Need help with setting up ftp. FTP only works on lan :( Stupid Dlink router is causing probs :(

DAWeinG

Platinum Member
Aug 2, 2001
2,839
1
0
I have a Dlink DI-704 router installed at address 192.168.0.1 and when I try to set up a server using serv-u ftp, it only works within the lan. The computer that is supposed to serve has the lan ip 192.168.0.100 but that's not my real ip address. I enabled the 21 port on 192.168.0.100 in the dlink router settings but am stumped. I can actually see files listed when I access ftp://192.168.0.100 but again, no one else can outside the LAN. Someone please help me, TIA.
 

h0vic

Senior member
Feb 12, 2001
735
0
0
I'm assuming you are using your real IP instead of 192.168.0.100 to access your FTP from outside your network.

Try opening up and using a different port like 2100. Check the accounts to make sure you setup everything correctly.

If you router has a log, check to see if it's blocking the connection attempts.
 

Need4Speed

Diamond Member
Dec 27, 1999
5,383
0
0
post the error log that peeps are getting. More often than not, you'll need the set the server up in passive mode...especially if both the client and the server are behind a NAT. Some clients like FlashFXP can handle this correctly and still use PORT mode, but most clients cannot and thus PASV mode is needed.
 

Studdyman

Member
Jan 11, 2002
31
0
0
I use Serv-u also. Don't have a single problem, serv-u sets itself up pretty well on install. I don't have a DLink, I use Linksys but should be the same. I had to make sure the computer my ftp was on was in the DMZ. This opens the FTP up to outside. Should be instructions with the router on how to do this. If the FTP is not in the DMZ it can't be seen. Once in the DMZ you won't need to forward anything or open up any other ports.
 

Need4Speed

Diamond Member
Dec 27, 1999
5,383
0
0
yeah, and once it is in the DMZ its also open for hacking, since ALL ports are being forwarded. All the the DMZ does is forward all ports to that machine. If you are running a dedicated server with nothing critical on it, thats fine...but you would be getting any protection from the NAT in that scenario.

I would switch to PASV and open a small group of ports somewhere in the high range to help keep it from being scanned. There is no need to open more ports than are required...IMHO
 

Studdyman

Member
Jan 11, 2002
31
0
0
Agree'd but if your strickly using NAT then your computer is vulnerble anyway, NAT isn't all that secure. You should be running a firewall anyway. For my secure FTP I use Smoothwall anyway, I don't worry about ports scans and hacks, so it didn't come to mind to mention. Sorry didn't address that issue, only the "I can't connect issue".