Linksys 4 port router and holding a FTP site

kormaster

Senior member
Apr 19, 2001
368
0
0
I just got this connected viz DirecTVDSL... fortunately, these guys have static ip. Ok, so i enter all that info into the router and bam.. 2 computers are online.
Problems:

1) None of us can hold a FTP site nor transfer file through AIM or MS Messenger
2) I know that i have to set the router DHPS ip address to start at 191.168.1.x (1<X<99) The manual tells me that anything over 100 becomes automatically assigned.
then my router dont work if i change that setting
3) Do i have to change the IP FORWARDING tab info? port range from what to what?

Help please my beloved anandtech peeps!
:Q
 

blstriker

Golden Member
Oct 22, 1999
1,432
0
0
Okay, there has be a tremendous amount of problem with people running a FTP site behind a router. I don't know of a good way around it and I've been looking for about a year now. Here is the problem:

1. Server behind router, client behind router = problems
2. Server behind router, client NOT behind router = okay
3. Server NOT behind router, client behind router = okay

As you can see, when both the ftp server and ftp client are behind routers, things don't work well. The answer you'll get from most people is to enable passive mode. This does not work. Another thing people will tell you is to forward both port 20 and 21. Again, this does not usually work.

This problems seems to be with all FTP servers, but especially with IIS.
 

guaraguao

Member
May 21, 2001
159
0
0


<< As you can see, when both the ftp server and ftp client are behind routers, things don't work well. The answer you'll get from most people is to enable passive mode. This does not work. >>



Uh, you're full of 5hit. I have enabled passive mode with not one but TWO ftp servers running behind a linksys. The trick is in defining the ports to be used for passive connections, and forwarding that same range to the target server. If you don't want to mess with all that, you can simply point DMZ to the computer.




<< Another thing people will tell you is to forward both port 20 and 21. Again, this does not usually work. >>



What are you talking about? it works perfectly, and in fact I don't even have to forward 20; the linksys seems to handle it automatically




<< This problems seems to be with all FTP servers, but especially with IIS. >>



What are you smoking? I cannot vouch for IIS, have no idea about that--but I have used wu-ftpd, proftpd, and regular freebsd-ftpd--they all work!
 

guaraguao

Member
May 21, 2001
159
0
0


<<
Problems:

1) None of us can hold a FTP site nor transfer file through AIM or MS Messenger
>>


This is a pain. I haven't been able to get it to work, either.



<< 2) I know that i have to set the router DHPS ip address to start at 191.168.1.x (1<X<99) The manual tells me that anything over 100 becomes automatically assigned. >>



The linksys comes by default with DHCP running. Dynamic Host Configuration Protocol. That means that you simply plug in and it Dynamically Configures your Host--IE, it gives you a network address. By default, it'll give you an ip starting with 192.168.1.100, then the next computer will be 192.168.1.101, so on and so forth. If you want to port forward, you'll want to define your OWN ip address so that when you boot up, it -doesn't- ask the linksys for an IP. You do this by switching the setting in windows networking from "obtain IP address automatically" to "specify IP address." Try, for instance, 192.168.1.2 as the IP for your ftp server. (You will have to set DNS servers manually as well--try 192.168.1.1 in the "DNS" tab)

OK, now that you have a working static IP setup...



<< 3) Do i have to change the IP FORWARDING tab info? port range from what to what? >>



You want to forward ports 20 to 21 to 192.168.1.2, or whatever you assigned to your server. This should work. It won't, however, work passively. I have no experience with IIS, so I don't know if it allows you to configure the passive port range that is used, but if it does, you obviously just pick a range, and then forward that same range to your server.

Another option is to simply set the DMZ to point to 192.168.1.2.


g'luck
 

blstriker

Golden Member
Oct 22, 1999
1,432
0
0
guaraguao, what the heck is your problem? Don't be such as prickhead or you'll find yourself a lot of enemies real fast.

If the setup as worked for you, then great, however, there are a lot of people who have the problem that I described and haven't been able to fix it using the methods you post. If all you have to do is hurl insults at somebody trying to help somebody else, then you really need pull your head out of your rectum and get outside once in a while.

 

guaraguao

Member
May 21, 2001
159
0
0


<< guaraguao, what the heck is your problem? >>


My problem is that you are not giving the linksys hardware the credit that is due to it. Just because many people do not know how to configure it, does not mean that it is the fault of the hardware. What bothers me is the absolutist way that you say "things don't work well." --It is my viewpoint that they do, in fact, work well, and that you don't know enough about the situation to know whether it's a fault of the router or the person.



