FTP Help!

[Candace Sparks]

Client has FTP setup on a computer for customers to upload files to. His
ISP does not allow access to the DSL router by customers, only by Tech
Support. The FTP server has a static private address, 192.168.0.x. I know
the public IPaddress for Internet Connection. If port 21 is forwarded to
his static IP address on the ftp computer, it should work for his customers
to access that ftp computer, correct? They told me they could not access
the router last time I talked with them, which I find odd, since they are
the ones that set it up.

Need help getting this resolved!

Thank you for your help in advance!

Candace Sparks

 

[DanS]

Client has FTP setup on a computer for customers to upload files to.
His ISP does not allow access to the DSL router by customers, only by
Tech Support. The FTP server has a static private address,
192.168.0.x. I know the public IPaddress for Internet Connection. If
port 21 is forwarded to his static IP address on the ftp computer, it
should work for his customers to access that ftp computer, correct?
They told me they could not access the router last time I talked with
them, which I find odd, since they are the ones that set it up.

Need help getting this resolved!

Thank you for your help in advance!

Candace Sparks

Hi Candace,

First, total BS that the ISP won't let the user's access the router. I am
assuming it's a combo DSL Modem/Router. I myself would request a Modem-
only box, or buy a DSL modem-only and use that if they will authorize it
on the system. Then connect a privately owned router that you have
complete and total access to.

Port 21 is the well-known-port for FTP. But FTP requires 2 connections, 2
separate ports. Port 21 is used for control connections, and another port
is used for the actual data connection. I can never remember if it's port
20 or 22, so one of those needs to be forwarded as well.

Additionally, FTP'g through a browser is a crap shoot. It may or may not
work, especially since IE ( and I think Firefox) default to using
'Passive' mode. My FTP sometimes works thru a browser, but ALWAYS works
with a 'real' FTP client (with NO PASV mode)....may I suggest Filezilla
(arguably the best at this time) http://filezilla.sourceforge.net

Funny how some of the best programs for certain tasks are free.

Regards,

DanS

 

[John Wunderlich]

Client has FTP setup on a computer for customers to upload files
to. His ISP does not allow access to the DSL router by customers,
only by Tech Support. The FTP server has a static private
address, 192.168.0.x. I know the public IPaddress for Internet
Connection. If port 21 is forwarded to his static IP address on
the ftp computer, it should work for his customers to access that
ftp computer, correct? They told me they could not access the
router last time I talked with them, which I find odd, since they
are the ones that set it up.

You are up against several barriers. The first is "Active" vs
"Passive" mode FTP. If, like you describe, the FTP Server is behind
a NAT Router (like the standard DSL/Cable Modem Router), then only
Active mode FTP will work. If the FTP Client is behind a NAT
router, then only Passive mode will work. If both ends are each
behind a different NAT router, then FTP won't work at all. You
don't mention which client software is being used, but most allow a
choice.
Ref:
<http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html>

Also, with some ISPs (such as mine), local hosting of any server is
against the TOS and they actively enforce it by blocking all
incoming port 21 (FTP) and port 80 (HTTP) connections. If this is
your case, you can try to use a non-standard port or otherwise
you're doomed.

You might consider using SFTP rather than FTP as it works quite a
bit differently and gets around many NAT router problems. Another
solution is to connect using a VPN.

Good Luck,
John

 

[Ross]

[...] If both ends are each

behind a different NAT router, then FTP won't work at all. [...]

this statement is untrue - as can be verified by testing or the below reference

Ref:
<http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html>

what this reference says is the server side NAT router has to be reconfigured to allow Passive
Mode connections to work. This is easily done provided one has access to the routers
configuration utility. One will likely have to configure the FTP server software as well.

 

[John Wunderlich]

what this reference says is the server side NAT router has to be
reconfigured to allow Passive Mode connections to work. This is
easily done provided one has access to the routers configuration
utility. One will likely have to configure the FTP server software
as well.

Beyond that, the problem is that in active mode, the client sends a
PORT command to the server with the IP address and port that the
server should connect to. Since the client is behind a NAT router,
it sends a 192.168.x.x address to the server which is non-routable
across the internet.

Passive mode suffers the same problem at the opposite end. In
response to the client's PASV command, the server sends it's
192.168.x.x address (assuming it's behind a NAT router) and a port
number that can't be routed across the internet.

-- John