thanks again to everyone here. D.

January 4th, 2005	Top \| #8
Admiral Michael Michaelsoft Systems CEO Joined: February 2003 Location: Hamilton, Ontario Canada Earth Posts: 3,125 Blog Entries: 8 Reputation: 2216 Power: 166	Originally Posted by Digdis Don't have a Windows firewall, ZoneAlarm was disabled at the time I did the tests. Yes, but Windows XP has a b uilt i firewall. Not sure, but I dont think its enabled by default. Its in the properties of Control Panel>Network Connections, properies of the Local Area Connection, Advanced Tab. Apple MacBook Pro Intel Quad-Core i7 2GHz \| Corsair 8GB 1333MHz DDR3 Memory \| WD 750GB 7200RPM Black Edition SATA Hard Drive \| Intel HD Graphics 3000/AMD Radeon HD 6490M 256MB GDDR5 \| 15.4" LED backlit glossy screen @ 1440x900 \| Dual Band Airport Wireless/Bluetooth \| Gigabit Ethernet \| Thunderbolt I/O \| Built-in Webcam \| Backlit Keyboard \| Firewire 800 \| DVDRW \| OS X Lion 10.7.1 My Site \| My DVD Collection \| Your Chevrolet Guy

Latest News Posts

Latest Forum Posts

Latest Member Blogs

January 3rd, 2005	Top \| #2
Heeter Overclocked Like A Mother Joined: July 2002 Location: In front of my computer Posts: 2,729 Reputation: 684 Power: 154	First, Digdis. Welcome to OSNN!!, glad you can join us. First, make sure that your ISP is not blocking the port21. How to make sure, Port forward 21 on the router, then disable any/all firewalls on that computer just for now. Using that computer, goto www.grc.com and use their "Sheilds Up" port tester. Don't worry, it is a very secure site. If you still getting port 21 blocked, then your ISP controlling that port. Heeter

January 4th, 2005	Top \| #4
Digdis OSNN Addict Joined: January 2005 Posts: 91 Reputation: 30 Power: 91	First of all thanks for the help. Forwarded the ports in the passive mode port range. The problem remains with port 21 - ShieldsUp says it's closed. So - this means either my ISP lies and blocks this port, or my router port forwarding configuration doesn't work (lamer). I think I can manage this from this point on. Thanks again, D.

January 4th, 2005	Top \| #5
ve3ofa OSNN One Post Wonder Joined: January 2005 Posts: 1 Reputation: 0 Power: 0	Betcha that your isp is blocking port 21,25,80. At least mine is, and causing me no end of grief.. having to have my dns sent to a port forwarder and then onto my site(s). outbound on those ports are blocked as well so I'm paying for bandwitdth x 2. But currently still the only local solution. Use my own web server software and others.. If I didn't write it then I don't trust it. Haven't found an Isp where I can put my custom box in and have them plug it in..

January 4th, 2005	Top \| #9
Zedric NTFS Guru Joined: January 2002 Location: Sweden Posts: 4,006 Reputation: 890 Power: 175	Originally Posted by Digdis I'm not sure about that. When running ShieldsUp (great service BTW), all these ports appear as "closed" (as opposed to "stealth"). According to their explanation, this means my PC (or my router modem to be more exact) is reached, but doesn't reply. Am I correct? If I am, doesn't this mean these ports aren't blocked by the ISP? Just to compare, I borrowed a friend's account user and password that belong to another ISP, and when running ShieldsUp while logged in into this account, these ports appeared as "stealth". I'd assume that in this case the ISP blocks these ports. Curious. Ports appear as stealthed if a firewall drops them (routers usually do this too when it comes to non-forwarded ports). Ports appear closed if they reach your computer and it responds "No I'm not running any service on this port" (well sort of anyway). Of course if your ISP blocks these ports, they could appear as either stealthed or closed as well, depending on the equipment of your ISP. The easiest way to get around this (and test it as well) would be to move the FTP server to listen on port 2100 (or whatever) instead. Once you get that to work, you could move back to port 21 to see if your ISP indeed blocks access. Did I help you? Please use the reputation system. Click the icon on the left! Proud host of the OSNN.net folding sigs. Want one? Check the folding thread! http://zedric.no-ip.com/

