Question about Computers & Internet

2 Answers

Hi, i have a network problem since i bought the new router. simply no one of my clients is able to connet to ftp servers from inside the lan. it isn't a client config error sinc ftp client works when laptops are connected trought a mobile internet key (hdspa) but not beind router/firewall. this is really upsetting. in my router nat configuration i can see virtual server and port triggering. i know how to use virtual server, so and so port triggering, but i can't figure out how which port should i open for browsing and downloading from ftp server throught web browser. i don't need to use filezilla or whatsoever, i just need to download drivers from hp ftp website trought IE... so, wich port should i open? is better to trigger those port, so any client can acces ftp? any suggestion to do that? thanks in advance

Posted by on

  • oloap88 Jun 01, 2010

    what i want is just to be able to conect to "third party" ftps from behind a router firewall..
    i supose i should open ports from 1025 to 65000, since ft server get request on port 21 but i should get back data on a random port on that range...
    but this is unaceptable for security reason...
    so how should i set port triggering to dinamically forward the needed port to the client that requested the connection?
    thx in advance.
    paolo.

  • oloap88 Jun 04, 2010

    thanks, great help!

×

Ad

2 Answers

  • Level 3:

    An expert who has achieved level 3 by getting 1000 points

    Superstar:

    An expert that got 20 achievements.

    All-Star:

    An expert that got 10 achievements.

    MVP:

    An expert that got 5 achievements.

  • Master
  • 6,487 Answers

Yes in order for the FTP to work behind a firewall you need to open port 21 for it. Its really recommended that you use port forwarding or also called virtual server then put the IP address there of the FTp server so it will be specified that when a computer connect to the FTP server it will use the port 21 and will go directly to your FTP server, but sometimes when virtual port is not working which is also called port forwarding we can also use the port triggering option to open port 21.
One of those way of opening port 21 should work for your FTP server now.

Posted on Jun 01, 2010

  • 2 more comments 
  • oloap88 Jun 01, 2010

    hi,

    thanks for reply.

    i'm not talking about hosting an ftp server... i just need to be able to browse ftp sever, hp ftp for example from behind a firewal... actually i'm not hosting any ftp server, allso if i'm planing to. actually what i want is just to be able to conect to "third party" ftps..

    i supose i should open ports from 1025 to 65000, since ft server get request on port 21 but i should get back data on a random port on that rage...

    but this is unaceptable for security reason...

    so how should i set port triggering to dinamically forward the needed port to the client that requested the connection?

    thx in advance.

    paolo.

  • Mark Gil
    Mark Gil Jun 02, 2010

    Thank you for the update , you can trigger the port number that the FTP is using so all access to it will be safe.

  • oloap88 Jun 02, 2010

    so, i set up triggering as follow: trigger port: start 21 end 21 protocol tcp/udp open port: start 1000 end 65000 protocoll tcp/udp.



    it works finally! but do you think i can strict this policy in some way? maybe a more strict range, or using only one protocoll? i know i'm vulnerable only when connecting to ftp...

    thank for help!

  • Mark Gil
    Mark Gil Jun 02, 2010

    Sorry but there's no way to do some restrictions about that port triggering that you did to open the port for your FTP. Since the vulnerability will only happen once there's a request to access the FTP server.

×

Ad
  • Level 3:

    An expert who has achieved level 3 by getting 1000 points

    All-Star:

    An expert that got 10 achievements.

    MVP:

    An expert that got 5 achievements.

    Vice President:

    An expert whose answer got voted for 100 times.

  • Master
  • 787 Answers

Hi.
The default one is "21".

Posted on Jun 01, 2010

  • 2 more comments 
  • Tudor Valean
    Tudor Valean Jun 02, 2010

    Have you enabled UPnP?

  • oloap88 Jun 02, 2010

    thanks, i solved triggering as follow:

    trigger port: start 21 end 21 protocoll tcp/udp

    open port: start 1000 end 65000 protocoll tcp/udp



    so when i connect to port 21 on server it automatically open ports 1000 to 65000.



    this is a quite large rule, since is a big range of ports opened at a time, and it allows both tcp and udp.



    any idea on how to strict down this rule?

  • Tudor Valean
    Tudor Valean Jun 02, 2010

    Here's the thing. UPnP automatically opens up a port when a request is made on that specific port. After the transfer is complete and the port is not used any more, it is blocked again. Have you tried with this feature enabled?

  • Tudor Valean
    Tudor Valean Jun 04, 2010

    Then will you please rate my answer as "Very Helpful"?

×

Ad

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

Cafe manila is working well not until i changed my pldt plan to thier new promo PRO,my clients appear offline to my server


Check your connections, it should be like this: PLDT modem -> router -> computers. If you connect a computer to the PLDT modem, it won't be seen by other computers in your network. Make sure that all of your computers are connected to the router, and not to the modem. Your modem should also be connected to the router's WAN port and not on the LAN port.

Apr 02, 2014 | Cafe Manila Computers & Internet

1 Answer

I have a Buffalo WBMR-G54 ADSL Router. The local IP address of the router is 192.168.1.1. My Medion desktop computer connects connects to my Buffalo router using an Ethernet cable. I use the wireless...


> Zone Alarm free firewall and Avast antivirus have been installed on both computers

Your router is already acting as a "firewall" to block "unsolicited" traffic from reaching the computers on your LAN. So, unless you use Zone Alarm to block "outgoing" connections
(such as a computer-virus would try to make when "calling-home", there's little benefit
to using the Zone Alarm software.

