FTP Server

[Roody]

I am having an issue regarding people accessing my FTP server. I have a router on my system and have setup port forwarding , but anyone outside of my network can't access my FTP. They do get in, but it's in Passive mode and they dont see anything. It hangs for a second and they cant see or move around.

I have had this working for me before and can't seem to figure out what the problem is.

Any help would be greatly appreciated.

Thanks

[64bit]

what server are you runnin and what router?

[Roody]

I am using Bulletproof FTP Server and It's a Linksys 8 Port.

[TEH WIN]

forward port 21 to your server. should work fine after that...

whats this "passive mode" thing you speak of?

[Roody]

that didnt work man. i have tried port 21 and other ones with still no resolution. as for passive mode i dont know what it is, thats just what it says when someone tries to connect. that they have entered passive mode.

[TEH WIN]

try some different FTP server software and see what kinda results you get.. personally i use the old version of serv-u 2.5e. its the best, easiest version ever.

rock stable, never had any problems

[CM Weaver]

When using a PASV FTP connection you will also need to open up the number of ports equal to the number of simultaneous connections you wish to allow.

A valid port range would be 1024 -65535. So if you want to allow 5 simultaneous connections for example you would open up 1024 - 1029.

You will also need to configure your FTP software for these PASV ports and configure the PASV connection to use your WAN IP.

[MAmuT]

i had the same problem on my FTP.

and i am 90% secure that the problem is on your ISP

most of the ISPs block comunly used ports in order to increse security

solution: try by using another port instead of port 21 use 5999 thats the port i use and everything is fine.

NOTE: you must change the port fowarding on the router and on BP to 5999

i ll give you all the setings when i get home later.

but by the moment try a different port

oh and on the router set the starting IP for DHCP one over the ip you are using on the FTP machine
EX: FTP=192.168.1.100 DHCP=192.168.1.101

and you ll be fine by fowarding 1 port you dont need more than that

i am on a class right now when i get home i ll post all my config

[MAmuT]

ok here is my config

DHCP disable or starting on unit more than the IP used fot the FTP.

Fpwarding

5999-5999 for the FTP ip
50000-50000 the FTP ip

and DMZ enable

BulletProof

under General
"connection" listen port 5999


on IP Multi IP setings
the ip for the FTP machine is added

PASSIVE MODE
check "use passive mode"

if you have static ip put it there ( THE IP THAT YOUR ISP GAVE YOU ), or if you have you can go to dyndns.org setup and account ( FREE ) and you can select a name for that let say MYFTP and type that name on the Dynamic ip field, so everytime you connect it will be updated. BTW you can do that with static IP , i think its better because instead of using your ip ( whcih looks ugly you can use a name )

ok now "PASSIVE PORT RANGE"

50000-50100

let me know if it works

[JamieLee2k]

I would like to know this too I have a BEFSR41 and I can't get my FTP server Bulletproof to work

[gtcrispy]

Would this port range be the same for my Netgear RT314 router? I've been encountered the same problem as was mentioned above. Thanks

[Jon]

gtcrispy,

Have you telneted into your netgear router and changed the ruleset for ftp port 21?

[gtcrispy]

Yea. I'm not even using port 21. I'm using port 8989. Some people can connect to it fine if they don't use passive mode but i need passive mode to work so that i can use FXP on my ftp server.

[MAmuT]

you have to change the ports fowarding on the router and on the ftp software

i am pretty sure it will work on almost any router the only thing that you must do is foward the those ports and on the ftp software make sure that you are using another port instead of 21 because most of the ISPs block ports for 2 reasons security and they do not want any server or something like that on residential connections

[Spike~BC~]

I agree with TEH WIN Serv-u FTP is the best of the bunch open one port=21 and forget it as many users can connect as you want, I have been using it for sometime now with no problems and it took about 5min to setup.

[MAmuT]

well if it doesnt work with port 21 just use another port

not every ISP leave port 21 able to being used they block that in order to "increase security"

[cyberskye]

as for passive mode i dont know what it is, thats just what it says when someone tries to connect.

Passive mode ftp: The client connects on the server listening port (usually 21). This is the command channel. FTP uses this to receive commands from the client, a separate channel is used for data transmission. Here's where passive gets ugly for the sysadmin...

Once the command session is established, the client will pick a port >1024 for the data channel (lets say 50000). This number is sent back to the server via the command channel and the server waits for the client to connect on port 50000. How does your router know which port was selected, and should be allowed an external connection? It doesn't, so you need to forward ports 1024-65535 to the ftp server.

Passive is very easy for firewalled clients. It is a security hole big-time for servers.

Active mode establishes the command channel the same way, but the server initiates the data connection. This is difficult for firewalled clients to connect as ports 1024-65535 must now be forwarded through their firewall.

FTP=No security. I recommend SSH as a much more flexible and secure replacement. It is also free.

Skye