January 5th, 2005	Top \| #10
Digdis OSNN Addict Joined: January 2005 Posts: 91 Reputation: 30 Power: 91	Well, here's some new info: - When logged in from my friend's ISP account, and probing my PC using ShieldsUp with port 21, it appeared as open (FTP server running). Also saw the packets with dest port 21 using sniffer. When logging into my ISP account, the port appeared as closed, and no such packets appeared on my sniffer. Conclusion: My ISP blocks this port. This will be taken care of. - Using my friend's ISP account once again, I've tried FTP login from work PC to my home WAN address (passive mode, port 21). This time - no success, Sniffer at home doesn't see any packet with dest port 21. I've managed to log in to other FTP sites from work, meaning that the firewall there doesn't block FTP access. Any idea? Trying with other ports (as you suggested Zedric) ain't possible, as I believe the firewall at work will block them. This BTW is the reason for all this trouble: Trying to transfer large files between home & work using FTP (as all other ways are blocked). Thanks, D.

January 5th, 2005	Top \| #11
Zedric NTFS Guru Joined: January 2002 Location: Sweden Posts: 4,006 Reputation: 890 Power: 175	That does indeed sound strange. I can't really see the problem at the moment, but might I come with another suggestion for the file transfer? You could use SFTP/SCP instead. This does away with the problem with passive port ranges, plus it's encrypted. This would run over port 22 only (which is rarely blocked). SSH (SFTP/SCP) server: http://sshwindows.sourceforge.net/ Download, install and set up according to quickstart.txt. Many FTP clients can handle SFTP/SCP, but rarely in their free versions. There are some however. Filezilla: http://filezilla.sf.net (Full FTP client) WinSCP: http://winscp.sf.net (SFTP/SCP client only) All the software above is open source and totally free. Did I help you? Please use the reputation system. Click the icon on the left! Proud host of the OSNN.net folding sigs. Want one? Check the folding thread! http://zedric.no-ip.com/

January 9th, 2005	Top \| #12
Weasel Define 'Cynical' Joined: January 2005 Location: Sammamish, WA Posts: 163 Reputation: 110 Power: 92	ZoneAlarm's known to run even when "disabled" so I'd be a little warry about that. Do what Zedric said and change your FTP port to something non-standard like 2100 and put the server in to active mode instead of passive. Also be sure to tell the client to use active mode (I suggest SmartFTP http://smartftp.com) instead of passive. This'll force the client to use only the connecting port and not a range which might be blocked. --Weasel General Annoyance / Non-Conformist Win2k Pro and refuse to "upgrade" "Cobalt": AMD Athlon64 3000+ @ 1250 \| Soyo Dragon Plus SY-CK8 \| 1gb DDR400 \| BFG geForce FX 5700 OC 256MB \| Plextor 40x12x40 CD-RW \| Toshiba 52x32x52x16 CD-RW/DVD Combo drive \| 40GB Western Digital ATA-133 \| 80GB Western Digital ATA-133 \| M-Audio Audiophile 2496 \| Lian-Li PC-7B \| Altec Lansing ADA885

January 10th, 2005	Top \| #13
Digdis OSNN Addict Joined: January 2005 Posts: 91 Reputation: 30 Power: 91	(Sorry for the late reply) Well, mystery resolved. I received my ISP account from my wife's work for free, so I did some checking, and it appears the account is setup automatically as IP-VPN, meaning that I get into her work's VPN automatically when I connect (silly method IMHO, as you only need to have the user and password of the ISP accout in order to get into the VPN). This means that discovering my WAN IP returns the VPN's IP, and my PC doesn't have a WAN IP. Can't complain about something I get for free, can I . Anyway, this of course is the reason I didn't manage setting up any server on my PC (neither FTP nor HTTP). I guess we'll have to settle for third party FTP (or HTTP) servers in order to transfer large files between home and work, unless anyone here has a creative way to bypass this as well. BTW, can't setup an FTP server on her PC as well, as the firewall in her work blocks such inbound access. Thanks for all the help everyone. This is a real cool community, and I'll be sure to check it more often. D.