> If I use Internet explorer to connect to http://myname.dyndns.org, Internet Explorer does connect successfully to the network. However, it invites me to enter the username and password for my Buffalo WBMR-G54 router - not for the storage drive.

While you are "forwarding" TCP port 21, you are not "forwarding" TCP port 80 (as used by the 'http://' protocol). So, when you connect from the Internet to your "public" IP-address, it is the router that responds, rather than one of your computers inside your LAN.

IMHO, it is "bad" that your router's web-interface is "exposed" to attacks from the Internet.
Either "forward" TCP port 80, or configure the router to use a _different_ port number for "remote management".

> If I enter the Router user name and password, that allows me to access the Router menus via the Internet, which confirms that my account at DynDns has translated the IP address successfully.

Correct. Hopefully, you're the only one who knows the correct username/password, and there is nobody that is doing "brute-force" attacks on your router, trying to login to "hijack" your router.

> if I use Internet Explorer or FileZilla to access ftp://myname.dyndns.org, I cannot connect to the router

Correct. The 'ftp://' protocol uses TCP port 21, which the router is "forwarding" to one of the computers on your LAN.

> or the storage drive - so I cannot access any of my files remotely.
> FileZilla reports -Status: Resolving address of bob1944.dyndns.org
> Status: Connecting to 78.144.xxx.xxx:21...
> Status: Connection established, waiting for welcome message

So far, so good.

Is FileZilla expecting a "specific" content in that "welcome" message, or will "any" response be "close-enough" ?

On a computer on the Internet, open a command-line prompt:

Click Start
Click Run
Type CMD
Press Enter
Enter FTP bob1944.dyndns.org
Press Enter
Do you get a "connecting" message?
Do you get a "connected" message?
Do you see the "welcome" message?

Note that the FTP protocol usually uses _two_ ports for File Transfer:

* port 21 for "control" (sending/receiving commands/responses)
* a "random" port for "data" transfers (including directory-listings)

It's this "random" port that your router is not forwarding.

However, some FTP-clients (probably including FileZilla) and some FTP-servers
support "passive" mode, where both the "control" and the "data" connections "share" port 21.

So, configure FileZilla to use "passive" mode, and _hope_ that your FTP-server supports "passive" mode.

Jan 06, 2011 | Buffalo Technology WHR-G54S Wireless...

1 Answer

While using checkpoint VPN-1 SecureClient to connect to Safe@Office 500 device in office mode, i can't connect to server at the office site. The office mode is on a different subnet than lan so my vpn...


In the rules, you will need to create a new rule that allows your VPN subnets access to you office LAN, and then on your office network gateway, add a route for your VPN subnet pointing back to your checkpoint firewall.

Nov 08, 2010 | Check Point Safe@Office 500 Router...

1 Answer

I have a windows 2003 SBS Standard Edition and IP Address: 192.168.1.5 also a Linksys WRV210 and the IP address 192.168.1.1 I have setup a preferred DNS on all clients to 192.168.1.5 The internet is not...


For that connect your router to directly to lan ports of your server.and install another ethernet lan card on server so that ports connect with switch.
Then configure your router as bridge connection then set dns as your server ip in all computers.Then you can get 100% fast internet.
Let me know if you need further assistance.
Thanks for using FixYa.

Dec 15, 2009 | Computers & Internet

2 Answers

Cannot view my client in handycafe


Check if the LAN cables are connected properly, make sure that client PC's have handycafe client installed and connected to the hub/switch with the server PC.

In some cases wherein the server has two LAN Cards installed, make sure to choose the LAN Card which is connected to the hub/switch where the client PC's are also connected during the initial start-up of the Handycafe software.

Note: Check if the hub/switch or router (whichever you're using) does not have a problem.

Nov 05, 2009 | Computers & Internet

1 Answer

NAT Router - Problem


No static on the client side, but it's a good thing to run the server static.

You could setup a VPN into the LAN where the client machine is connected.

Stacey
PC REPAIR
www.wvpcrepair.com

Oct 07, 2008 | D-Link Computers & Internet

2 Answers

Sonicwall Pro 300 DMZ Problem


If you're within a network and try connecting to computers on it with the WAN public IP, it simply won't work - you must use the network IP. On an external Internet connection, it should connect fine to the public IP. If you have access to an external machine (remote desktop), or if you know of an FTP proxy, you can try it that way. I also believe http://www.webftp.co.uk/ a web based FTP client would act as somewhat of a proxy, you could try that with the public IP and see how you go.

Aug 09, 2007 | SonicWALL PRO 300 Firewall

2 Answers

All Public IPs


In order to use your DFL-200 as a firewall, and not a router, you will need to put it into "transparent mode." This will allow you to use only public IP addresses and you will not be using NAT.

Jun 20, 2007 | D-Link NetDefend DFL-200 Firewall

1 Answer

Why won´t my FTP Client work with my D-Link router?


Make sure your FTP client software is set to passive. For security reasons the D-Link router does not deal with an active FTP client. An active FTP client can allow a hacker masquerading as an FTP server to gain access to your computer. Please contact your FTP client software manufacturer to determine how to configure the client for passive rather than active. Note: You will not be able to use an active connection through most NAT routers.

Feb 16, 2006 | D-Link Express EtherNetwork DI-604 Router

Not finding what you are looking for?
Computers & Internet Logo

Related Topics:

57 people viewed this question

Ask a Question

Usually answered in minutes!

Top Computers & Internet Experts

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

kakima

Level 3 Expert

102366 Answers

David Payne
David Payne

Level 3 Expert

14161 Answers

Are you a Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...