|
-
 Firewall to Firewall FTP
Greets all,
A friend of mine and I are having an interesting problem with our respective FTP Servers. It seems (after some light testing) that noone behind a firewall can access our firewall protected (hardware - linksys router) FTP servers.
Normal Dial-up users, for example, seem to have no problem. I have tried quite a few solutions to remedy this situation, but it really isn't my area of expertise -- new to the whole firewall aspect of networking. (Yes - using PASV command)
Any thoughts or even answers would be greatly appreciated -- please let me know if you require further information.
Thakn you
------------------
-zero~abYss
[This message has been edited by zero~abYss (edited September 19, 2000).]
-
Make sure port 21 is open on your firewall. You have to list a bit more info on your setup.. To be of more help.
-
I am not using port 21, but yes the port I use is open ---- keep in mind the firewall allows anyone besides users with firewalls of thier own to access the FTP...
I was a little tired last night and forgot to mention this:
The users with firewalls actually get logged in (on my screen) .. but they never get directory listings and just time out eventually. Thier usrn/pwd is accepted and they will recieve the 'Welcome Message' -- but cannot get dirlist. (tried using mutiple apps to log in with, using PASV command and passive options in IE..etc)
here are all the fancy settings:
Block WAN Request (Enabled) - Disabling, didn't fix the problem.
IPSec Pass Through (Disabled) - Enabling didn't fix the problem. (can anyone explain this option - what it is and does?)
PPTP Pass Through (Disabled) - Enabling didn't fix the problem. (can anyone explain this option - what it is and does?)
The port I use for my FTP server is forwarded to the static IP of the machine with the FTP Server (and this works fine).
Working Mode: Gateway
If you need any more info please let me know.
Thanks again,
------------------
-zero~abYss
[This message has been edited by zero~abYss (edited September 19, 2000).]
[This message has been edited by zero~abYss (edited September 19, 2000).]
-
Jesus... I JUST posted the same problem...
We need to swap issues... ICQ me.
-
Okay - Homerboy and I worked out that if you DMZ the Host IP of the FTP Server and then
use a special option included in the FlashFXP FTP Client 'Site Uses IpMasq/NAT/Non-Routable
IP' then you can access a firewall protected FTP from behind your own firewall.
Does anyone know a better way, I do not want to DMZ my host -- it kind of defeats the
purpose of the firewall. (Turning off Block WAN Request doesn't work eitheR)
Thanks
------------------
-zero~abYss
-
here's a thought, How about having the ftp server outside the firewall? If it's a unix/linux box then you can easily secure it so that it only accepts ftp traffic and drops everything else.
-
I am not familiar with the Linksys doohicky but FTP requires 2 ports to be open. They are TCP port 20 and TCP port 21.
Ignore me if I confused the issue 
------------------
Todd Shreve
http://www.theshreves.com
-
Opening Port 21 as well as 20 and the port I use for the server did not work 
Thanks though,
------------------
-zero~abYss
[This message has been edited by zero~abYss (edited September 22, 2000).]
-
Isolated the problem:
PORT 192,168,1,100,4,41 - This is what my server logs when people behind firewalls try to log in.
It should read
Port xxx,xxx,xxx,xxx,4,41 -- where xxx is the IP of the user logging in.
(of course the 4,41 number slots are ever-changing)
So, just need to figure out why the PORT command screws up for people behind firewalls...
any thougts?
thanks
------------------
-zero~abYss
[This message has been edited by zero~abYss (edited September 22, 2000).]
[This message has been edited by zero~abYss (edited September 22, 2000).]
-
I have recently tried using about 10+ FTP Servers, and they all do the same thing. So I do not think it is the FTP Server software.
------------------
-zero~abYss
-
Well --- in case anyone is still reading this thread and didn't know what to think .... Here is the solution:
Use Port 21, something about using a non-standard port screws up the FTP when it is behind a firewall, and clients to to log in from behind their own firewalls.
Port 20 does not need to be opened, fyi. Just port 21.
So, it can be done without DMZ'ing the machine
Thanks to everyone for their suggestions.. it was a fairly simple fix, but I still do not know why it won't work on a non-standard port.
------------------
-zero~abYss
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