<< If the setup as worked for you, then great, however, there are a lot of people who have the problem that I described and haven't been able to fix it using the methods you post. If all you have to do is hurl insults at somebody trying to help somebody else, then you really need pull your head out of your rectum and get outside once in a while. >>


Were you trying to help him? all you did was say that it has given you much trouble to configure it. You didn't help him at all, and you made it seem as if he were attempting this in vain; I attempted to debunk what you said because I don't want him discouraged by the experience of another. The only reason I responded in that manner is that you were spreading what I felt was false information.
 

blstriker

Golden Member
Oct 22, 1999
1,432
0
0
If you feel that I am spreading false information that is your right. However, your attitude simply sucks.

I don't give the linksys it's credit? Why don't you do a search in the forums here, hardocp, and practicallynetworked.com and tell me how many people can't get the router to hold a FTP site even with your wonderful directions. My response was based on a lot of research and experience. If you get it to work, maybe you're special, I'm just letting him know that many other people have encountered the same problem as him. Not giving the linksys credit.. please. It's not just the linksys that has problems but also almost every other brand of soho router out there.

I am more than willing to be wrong. If you disagree with me, do so in a mature fashion, not like a stupid idiot in elementary school. Grow up.
 

guaraguao

Member
May 21, 2001
159
0
0


<< I don't give the linksys it's credit? Why don't you do a search in the forums here, hardocp, and practicallynetworked.com and tell me how many people can't get the router to hold a FTP site even with your wonderful directions. My response was based on a lot of research and experience. If you get it to work, maybe you're special. >>


Do a search for "how do I set up a network?" and you will get as many, if not more, questions. 90% of the people asking them simply have not done it before and do not have the experience. You didn't post a link to one of those threads, you didn't suggest a firmware upgrade, you didn't do anything. You were simply negative, and that got to me.



<< I am more than willing to be wrong. If you disagree with me, do so in a mature fashion >>


I apologize for the "full of ****" and ". . . smoking?" bit. I definitely could have argued just as effectively without saying that.



<< not like a stupid idiot in elementary school. Grow up. >>


Hehe. Ooh, that hurt. I think I'll let it stand on it's own.
 

blstriker

Golden Member
Oct 22, 1999
1,432
0
0
The reason I didn't post any links was because nobody had the solution to the problem. Many people had conjecture and solutions that worked for themselves only, but no true solutions. But if your suggestions turn out to cure everyone's problems, I'll be more than happy to link to your post next time somebody ask this question. I've been looking for over 8 months and no satisfactory conclusions, including yours.
 

guaraguao

Member
May 21, 2001
159
0
0
Well, what are the problems that you've been having? I had a hard time figuring out how to set up passive FTP, but I finally got it working relatively recently. What's your setup?
 

blstriker

Golden Member
Oct 22, 1999
1,432
0
0
Okay, please explain what you mean by passive ftp. Are you talking about enabling passive mode in the ftp client, if so, I have tried this. Are you talking about setting up a passive ftp server? I have no idea what this is. Please explain how you setup your ftp server.
 

guaraguao

Member
May 21, 2001
159
0
0


<< Okay, please explain what you mean by passive ftp. Are you talking about enabling passive mode in the ftp client, if so, I have tried this. >>


I mean setting up the server in the LAN so that it can accept passive connections from a client. It is called Masquerading.
It effectively tells the ftp server to, instead of giving out it's actual LAN address, give out the public address of the router.

Out of my proftpd conf file:
--
MasqueradeAddress 1.2.3.4
PassivePorts 42503 43000
--

Where MasqueradeAddress is my publicly accessible IP address; the one that the router uses. I then forward ports 20-21, and 42503-43000 into my internal server, who's ip address is 192.168.0.3. You can use any range of ports above 1023, I believe, for passive connections.

The above has the effect of allowing a client that is not firewalled to connect using regular ftp, and also allows web browsers (and firewalled clients) to connect using passive ftp.
 

blstriker

Golden Member
Oct 22, 1999
1,432
0
0
Interesting, I'll have to check and see if IIS has a similar function. Sounds very interesting. I'll let you know how it goes.
 

guaraguao

Member
May 21, 2001
159
0
0
MS Knowledge Base link

"Description: This parameter controls the maximum port number used when an application requests any available user port from the system. Normally, ephemeral (that is, short-lived) ports are allocated between the values of 1024 and 5000 inclusive. "

It appears that if you forward ports 1024-5000 to your IIS machine, in addition to ports 20-21, passive mode (such as from a web browser) should work.

