davedo
asked on
Run an FTP server behind a Netgear RT314
I tried using the Netgear redirect to route port 2121 to 192.168.0.2, the IP assigned by it to one of my PCs, to use that as
the port for ftp. I configured several different ftp servers accordingly, but when I try to log on, using my static DSL IP and port 2121, with an ftp client on another PC I consistently get connection refused. The last server I tried was GuildFTPd and its log shows 2121 active & listening. Any tips on what I need to do would be greatly appreciated. I've tried toggling between Active & Passive and that doesn't seem to make a difference. Thanks much...Dave
the port for ftp. I configured several different ftp servers accordingly, but when I try to log on, using my static DSL IP and port 2121, with an ftp client on another PC I consistently get connection refused. The last server I tried was GuildFTPd and its log shows 2121 active & listening. Any tips on what I need to do would be greatly appreciated. I've tried toggling between Active & Passive and that doesn't seem to make a difference. Thanks much...Dave
ASKER
Hi dsplice, Thanks for the ideas, but as I tried to state in my original question, I already used the web interface to Netgear to set port forwarding. I verified via telnet that it was indeed set to pass port 2121 packets to IP 192.168.0.2, the Netgear assigned IP of the PC running the Guild server. Also, there are no filters in place, other than the Netgear defaults, so that shouldn't be the problem. I apologize if I didn't make myself understood...Dave
Dave,
In your TCP/IP filter rule for FTP, do you have specified : Action Matched = Foward
Dsplice
In your TCP/IP filter rule for FTP, do you have specified : Action Matched = Foward
Dsplice
Dave,
In your TCP/IP filter rule for FTP, do you have specified : Action Matched = Foward
Dsplice
In your TCP/IP filter rule for FTP, do you have specified : Action Matched = Foward
Dsplice
ASKER
Dsplice, as I mentioned, the only filters installed are the Netgear defaults, which are for HTTP, Telnet and FTP (port 21). Since I have elected to use port 2121 for FTP it wouldn't seem to make any sense/difference to modify the filter in place for port 21, but I'll go ahead and try it. My understanding was that by setting the port forwarding option on Menu 15 (the telnet interface to maintenance) to direct port 2121 to IP 192.168.0.2 (the Netgear assigned IP of the PC running the server) that in itself enables and defines the forward option.
What am I missing here?...Dave
What am I missing here?...Dave
Davedo,
If you want to use port 21, you will have to define a filterin rule. The router will not automatically know that the traffic going to 192.168.0.2. When you select a port to foward to, it does not dynamiclly create a filter rule. YOu have to set the paramaters to foward the packets to the destination address. Onmy RT314, I foward my ftp trafffic to a ip on my lan on port 8080, and I HAD to create the rule for it to work. Create teh rule, or use the default rule. Netgear's website actually has a tutorial on how to run servers behind the firewall, and I think it might be in the manual.
Dsplice
If you want to use port 21, you will have to define a filterin rule. The router will not automatically know that the traffic going to 192.168.0.2. When you select a port to foward to, it does not dynamiclly create a filter rule. YOu have to set the paramaters to foward the packets to the destination address. Onmy RT314, I foward my ftp trafffic to a ip on my lan on port 8080, and I HAD to create the rule for it to work. Create teh rule, or use the default rule. Netgear's website actually has a tutorial on how to run servers behind the firewall, and I think it might be in the manual.
Dsplice
ASKER
Hi Dsplice,
No, I didn't want to use port 21, I had used menu 15 to port forward port 2121 to 192.168.0.2, so perhaps that choice of port numbers confused the issue. Let's assume for talking purposes that I used your port assignment of 8080 for ftp and configured both my ftp server on the 192.168.0.2 PC and an ftp client on another PC accordingly. I also did a Netgear menu 15 port forward of 8080 to 192.168.0.2. Oh, and I'm running at Netgear release 3.25, the latest for the RT314.
OK, since I'm not able to connect, and you are, I assume you're correct, so I also established a filter rule for port 8080, but
I would appreciate a critique of it as I'm not at all clear on some of the fields. First, I added it to the existing Filter Set #3, Tel_FTP_WEB_WAN, so it became Filter # 3,4. Here is what I entered:
Filter # 3,4
Filter Type TCP/IP Filter Rule
Active = Yes
IP Protocol = 6
IP Source Route = No
Destination:
IP Address = 192.168.0.2
IP Mask = 255.255.255.255
Port # = 8080
Port # Comp = Equal
Source:
IP Address = 0.0.0.0
IP Mask = 0.0.0.0
Port # = 8080
Port # Comp = Equal
TCP Estab. = N/A
More = No
Log = None
Action Matched = Forward
Action Not Matched = Check Next Rule
OK, having done all that, I still can't get anything but connection refused - I'm stumped...Dave
No, I didn't want to use port 21, I had used menu 15 to port forward port 2121 to 192.168.0.2, so perhaps that choice of port numbers confused the issue. Let's assume for talking purposes that I used your port assignment of 8080 for ftp and configured both my ftp server on the 192.168.0.2 PC and an ftp client on another PC accordingly. I also did a Netgear menu 15 port forward of 8080 to 192.168.0.2. Oh, and I'm running at Netgear release 3.25, the latest for the RT314.
