• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 430
  • Last Modified:

Run an FTP server behind a Netgear RT314

I tried using the Netgear redirect to route port 2121 to 192.168.0.2, the IP assigned by it to one of my PCs, to use that as
the port for ftp. I configured  several different ftp servers accordingly, but when I try to log on, using my static DSL IP and port 2121, with an ftp client on another PC I consistently get connection refused.  The last server I tried was GuildFTPd and its log shows 2121 active & listening. Any tips on what I need to do would be greatly appreciated. I've tried toggling between Active & Passive and that doesn't seem to make a difference. Thanks much...Dave
0
davedo
Asked:
davedo
  • 6
  • 6
1 Solution
 
dspliceCommented:
Davedo,

When using the RT314, you have to enable port fowarding on the router.  You can do this by either telneting to the interface, or using the web interface.  Its menu 15 in the commandline interface or you can browse to it in the web interface.  Once there, what you do is specify the ports that you want fowarded to you, the common ones are 80, 21, 23, Web, FTP and telnet, respectively.  Here you also have to specify which local server you want to point to, in your case, you would want to use port 2121 for the port and ip 192.168.0.2.  Now ftp requests made to the public of your DSL router should be routed to 192.168.0.2.  The other thing that you might want to do on your router is turn off telnet, ftp and web server to the wan, that will disallow anyone to access your router remotely, which is always a smart thing to do.

Dsplice
0
 
davedoAuthor Commented:
Hi dsplice, Thanks for the ideas, but as I tried to state in my original question, I already used the web interface to Netgear to set port forwarding. I verified via telnet that it was indeed set to pass port 2121 packets to IP 192.168.0.2, the Netgear assigned IP of the PC running the Guild server. Also, there are no filters in place, other than the Netgear defaults, so that shouldn't be the problem. I apologize if I didn't make myself understood...Dave
0
 
dspliceCommented:
Dave,

In your TCP/IP filter rule for FTP, do you have specified : Action Matched = Foward

Dsplice
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
dspliceCommented:
Dave,

In your TCP/IP filter rule for FTP, do you have specified : Action Matched = Foward

Dsplice
0
 
davedoAuthor Commented:
Dsplice, as I mentioned, the only filters installed are the Netgear defaults, which are for HTTP, Telnet and FTP (port 21). Since I have elected to use port 2121 for FTP it wouldn't seem to make any sense/difference to modify the filter in place for port 21, but I'll go ahead and try it. My understanding was that by setting the port forwarding option on Menu 15 (the telnet interface to maintenance) to direct port 2121 to IP 192.168.0.2 (the Netgear assigned IP of the PC running the server) that in itself enables and defines the forward option.
What am I missing here?...Dave
0
 
dspliceCommented:
Davedo,

If you want to use port 21, you will have to define a filterin rule.  The router will not automatically know that the traffic going to 192.168.0.2.  When you select a port to foward to, it does not dynamiclly create a filter rule.  YOu have to set the paramaters to foward the packets to the destination address.  Onmy RT314, I foward my ftp trafffic to a ip on my lan on port 8080, and I HAD to create the rule for it to work.  Create teh rule, or use the default rule. Netgear's website actually has a tutorial on how to run servers behind the firewall, and I think it might be in the manual.

Dsplice

0
 
davedoAuthor Commented:
Hi Dsplice,
No, I didn't want to use port 21, I had used menu 15 to port forward port 2121 to 192.168.0.2, so perhaps that choice of port numbers confused the issue. Let's assume for talking purposes that I used your port assignment of 8080 for ftp and configured both my ftp server on the 192.168.0.2 PC and an ftp client on another PC accordingly. I also did a Netgear menu 15 port forward of 8080 to 192.168.0.2. Oh, and I'm running at Netgear release 3.25, the latest for the RT314.

OK, since I'm not able to connect, and you are, I assume you're correct, so I also established a filter rule for port 8080, but
I would appreciate a critique of it as I'm not at all clear on some of the fields. First, I added it to the existing Filter Set #3, Tel_FTP_WEB_WAN, so it became Filter # 3,4. Here is what I entered:

Filter # 3,4
Filter Type TCP/IP Filter Rule
Active = Yes
IP Protocol = 6
IP Source Route = No
Destination:
IP Address = 192.168.0.2
IP Mask = 255.255.255.255
Port # = 8080
Port # Comp = Equal
Source:
IP Address = 0.0.0.0
IP Mask = 0.0.0.0
Port # = 8080
Port # Comp = Equal
TCP Estab. = N/A
More = No
Log = None
Action Matched = Forward
Action Not Matched = Check Next Rule

OK, having done all that, I still can't get anything but connection refused - I'm stumped...Dave
0
 
dspliceCommented:
Davdo,

You have the source and destination adress set to the same port...your destination address should be set to the port you are forwarding to and you do not need to specify the ip addr or the mask, all you need to do is specify the port number you want as your destination port....here is my configuration for my webserver:


 Filter #: 3,3
 Filter Type= TCP/IP Filter Rule
 Active= Yes
 IP Protocol= 6     IP Source Route= No
 Destination: IP Addr= 0.0.0.0
              IP Mask= 0.0.0.0
              Port #= 80
              Port # Comp= Equal
      Source: IP Addr= 0.0.0.0
              IP Mask= 0.0.0.0
              Port #=
              Port # Comp= None
 TCP Estab= No
 More= No           Log= None
 Action Matched= Forward
 Action Not Matched= Forward

If you follow this as a guide, it should work, unless there are other factors that I am aware of?  What isyour ISP and are they blocking the ports your trying to use?  Let me know if this works.

Doug

0
 
davedoAuthor Commented:
Hi Doug,

Well, I adjusted the filter as per your example (using 8080 as the port rather than the 80 shown above), but still no go.
I guess I'm giving it up as a lost cause - I appreciate all of your suggestions, but I'm sorry for burning up so much of your time.

I have DSL service from PacBell. Possibly things are getting stopped at their end, but I haven't heard anyone else mention that as a concern if high order ports are assigned for services such as ftp...Dave
0
 
dspliceCommented:
Davedo,

The only other thing I can offer is where are you trying to access the FTP site from, meaning which side of the firewall are you trying to get to it from?  If you are trying to access it from inside your firewall with the ext. ip, then it will never connect. Try using a network connection outside your fire wall in order to test it.
DOug
0
 
davedoAuthor Commented:
Hi Doug,

Mea Culpa - that was *exactly* the problem. I had been trying to connect via another PC attached to the same router, not knowing that this wouldn't work. I disconnected the line from the router and started a dial-up PPP connection and voila, I was able to connect to my ftp server. Sorry for all the confusion and thank you for your patience!...Dave
0
 
davedoAuthor Commented:
Dsplice went the distance on this one, which was complicated by my lack of understanding of my own firewall's role.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now