But, on second glance, it won't:

"There is no way to configure this in the IIS FTP server, therefore IIS
cannot be used to provide passive FTP from behind a NAT firewall.
"

THe reason, as detailed above, is that when a passive connection request is received, the server responds with it's ip address, and the port to connect on. If your server is set to an internal ip (IE, 192.168.1.x), it will report the wrong IP address; you will see that in the error message from the client, "cannot connect to 192.168.1.x."

A possible workaround? Trick the IIS machine into thinking that it has the same IP address as your router's external address. If you have windows NT of some sort, then it is possible to bind more then one IP address to an adapter. Set your adapter to have an additional IP, which corresponds to your router's external IP. The goal is to get your computer to report itself as your router's internet address, so that when it gets sent back to the client, the client responds to the router, who then bounces it back into your IIS. I would set it so that the external IP is listed first, then the internal--that way, hopefully, the IIS would default to the first entry when sending out the instructions on the PASV connection.

 

blstriker

Golden Member
Oct 22, 1999
1,432
0
0
That is an interesting idea. Sounds promising. Unfortunatly, it won't work for people who have dynamic IP addresses who are using dynamic DNS services. At least I hope it works with static IP addresses. I'll try it out and see what happens. Thanks for the research.

 

IgorTs

Senior member
Dec 4, 2001
421
0
76
Are you going to fight? placing my bets.
Linksys works fine for me, and most people complain because they can't get it to work!
We all human, some with IT experience.
I just forwarded 20 and 21 TCP and UDP.
 

guaraguao

Member
May 21, 2001
159
0
0


<< That is an interesting idea. Sounds promising. Unfortunatly, it won't work for people who have dynamic IP addresses who are using dynamic DNS services. At least I hope it works with static IP addresses. I'll try it out and see what happens. Thanks for the research. >>


NP. :)
You know, if you want to really hack at it... there is a python dyndns client here called ls_dydns. It will log into the linksys automatically and check its IP, and update your dyndns entry if it has changed. It seems like only a small leap to get it to run the appropriate 'ipconfig' command to update your IIS's masquerading IP.

Of course, you have to be insane (like me) to even consider it, but I thought I'd share the thought. :>

Happy holidays, folks
 

kormaster

Senior member
Apr 19, 2001
368
0
0
ok, u guys are great... both of u guys... just stop arguing.. i feel bad...

Ok... Directv DSL fortunately provides a static IP... the router gives out 191.168.1.100 for me and 101 for my roommate... a typical result of DHCP enabled feature.

Can you explain a little bit more on DMZ? Right now it is setup as 191.168.1.2 (i changed the value). And under IP forwarding tab, 191.168.1.2 is triggered from port range from 7-162 (i didnt know which value so i picked the widest range)

Now do i have to DISABLE the DHCP under that tab? or just change the value on the starting IP from 192.168.1.2 (right now it is at 100)
 

guaraguao

Member
May 21, 2001
159
0
0


<< ok, u guys are great... both of u guys... just stop arguing.. i feel bad... >>


<grin>



<< Can you explain a little bit more on DMZ? Right now it is setup as 191.168.1.2 (i changed the value). And under IP forwarding tab, 191.168.1.2 is triggered from port range from 7-162 (i didnt know which value so i picked the widest range) >>


DMZ simply forwards anything that you haven't already designated in the "Forwards" tab over to the IP that you specify.
The reason that nothing is working is that 192.168.1.2 doesn't point to anything! You have to set up one of your computers to have the IP address of 192.168.1.2. You may also point dmz to 192.168.1.100 or 101, and it'll point to your or your roommate's computer.



<< Now do i have to DISABLE the DHCP under that tab? or just change the value on the starting IP from 192.168.1.2 (right now it is at 100) >>


You do not need to disable DHCP in order to use the forwarding function. It is just recommended (and common sense) to assign an IP manually to where you are forwarding; if you reboot your computer, it's ip is likely to change because it is assigned every time you boot up. My LAN runs static IPs, but dhcp is also running so that anyone can plug in and go.