OK, since I'm not able to connect, and you are, I assume you're correct, so I also established a filter rule for port 8080, but
I would appreciate a critique of it as I'm not at all clear on some of the fields. First, I added it to the existing Filter Set #3, Tel_FTP_WEB_WAN, so it became Filter # 3,4. Here is what I entered:
Filter # 3,4
Filter Type TCP/IP Filter Rule
Active = Yes
IP Protocol = 6
IP Source Route = No
Destination:
IP Address = 192.168.0.2
IP Mask = 255.255.255.255
Port # = 8080
Port # Comp = Equal
Source:
IP Address = 0.0.0.0
IP Mask = 0.0.0.0
Port # = 8080
Port # Comp = Equal
TCP Estab. = N/A
More = No
Log = None
Action Matched = Forward
Action Not Matched = Check Next Rule
OK, having done all that, I still can't get anything but connection refused - I'm stumped...Dave
Davdo,
You have the source and destination adress set to the same port...your destination address should be set to the port you are forwarding to and you do not need to specify the ip addr or the mask, all you need to do is specify the port number you want as your destination port....here is my configuration for my webserver:
Filter #: 3,3
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 80
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Forward
Action Not Matched= Forward
If you follow this as a guide, it should work, unless there are other factors that I am aware of? What isyour ISP and are they blocking the ports your trying to use? Let me know if this works.
Doug
You have the source and destination adress set to the same port...your destination address should be set to the port you are forwarding to and you do not need to specify the ip addr or the mask, all you need to do is specify the port number you want as your destination port....here is my configuration for my webserver:
Filter #: 3,3
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 80
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Forward
Action Not Matched= Forward
If you follow this as a guide, it should work, unless there are other factors that I am aware of? What isyour ISP and are they blocking the ports your trying to use? Let me know if this works.
Doug
ASKER
Hi Doug,
Well, I adjusted the filter as per your example (using 8080 as the port rather than the 80 shown above), but still no go.
I guess I'm giving it up as a lost cause - I appreciate all of your suggestions, but I'm sorry for burning up so much of your time.
I have DSL service from PacBell. Possibly things are getting stopped at their end, but I haven't heard anyone else mention that as a concern if high order ports are assigned for services such as ftp...Dave
Well, I adjusted the filter as per your example (using 8080 as the port rather than the 80 shown above), but still no go.
I guess I'm giving it up as a lost cause - I appreciate all of your suggestions, but I'm sorry for burning up so much of your time.
I have DSL service from PacBell. Possibly things are getting stopped at their end, but I haven't heard anyone else mention that as a concern if high order ports are assigned for services such as ftp...Dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Doug,
Mea Culpa - that was *exactly* the problem. I had been trying to connect via another PC attached to the same router, not knowing that this wouldn't work. I disconnected the line from the router and started a dial-up PPP connection and voila, I was able to connect to my ftp server. Sorry for all the confusion and thank you for your patience!...Dave
Mea Culpa - that was *exactly* the problem. I had been trying to connect via another PC attached to the same router, not knowing that this wouldn't work. I disconnected the line from the router and started a dial-up PPP connection and voila, I was able to connect to my ftp server. Sorry for all the confusion and thank you for your patience!...Dave
ASKER
Dsplice went the distance on this one, which was complicated by my lack of understanding of my own firewall's role.
When using the RT314, you have to enable port fowarding on the router. You can do this by either telneting to the interface, or using the web interface. Its menu 15 in the commandline interface or you can browse to it in the web interface. Once there, what you do is specify the ports that you want fowarded to you, the common ones are 80, 21, 23, Web, FTP and telnet, respectively. Here you also have to specify which local server you want to point to, in your case, you would want to use port 2121 for the port and ip 192.168.0.2. Now ftp requests made to the public of your DSL router should be routed to 192.168.0.2. The other thing that you might want to do on your router is turn off telnet, ftp and web server to the wan, that will disallow anyone to access your router remotely, which is always a smart thing to do.
Dsplice