why server hard to access when port set other than 21

[unicorn]

I used to run my ftp on a non-standard port, sitting behind a d-link internet gateway. It worked without any problems. The procedure was also clearly outlined in the manual. The NAT function demands that the gateway knows of where to send incoming requests.

This was done in the setup where I told the gateway to link everything incoming (to the real world IP) on port (f eks) 7654 to go to internal IP 192.168.0.2 port 21. That computer then run the server on port 21. I also told the gateway to translate real world IP port 7653 to go to 192.168.0.2 port 20.

Isn´t this possible to do with your gateway? I hardly had anyone that complained about troubles with logging in. There were a few that logged in and then never succeeded to get any dir-listings. After I asked them to toggle between PASV and PORT mode my impression is that they overcame the trouble. (Or maybe they gave in?)

Are there other experiences?

The (few) problems was not at the NAT/gateway (D-Link) nor at the server (RaidenFTPD) but rather with some ftp-clients. At least this is what I think. Or maybe I wish that this was the situation, I don´t know for sure as I didn´t log in myself from the outside more than at one single occassion.

The problem is interestening as running your own server sometimes is the only solution to actually get stuff. I wish everyone run a small private server... And maybe I should install one myself again just for the feeling if not for something else.

.unicorn

[BigHead50]

Thanks unicorn, but I have a couple of questions on what you talk about on D Link routers...
I have a DI-704 and the setup is not very clear in the manual as you state...
I have set mine to open port 5000, for example, to my server machine, 192.168.xxx.xxx. But you talk of setting to port 21 on the internal 192 machine and I don't follow...

Are you talking on the virtual server page ? This only runs the requests from whatever port, to your internal machine (192....), how do you make it think that port 50000 is 21 on your internal 192.... machine ?

I have read and re-read the manual, and see no reference on how to make the router think that port 5000 for example, is port 21 ?.....

I don't have alot of trouble with people hooking up the way I have set up the routers I have, BUT, if I use port 21 on my FTP server, and OPEN port 21 on my router ONLY, then almost everyone can access easily....

BUT, if I set up my FTP server on another port, say 5000, then SOME have trouble connecting, even though I have port 5000 open on the router AND port 4999 open as well....

It seems to be the same for all 3 of my routers, no matter how I hook them up unless I use DMZ, and then you in effect, have no NAT protection at all....

I am not trying to be smart a** about this, I just don't understand the internal port 21 you speek of, unless you mean an FTP program, and you have to set those up for the port you are allowing access threw...

What am I missing here ?

Thanks again for your help and ideas

SeeYa

[unicorn]

I think it is called port redirecting. I don´t know about di-704, mine is a 804.
Anyway, there is a choice there in Advanced settings. There it is easy to tell di-804 to redirect f.eks incoming port 7654 to the machine [internal IP] and port [port no]. That´s what I did with 7654 and 7653 (to 21 and 20) and then I run a server that was configuered to listen to 21. This is what it looks like in my setup for the d-link:

--------------------------------------------------
Port Redirection

Comment Protocol Incoming Port Local Port Local IP

1 ftp-darkstar TCP 7653 20 192.168.0.9
2 ftp-darkstar TCP 7654 21 192.168.0.9

--------------------------------------------------

Now I don´t think this is super important. I used it cause I then run a server using an old machine and Linux. At the same time I wanted to use/work at another machine, faster and better, and also wanted to be able to run a ftp-client at it from time to time.

Hehe. I don´t think you try to be an smartass. Neither do I, I´m not smart enough and also brought up not to be an ass.

D-Link. My manual for the di-804 is really bad. The screenshots in the manual, the headlines and the procedures do, in most of the chapters, not match what I see on my screen when configuring the router. I read it only for reference and then had to navigate around in a trial and error manner. I remember I rebooted the router a lot of times. However, when it finally was correctly set there was never any troubles with the function.
Also, the support sucks too. (D-link claims you can restrict Internet access from computers inside the LAN area of your choice. I havent been able to figuere that out yet, 2 e-mails to their support sent for 5 months+ ago where never replied...)

Software NATs and software ICS programs like Tiny Softwares Winroute (among many others) are pretty good. I really prefer the hardware solution though. The advantages are many; fast reboot, always working, easy to maintain, the rest of the LAN doesn´t depend on a computer that might need to be rebooted or updated or... something. The di-804 also logs in and keep my connection alive, always ready to use.

Conclusion. This is not a very big problem. As you say there are only a few ppl having probs. I actually believe the problem is at their side most of the time. Maybe they are behind a firewall at work and not are aware that it blocks the port your server is running at? Maybe they run a crappy ftp-client? Then again G6 is not good at FXP-ing even though it seems to work pretty well in other ways.

Does all this help? Hardly, I guess. But I do find the subject interestening as I am a little fond of print servers, routers and other small boxes.

.unicorn

[BigHead50]

Thanks for your explaination unicorn, I understand what your talking about now, and you have made a couple of other things more clear now too....

I, like you, am very interested in routers and other boxes also, and I also agree that most of the time, the trouble connecting is from the client side, but if I know more about how all this works, I may be better able to have solutions for the problems some have...

Thanks again for this valuable info, it has helped alot...

SeeYa