January 10th, 2005	Top \| #14
Heeter Overclocked Like A Mother Joined: July 2002 Location: In front of my computer Posts: 2,729 Reputation: 684 Power: 154	Yeah Digdis, Due to the fact that company that your wife works for has total control over the ports, you will be left out in the cold. The only creative way to get around this while using your existing connection setup is if you get really, really close to the IT person from the company. LOLOL. Hope to see you around the forum/IRC channel. Again, Welcome!!! Heeter

January 10th, 2005	Top \| #15
Digdis OSNN Addict Joined: January 2005 Posts: 91 Reputation: 30 Power: 91	Originally Posted by Heeter Due to the fact that company that your wife works for has total control over the ports, you will be left out in the cold. The only creative way to get around this while using your existing connection setup is if you get really, really close to the IT person from the company. LOLOL. Well their IT folks don't know squat, so they basically ordered this service from their ISP. I don't know if they realize the danger of this solution; I once borrowed a laptop from my friend, then it came to my mind I left the login info remembered in the laptop pptp dialer. I deleted it in the first occasion I had, but I guess this wasn't the only situation their network had been out in the open. Anyway the ISP support people bragged about how safe this solution was. Had no time arguing with him... Originally Posted by Heeter Hope to see you around the forum/IRC channel. Again, Welcome!!! You bet. D.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
alcatel speedtouch 510 and built-in router	this_guy	Windows Desktop Systems	2	January 7th, 2005 6:02am
FTP server behind a broadband router	sshenriksen	Windows Desktop Systems	8	November 1st, 2003 10:18pm
Router With Alcatel USB Modem???	Alex_is_Axel	Windows Desktop Systems	1	December 22nd, 2002 6:25pm
router and ftp server.	mafiafromrussia	Windows Desktop Systems	30	October 28th, 2002 7:20pm
configure ftp server behind SMC router	chenwei	Windows Desktop Systems	4	June 27th, 2002 3:08am

January 12th, 2005	Top \| #16
Zedric NTFS Guru Joined: January 2002 Location: Sweden Posts: 4,006 Reputation: 890 Power: 175	Originally Posted by Weasel ZoneAlarm's known to run even when "disabled" so I'd be a little warry about that. Do what Zedric said and change your FTP port to something non-standard like 2100 and put the server in to active mode instead of passive. Also be sure to tell the client to use active mode (I suggest SmartFTP http://smartftp.com) instead of passive. This'll force the client to use only the connecting port and not a range which might be blocked. Active mode is not a good idea. It makes it easier to configure the server, true, but if the client is behind a firewall or NAT router, it won't work despite what you do (short of DMZ:ing the client pretty much). So allways use passive mode. It's worth the extra work. Sorry to hear about the network topology Digdis, there's really not much to do about it. Sadly. Did I help you? Please use the reputation system. Click the icon on the left! Proud host of the OSNN.net folding sigs. Want one? Check the folding thread! http://zedric.no-ip.com/

January 12th, 2005	Top \| #17
Weasel Define 'Cynical' Joined: January 2005 Location: Sammamish, WA Posts: 163 Reputation: 110 Power: 92	Originally Posted by Zedric Active mode is not a good idea. It makes it easier to configure the server, true, but if the client is behind a firewall or NAT router, it won't work despite what you do (short of DMZ:ing the client pretty much). So allways use passive mode. It's worth the extra work. Interesting, I'll keep this in mind. My experience is a freebsd box behind a m0n0wall router running proftpd in which I'd just use active mode since passive was giving me a headache. Different solutions to the same problem. --Weasel General Annoyance / Non-Conformist Win2k Pro and refuse to "upgrade" "Cobalt": AMD Athlon64 3000+ @ 1250 \| Soyo Dragon Plus SY-CK8 \| 1gb DDR400 \| BFG geForce FX 5700 OC 256MB \| Plextor 40x12x40 CD-RW \| Toshiba 52x32x52x16 CD-RW/DVD Combo drive \| 40GB Western Digital ATA-133 \| 80GB Western Digital ATA-133 \| M-Audio Audiophile 2496 \| Lian-Li PC-7B \| Altec Lansing ADA885