FTP-server probs

Glaanieboy

OSNN Veteran Addict
Joined
6 Mar 2002
Messages
2,628
I am having problems with my FTP-server, Bulletproof. This server is running behind a firewall (built-in router and a software called Kerio), I opened up the ports 1024-1536 (needed for passive FTP, because I am behind an internet router) as well as in the built-in and software firewall.

Now the problem: At school I have a similar situation, the class's network is running through a custom built gateway (Linux) to an ADSL connection. When I try to connect to my home FTP from school using passive mode, it tries to connect, stalls, and then says the connection timed out. When I use PORT mode, the FTP-server responds by saying it needs the originating IP address, which is strange, because the IP ain't masked or sump. This is the error I get when using PASV and PORT mode:
227 Entering Passive Mode (83,117,11,174,4,27).
Opening data connection IP: 83,117,11,174,4,27 PORT: 1051.
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
PORT 192,168,222,113,4,190
530 PORT command only accepts client IP address.

As I said I am using 2 firewalls, one built-in an internet-router (Sitecom DC202 version 1, firmware build 1633) and a program called Kerio Personal Firewall. The FTP-server is from Bulletproof. I opened up ports raging from 1024-1536 for use with Passive mode.

The only thing that works is disabling both firewalls (the built-in one can't be disabled, but I can put my FTP-server in a DMZ, effectively meaning the same), but that would kill the security features.

As I said, I opened up the ports 1024-1536, and I set up my FTP-server in such a way that it listens to ports 1024-1536 for Passive connections.

Can anyone help me?

Changes code tags to quote tags
PseudoKiller
 
ok... first turn off pasv mode. go to the router and forward the ports you want to the ftp server (lan IP - 192.168.x.x). make sure your ftp server is listening to ports specified.
It sounds like any incoming connections are not finding the ftp whic mean the ftp is not listening to the correct ports on the machine or the router is not fowarding the packets to the ftp. What does the log on the ftp say?? If nothing shows up in the ftp log its most likely because the router isnt forwarding.
 
I have set the router to forward the ports (20 and 21) to my network IP. Also my software firewall should accept any incoming transfers. Unfortunately I can't check this, because Kerio decided to restart itself and forget all settings, including the logs. I can login from Geffy's server (using a remote SSH connection to Geffy, I can FTP from his computer to mine).
I can't test this at school now, because I am at home. Thanks for your quick reply.
 
you can test it from home... just connect to your ftp via IP address. Make sure its not the LAN IP thats all.
 
It works from home, so I guess it's ok. I will ask our teacher (the server admin) if he has done weird things so there may be connection problems.

Now I have another question about Bulletproof FTP:
I see it only accepts virtual directories when mounted on the home directory. Bproof uses Windows shortcuts for the redirect. Is there any way (hack? Maybe another (free) FTP server?) to get the virtual directories in a subdirectory?
 
I am not that familar with BulletProof and its workings. I use Serv-U ... and I can set VD's from the Admin console.
 
YIP .. Serv-U is the best one to use, it is more user friendly than bulletproof and easy rot set up. you can do everything right in the admin console as apposed to making stupid text files. Also you don't need to have 500 ports open for passive mode. serv-u will only allow 50.

when you set it up with bulletproof you have to go multiple ip addresses settings and add your static ip there. then set it up for dynamic ip or fixed ip in the passive mode settings. once that is done you set the passive ports up in the same tab. and then make the settings for the rest of the server ..
 
Well, back at school and I am trying and trying. I have set up my server and client in a way that they only use the PORT command. Now I see when my client opens up a connection, it chooses a random port number above 1024. I have tried to set the PORT port to 21 (like FTP should be, right?), but still no connection can be made.
Now I understand why DMZ worked. All the unknown ports were then redirected from my router to my PC, where the FTP server is installed.
Help me!

ps, I want to ask the teacher if he has done something funny with the connection (IP mask?), but I haven't seen him lately in class.)
 
Glaanieboy said:
it chooses a random port number above 1024. I have tried to set the PORT port to 21 (like FTP should be, right?)
No, acctually it's not. Port 21 is the port used for control data (CWD, GET and so on), the PORT (or PASV) ports are ports used for data, one port per transfer. So the best way to set up the FTP server behind the router is to use passive mode (PASV) IMO. This way clients also using routers can connect (I'll skip the technical details, post if you want them).

1. Forward port 21 (you did this, but I'll mark up all steps anyway).
2. Forward a passive range > 1024 (say 30000-30100 or so).
3. Open these ports in the local firewall as well, allow for incoming requests.
4. Set the FTP server to listen to port 21 (default) and use 30000-30100 in passive mode. Also set it to listen to you external IP.

That should be it.
 
Thank you. I will try it when I get home (normally I could do it remotely, but my router just reset and I got a new IP :mad: )
 
Just got my connection back. I configured the server/router/firewall according to the steps you provided, but still no connection.

It looks like there is a problem with my router not redirecting ports to my computer. I already sent them (Sitecom) a mail and posted on their support forums. Maybe someone else has had problems with it? It's a Sitecom DC202 v1 router with firmware 1633.
 
Well it apparently forwards port 21 ok...
According to the log in your first post it's using PORT which is wrong in this case. Also since you are using dynamic IP from your ISP I suggest you get a DNS redirect (www.no-ip.com) and use that instead of the IP in the server. This way you don't have to reconfigure the server software everytime you get a new IP.
 
Yes, I am using a redirect service form dyndns.org. My router is capable of sending out a new DNS entry to dyndns everytime the IP has changed because of a reconnection. I forgot to mention that, but I set up bulletproof with my dyndns.org account.
 

Members online

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back