Posted: 5/28/2007 4:40:05 PM EDT
|
Please help or my next thread will be “The Router of Truth”. I am trying to enable FTP over a Linksys router. (BEFW11S4 v3. Firmware 1.45.1) After opening all relavant ports TCP and UDP UPnP, enabling DMZ, etc, and still having no luck; I found out that Linksys routers have some kind of problem with passive FTP or something.  This is where my geek-fu gets a little weak.  If anyone [subliminal] Subnet [/subliminial] could explain this or just tell me if I need to buy a new router and give me a suggestion. If not feel free to chime in with an “I like pie”. eta. I like pie count .... 2 |
|
What exactly are you trying to do? Are you hosting an FTP server behind the router and clients are having trouble connecting to it via passive mode? ETA: If this is what you are trying to do, remember that the client side will make the command connection via 21 and the data connection via a random high port number. |
|
I'm just using the windows FTP. The idea was to enable me to download from customers machines without having to install a seperate client. Network is DHCP except for the host machine, which is static. Comcast also uses dynamic so I registered with dyndns. *eta* I enabled DMZ temporarily and disabled my firewall just to be sure I accounted for the random port # and still no luck. If you Google linksys ftp passive you will see all kinds of related problems but no real clear fix. |
Oh. I have no idea how WinFTP works. Generally with passive modes you have to list the internal (lan) IP, and then the external (wan) IP, along with a specific port. I've only ever used cuteftp.. sorry. Good luck tho. |
|
Hmm, Windows FTP? IIS? Well, I don't have any experience with Linksys routers, but you might look at configuring the FTP server's passive settings to specify a port range that you are comfortable with. When this is done, configure the router to forward the port 21 command connection (I assume the machine has a private RFC 1918 type address) and the range you specified for passive FTP data connections to the static server IP. edited for some clarity I hope. |
After three linksys routers that were a huge pain in my ass (providing service for a dozen clients, not just me) I finally got a generic buffalo router that uses the same broadcom chipset. It has been flawless from the get go. I have used open source firmware (DD-WRT) on all four of them, but none of the linksys ones were ever stable, no matter what I tried. The last one was the highly rated WRT54-GL too. 
|
This is why I stay the hell away from consumer grade hardware for business use. |
Thanks anyway. |
Thanks for the info. I'll check them out since I have a feeling I'll be getting a new router soon. Whats effed up is I really liked their stuff untill I ran into this. First problem turns out to be a deal breaker. 
|
It's not a business, I share my signal with friends through a cooperative arrangement. I'd be glad to buy a $500 router if I actually made any money with it, but I am lucky to break even. If you have any unused cisco wireless access points laying around, I'd be happy to take them off your hands. 
|
Checked that; ran into it the other week with Verizon blocking port 80. Scanned mine with Shields up and CanUSeeMe. All ports were good to go, and it works great without the router. |
Next, since you tried multiple means to route that traffic, reset those other means. For FTP you want to forward by default ports 20 and 21. |
Both 20 and 21 are forwarded in TCP and UDP. Even ran it as DMZ which supposedly is wide open and no luck. |
I saw the phrase "providing service for a dozen clients" and that set my business antenna twitching. Hopefully your cooperative arrangement returns you some sort of goods or services! All my Cisco gear is in use. I actually use SonicWall stuff for branch side wireless. The Cisco routers are higher up the food chain. |
Save the config, no DMZ, reset the router. Next try to use a console telnet session to the ftp control port 21. |
You mentioned passive mode. Once again, 20/21 are going to be used for command. You will still have a range of high ports that are going to be randomly used for data connections in passive mode. If your router is not configured to accept connections from this range, it will not work. Are you running a server or are you having trouble connecting out to FTP servers. Your terminology is a little vague. |
If his server (assuming he has a server at this point) is set to listen in passive mode, then the client side will be making the data connections on random (specified in FTP config settings) high ports. Simply making a control connection to 21 won't necessarily help him. |
Those higher ports connect from out the ftp host. No need to forward back as the regular means of using NAT will suffice. |
Your testing the command path, a single port. It is a troubleshooting method, no other ports are used. |
Please explain to me, how you would configure a router to accept external client initiated sessions to an internal FTP server using passive mode. This assumes that the internal FTP server is on a privately addressed NAT segment and is not part of a DMZ. |
Port forwarding is simple. That is why I suggested it many posts ago. GUMBY. Are you running an FTP server from behind your router? Are external clients (those outside the bounds of your network) unable to connect to said server? I still do not know if this is what you are trying to do! |
Your right it is very simple, if your the one doing it. It also helps when your using something guaranteed to work right the first time such as a linux machine with IPTables or and old kernel with IPChains. The hassle of figuring out the trying to figure out the quirks of a consumer off the shelf router is a pain. |
Ahh you made me smile. First of the day. Of course I just woke up 40 minutes ago. |
Telnet. You want to do this from the computer that having the problem connecting. Go start -> run -> Type in cmd and hit run. From the Telnet> prompt type "open ftphost_ipaddress 21" where ftphost is the internet ipaddress of your internet connection. One second thought, also give me your current config. How are you setting it up, how are you trying to connect. etc.. ETA: I started it out with simple problems and got more complex, I may have yet overlooked something simple. |
Excellent! I agree with you about something like IP Tables, or an enterprise grade piece of hardware. But that ain't what we're working with here. One thing I do know about consumer grade boxes (again, why I recommend against them) is that they do shit that is NOT easily explained given the relative simplicity of such basic network/server design configurations (I believe you called them "quirky"  ).That is why I am trying to establish the exact thing he's trying to accomplish and suggest basic, straightforward solutions. I am reasonably sure, that if he's trying to host an FTP server behind something like a Linksys router, that he will need to forward the control/command ports as well as the passive range to the internal (NAT, RFC 1918, Private, whatever you want to call it) static IP of the host server since the client initiates both connections in passive mode. That's all.  |
I am runing FTP IIS service off an XP pro machine. When an external client logs on they are imediatly given an error code about entering passive mode. Although the log does show they were connected. ??? After doing a lot of reading (Google linksys ftp passive to see what I mean) there is some kind of problem with linksys routers. Other people seem to be having the same problem. eta. I have forwarded all ports to my machine and still get the same results. Gonna go to bed. Will try again tomorrow. Thanks all for the help. |
|
See my post right before yours. Have you done this? ETA: I see this is XP Pro. I know little to nothing about workstation OS server implemenations. Failing my ramblings about passive mode, port ranges, and forwarding, you could check XP Pro local security settings. |
That is what he is trying to do, as he said with regards to blocked ports, it works without th router. Again you don't need to forward any more ports that 20/21 for ftp. Forwarding a range of other ports will impact your overall network performance besides just be unnecessary. |
Without the router, there is no intermediary for traffic. I'm not surprised it works without the router.
for active FTP, absolutely not.
Very well then. Good luck Gumby. ETA, since I realize I am talking out of my ass with regards to your Linksys box. I googled "configuring passive ftp on a linksys router" and every first page return seems to indicate a need to port forward high range port ranges in order for it to work. BTW Google Active and Passive FTP. You will find it very helpful. |