|
I have been messing around with access to a ftp server using different port numbers, going from behind a router.. It seems if I use port 21, that almost All people trying to access, Can..
BUT, if I use say port 45000, and 44999 (x-1 data), that no matter how I set up the router or ftp program, Only some can access the ftp... I have serched for some more info on how to set up NAT to use Non-standard port numbers, with no luck.. I have tryed 3 different routers with the same result, If I use port 21 ONLY, then most all can hook up, But if I use a port like 50000, even if I open the port below for data, and set the router to use non- standard ftp ports, alot of people have trouble hooking up...Especially if they are behind a router also, or going threw a proxi... I hope someone can understand what I mean and maybe point me to some detailed info on using non standard ports for ftp ?? Thanks for any input and/or info.... SeeYa :) |
Hi BIGHEADover50, in simple terms:
Software like IE 6.0 does not seem to know how to cope well if there is a Firewall box in the mix and ports are other than 21. Actually the Firewall boxes have specific code in them to allow FTP to function through the box like port 80 can. The code is designed around port 21 and does not take effect if the port number is something else. A few FTP Client programs (Newer versions) seem to know what to do in this case. One that seems to do the trick is FlashFXP, even if you use various port numbers.:D |
I'd love to understand fully what's behind this. At home I can access an ftp on any port (dialup=sux). At work I have cable and I'm behind a router, so I can only access ftps on port 21 (and that sux too). I think I saw someone suggest somewhere to try checking "Site uses IP Masq/NAT/Non-Routable IP" in FlashFXP but I haven't got round to trying that yet (and not sure it works, either). Anybody knowledgable on this subject?
g-string. |
Hi g-string, I expect you know that when making a connection on the Internet the Packets go through a number of Boxes called Routers. Any one of the Routers along the way can Mess with which packets go through and which ones get sent to the "Dirty Bit Bucket".
The Setting "IP Masq/NAT/Non-Routable IP" in FlashFXP can make a difference when connecting to an FTP Server. It will allow you to connect through a NAT Router box (Linksys BEFSR41) when most other things cannot.:D |
what ftp server program are ya using?
|
I too would like to know (learn) more about this. This past weekend was transtioned to comcast.net. Upload speeds went from 138K up to 15K up. Lost my second IP. Went out and bought Linksys BEFSR41 router. Figure speed is slow but still able to help out. Have to run DMZ host to get anything to work right. Tried port forwarding, but no go. What is the best way to set up?
Alll help appreciated HotRod |
Many thanks, Crowdirt - that sounds very encouraging. I may even break a golden rule and go into the office this weekend to see if that setting in Flash can let me see my friends' servers. :cool:
g-string. |
Some things are to learn at RaidenFTPDs support pages at http://www.raidenftpd.com/en/raiden-...-setup-ip.html f eks, or start at http://www.raidenftpd.com/en/raiden-ftpd-doc/index.html. I guess other ftp-server-programmers have similar support pages, but I used RaidenFTPD for a while and then had to learn something from them. Obviously there are different problems with different ftp-clients, and also different problems with different ftp-servers. It is not as straightforward as one would wish...
.unicorn |
Hi Hotrod, have a read on Page #6 of Crowdirt's Server for some comments on the Linksys BEFSR41 et. al. May answer some of your questions.:D
|
I use bulletproof server, but also have used servU...
I really don't think that the Server Program is the problem, I really believe the problem is in the NAT box... I just want to find out how to setup a router to use non standard ports, if this is possible.... Like Crowdirt mentions, I understand that most NAT boxes are setup for ftp to run threw port 21, but Many people do not use this port for differnet reasons (hackers,cablecompanys,M$,etc.)My Question is, how to set up NAT so that a nonstandard port can be used ? Any of the brand name routers web sites I have been over and over, and most do not even speek of this... I have been to Many forums on broadband, and a couple touch on this but don't really go into depth about it... If you Can't setup these hard coded NAT routers like Linksys, Netgear, SMC, etc., then I suppose the only real way to do this is a Software NAT program that you set up on a Linux box and program yourself, but I am a year or so away from knowing how to write Linux code... I also have not the cash for a $5000 cisco box that probably can be programed and filtered to use non-standard ftp ports... I really am just looking for some place to go and learn more about what I am talking about here, even my MCSE in networking essentials and TCP/IP do not get into this.... Again, thanks for the input and Ideas SeeYa :) |
I used to run my ftp on a non-standard port, sitting behind a d-link internet gateway. It worked without any problems. The procedure was also clearly outlined in the manual. The NAT function demands that the gateway knows of where to send incoming requests.
