For a long time I've been wanting to setup a FTP server on my home machine so that I can connect to it from the lab machines and get any updated code I need to work on, etc. So I downloaded Bulletproof FTP server and I know I need to forward the port but it seems there is options for internal and external. This does not involve any illegal usage or high bandwidth whatsoever, but I figured I should run it on a different port than 21. But what port should I forward under Applications and Gaming (in my Linksys router settings) and what should be forwarded under UPnP Forwarding? I don't believe I did it correctly because no one was able to connect to my FTP, except for when I turned on Passive Mode and my roommate was able to connect to it as my local IP when I had it set to port 21 just to test. So I figured it must be something to do with the router if people outside of our network can't connect to it.
How do I setup a FTP behind a router?
- Thread starter duragezic
- Start date
kamper
Diamond Member
- Mar 18, 2003
- 5,513
- 0
- 0
In order to connect through the router on a different port you have to configure everything to listen on a different port. You have to tell bulletproof to listen on a different port and you have to tell the client to attempt to contact your server on a different port.
After that there is the issue of the data sockets. Ftp only sends control data through port 21, any time data is to be sent another socket is created on a different port. There are two ways to do this: either the server connects to a port that the client agrees to listen on, or the client makes another connection on some other port that the server agrees to listen on. Generally the client dictates which method will be used, controlled by the Passive Mode (although the server is allowed to refuse certain configurations for security reasons). If your server is behind a firewall your best bet is to have the server initiate the connection (can't remember which mode that is specifically). If the client is also behind a firewall or refuses to use this method then your only option is to open up some more ports. To do that you probably want to open a range of ports somewhere up high. You also have to tell the server to only allow data connections to these ports. In my vsftp.conf I have the lines:
pasv_min_port=21635
pasv_max_port=21640
That actually limits the number of simultaneous data connections to 6. I know your config would be different for Bulletproof (if it even supports this) but that is the general idea. The client does not need to know about this range, as the server will tell the client which data port to connect to when it is needed.
After that there is the issue of the data sockets. Ftp only sends control data through port 21, any time data is to be sent another socket is created on a different port. There are two ways to do this: either the server connects to a port that the client agrees to listen on, or the client makes another connection on some other port that the server agrees to listen on. Generally the client dictates which method will be used, controlled by the Passive Mode (although the server is allowed to refuse certain configurations for security reasons). If your server is behind a firewall your best bet is to have the server initiate the connection (can't remember which mode that is specifically). If the client is also behind a firewall or refuses to use this method then your only option is to open up some more ports. To do that you probably want to open a range of ports somewhere up high. You also have to tell the server to only allow data connections to these ports. In my vsftp.conf I have the lines:
pasv_min_port=21635
pasv_max_port=21640
That actually limits the number of simultaneous data connections to 6. I know your config would be different for Bulletproof (if it even supports this) but that is the general idea. The client does not need to know about this range, as the server will tell the client which data port to connect to when it is needed.
Now I'll admit that I have no clue what kamper is saying in that post: I'm not that advanced. But I am able to set up an FTP server in the same environment that you describe. First make sure that you have a static IP from your ISP. If you do not sign up for a free account at dyndns. That service will permit you to run an ftp or www server with a dynamic IP. Next set up the computer with the ftp server to have a static internal ip. This is done by giving it an ip outside those used by the router for dhcp. Finally set the router to forward requests for port 21 to the static IP you assigned to the ftp serving computer. Some isps block port 21 requests to keep you from running a server but many do not. If it does you may have to change the port but I have no experience with this sorry. Good luck and I hope I've at least given you some direction.
D
D
- Oct 25, 1999
- 29,553
- 430
- 126
First you take into consideration that your ISP might be blocking port 21.
So one good solution is the register with a DNS Service that let you do port redirection.
Under such setting the out side users can use their default port 21 and the DNS Service would redirect it to your ports.
Active vs. Passive. When using Firewalls and Routers neither can provide a full proof method.
The comprise solution used by many is to use Passive mode and restrict the range of the ports (see Kamper post above).
The ports that included in this range have to opened through the Router and or Software Firewall.
About using DNS service for redirect and have a static address see here.
Link to: How can I find My Home Computer/Server on this "Huge" Internet World?
A simpler method that uses the regular http port 80 is described here.
Link to: Simple Serving
:sun:
So one good solution is the register with a DNS Service that let you do port redirection.
Under such setting the out side users can use their default port 21 and the DNS Service would redirect it to your ports.
Active vs. Passive. When using Firewalls and Routers neither can provide a full proof method.
The comprise solution used by many is to use Passive mode and restrict the range of the ports (see Kamper post above).
The ports that included in this range have to opened through the Router and or Software Firewall.
About using DNS service for redirect and have a static address see here.
Link to: How can I find My Home Computer/Server on this "Huge" Internet World?
A simpler method that uses the regular http port 80 is described here.
Link to: Simple Serving
:sun:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter