FTP-server probs

Glaanieboy

OSNN Veteran Addict
#1
I am having problems with my FTP-server, Bulletproof. This server is running behind a firewall (built-in router and a software called Kerio), I opened up the ports 1024-1536 (needed for passive FTP, because I am behind an internet router) as well as in the built-in and software firewall.

Now the problem: At school I have a similar situation, the class's network is running through a custom built gateway (Linux) to an ADSL connection. When I try to connect to my home FTP from school using passive mode, it tries to connect, stalls, and then says the connection timed out. When I use PORT mode, the FTP-server responds by saying it needs the originating IP address, which is strange, because the IP ain't masked or sump. This is the error I get when using PASV and PORT mode:
227 Entering Passive Mode (83,117,11,174,4,27).
Opening data connection IP: 83,117,11,174,4,27 PORT: 1051.
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
PORT 192,168,222,113,4,190
530 PORT command only accepts client IP address.
As I said I am using 2 firewalls, one built-in an internet-router (Sitecom DC202 version 1, firmware build 1633) and a program called Kerio Personal Firewall. The FTP-server is from Bulletproof. I opened up ports raging from 1024-1536 for use with Passive mode.

The only thing that works is disabling both firewalls (the built-in one can't be disabled, but I can put my FTP-server in a DMZ, effectively meaning the same), but that would kill the security features.

As I said, I opened up the ports 1024-1536, and I set up my FTP-server in such a way that it listens to ports 1024-1536 for Passive connections.

Can anyone help me?

Changes code tags to quote tags
PseudoKiller
 
P

PseudoKiller

Guest
#2
ok... first turn off pasv mode. go to the router and forward the ports you want to the ftp server (lan IP - 192.168.x.x). make sure your ftp server is listening to ports specified.
It sounds like any incoming connections are not finding the ftp whic mean the ftp is not listening to the correct ports on the machine or the router is not fowarding the packets to the ftp. What does the log on the ftp say?? If nothing shows up in the ftp log its most likely because the router isnt forwarding.
 

Glaanieboy

OSNN Veteran Addict
#3
I have set the router to forward the ports (20 and 21) to my network IP. Also my software firewall should accept any incoming transfers. Unfortunately I can't check this, because Kerio decided to restart itself and forget all settings, including the logs. I can login from Geffy's server (using a remote SSH connection to Geffy, I can FTP from his computer to mine).
I can't test this at school now, because I am at home. Thanks for your quick reply.
 
P

PseudoKiller

Guest
#4
you can test it from home... just connect to your ftp via IP address. Make sure its not the LAN IP thats all.
 

Glaanieboy

OSNN Veteran Addict
#5
It works from home, so I guess it's ok. I will ask our teacher (the server admin) if he has done weird things so there may be connection problems.

Now I have another question about Bulletproof FTP:
I see it only accepts virtual directories when mounted on the home directory. Bproof uses Windows shortcuts for the redirect. Is there any way (hack? Maybe another (free) FTP server?) to get the virtual directories in a subdirectory?
 
P

PseudoKiller

Guest
#6
I am not that familar with BulletProof and its workings. I use Serv-U ... and I can set VD's from the Admin console.
 

Johnny

.. Commodore ..
Political User
#7
YIP .. Serv-U is the best one to use, it is more user friendly than bulletproof and easy rot set up. you can do everything right in the admin console as apposed to making stupid text files. Also you don't need to have 500 ports open for passive mode. serv-u will only allow 50.

when you set it up with bulletproof you have to go multiple ip addresses settings and add your static ip there. then set it up for dynamic ip or fixed ip in the passive mode settings. once that is done you set the passive ports up in the same tab. and then make the settings for the rest of the server ..
 

Glaanieboy

OSNN Veteran Addict
#8
Well, back at school and I am trying and trying. I have set up my server and client in a way that they only use the PORT command. Now I see when my client opens up a connection, it chooses a random port number above 1024. I have tried to set the PORT port to 21 (like FTP should be, right?), but still no connection can be made.
Now I understand why DMZ worked. All the unknown ports were then redirected from my router to my PC, where the FTP server is installed.
Help me!

ps, I want to ask the teacher if he has done something funny with the connection (IP mask?), but I haven't seen him lately in class.)
 
#9
Glaanieboy said:
it chooses a random port number above 1024. I have tried to set the PORT port to 21 (like FTP should be, right?)
No, acctually it's not. Port 21 is the port used for control data (CWD, GET and so on), the PORT (or PASV) ports are ports used for data, one port per transfer. So the best way to set up the FTP server behind the router is to use passive mode (PASV) IMO. This way clients also using routers can connect (I'll skip the technical details, post if you want them).

1. Forward port 21 (you did this, but I'll mark up all steps anyway).
2. Forward a passive range > 1024 (say 30000-30100 or so).
3. Open these ports in the local firewall as well, allow for incoming requests.
4. Set the FTP server to listen to port 21 (default) and use 30000-30100 in passive mode. Also set it to listen to you external IP.

That should be it.
 

Glaanieboy

OSNN Veteran Addict
#11
Just got my connection back. I configured the server/router/firewall according to the steps you provided, but still no connection.

It looks like there is a problem with my router not redirecting ports to my computer. I already sent them (Sitecom) a mail and posted on their support forums. Maybe someone else has had problems with it? It's a Sitecom DC202 v1 router with firmware 1633.
 
#12
Well it apparently forwards port 21 ok...
According to the log in your first post it's using PORT which is wrong in this case. Also since you are using dynamic IP from your ISP I suggest you get a DNS redirect (www.no-ip.com) and use that instead of the IP in the server. This way you don't have to reconfigure the server software everytime you get a new IP.
 

Glaanieboy

OSNN Veteran Addict
#13
Yes, I am using a redirect service form dyndns.org. My router is capable of sending out a new DNS entry to dyndns everytime the IP has changed because of a reconnection. I forgot to mention that, but I set up bulletproof with my dyndns.org account.
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,971
Messages
673,299
Members
89,016
Latest member
Poseeut