This was done in the setup where I told the gateway to link everything incoming (to the real world IP) on port (f eks) 7654 to go to internal IP 192.168.0.2 port 21. That computer then run the server on port 21. I also told the gateway to translate real world IP port 7653 to go to 192.168.0.2 port 20. Isnīt this possible to do with your gateway? I hardly had anyone that complained about troubles with logging in. There were a few that logged in and then never succeeded to get any dir-listings. After I asked them to toggle between PASV and PORT mode my impression is that they overcame the trouble. (Or maybe they gave in?) Are there other experiences? The (few) problems was not at the NAT/gateway (D-Link) nor at the server (RaidenFTPD) but rather with some ftp-clients. At least this is what I think. Or maybe I wish that this was the situation, I donīt know for sure as I didnīt log in myself from the outside more than at one single occassion. The problem is interestening as running your own server sometimes is the only solution to actually get stuff. I wish everyone run a small private server...:) And maybe I should install one myself again just for the feeling if not for something else. .unicorn |
Thanks unicorn, but I have a couple of questions on what you talk about on D Link routers...
I have a DI-704 and the setup is not very clear in the manual as you state... I have set mine to open port 5000, for example, to my server machine, 192.168.xxx.xxx. But you talk of setting to port 21 on the internal 192 machine and I don't follow... Are you talking on the virtual server page ? This only runs the requests from whatever port, to your internal machine (192....), how do you make it think that port 50000 is 21 on your internal 192.... machine ? I have read and re-read the manual, and see no reference on how to make the router think that port 5000 for example, is port 21 ?..... I don't have alot of trouble with people hooking up the way I have set up the routers I have, BUT, if I use port 21 on my FTP server, and OPEN port 21 on my router ONLY, then almost everyone can access easily.... BUT, if I set up my FTP server on another port, say 5000, then SOME have trouble connecting, even though I have port 5000 open on the router AND port 4999 open as well.... It seems to be the same for all 3 of my routers, no matter how I hook them up unless I use DMZ, and then you in effect, have no NAT protection at all.... I am not trying to be smart a** about this, I just don't understand the internal port 21 you speek of, unless you mean an FTP program, and you have to set those up for the port you are allowing access threw... What am I missing here ? Thanks again for your help and ideas SeeYa :) |
I think it is called port redirecting. I donīt know about di-704, mine is a 804.
Anyway, there is a choice there in Advanced settings. There it is easy to tell di-804 to redirect f.eks incoming port 7654 to the machine [internal IP] and port [port no]. Thatīs what I did with 7654 and 7653 (to 21 and 20) and then I run a server that was configuered to listen to 21. This is what it looks like in my setup for the d-link: -------------------------------------------------- Port Redirection Comment Protocol Incoming Port Local Port Local IP 1 ftp-darkstar TCP 7653 20 192.168.0.9 2 ftp-darkstar TCP 7654 21 192.168.0.9 -------------------------------------------------- Now I donīt think this is super important. I used it cause I then run a server using an old machine and Linux. At the same time I wanted to use/work at another machine, faster and better, and also wanted to be able to run a ftp-client at it from time to time. Hehe. I donīt think you try to be an smartass. Neither do I, Iīm not smart enough and also brought up not to be an ass. :) D-Link. My manual for the di-804 is really bad. The screenshots in the manual, the headlines and the procedures do, in most of the chapters, not match what I see on my screen when configuring the router. I read it only for reference and then had to navigate around in a trial and error manner. I remember I rebooted the router a lot of times. However, when it finally was correctly set there was never any troubles with the function. Also, the support sucks too. (D-link claims you can restrict Internet access from computers inside the LAN area of your choice. I havent been able to figuere that out yet, 2 e-mails to their support sent for 5 months+ ago where never replied...) Software NATs and software ICS programs like Tiny Softwares Winroute (among many others) are pretty good. I really prefer the hardware solution though. The advantages are many; fast reboot, always working, easy to maintain, the rest of the LAN doesnīt depend on a computer that might need to be rebooted or updated or... something. The di-804 also logs in and keep my connection alive, always ready to use. Conclusion. This is not a very big problem. As you say there are only a few ppl having probs. I actually believe the problem is at their side most of the time. Maybe they are behind a firewall at work and not are aware that it blocks the port your server is running at? Maybe they run a crappy ftp-client? Then again G6 is not good at FXP-ing even though it seems to work pretty well in other ways. Does all this help? Hardly, I guess. But I do find the subject interestening as I am a little fond of print servers, routers and other small boxes. .unicorn |
Thanks for your explaination unicorn, I understand what your talking about now, and you have made a couple of other things more clear now too....
I, like you, am very interested in routers and other boxes also, and I also agree that most of the time, the trouble connecting is from the client side, but if I know more about how all this works, I may be better able to have solutions for the problems some have... Thanks again for this valuable info, it has helped alot... SeeYa :) |
| All times are GMT +1. The time now is 05:51 PM. |
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.