Solved

Run an FTP server behind a Netgear RT314

Posted on 2002-03-14
12
421 Views
Last Modified: 2013-12-14
I tried using the Netgear redirect to route port 2121 to 192.168.0.2, the IP assigned by it to one of my PCs, to use that as
the port for ftp. I configured  several different ftp servers accordingly, but when I try to log on, using my static DSL IP and port 2121, with an ftp client on another PC I consistently get connection refused.  The last server I tried was GuildFTPd and its log shows 2121 active & listening. Any tips on what I need to do would be greatly appreciated. I've tried toggling between Active & Passive and that doesn't seem to make a difference. Thanks much...Dave
0
Comment
Question by:davedo
  • 6
  • 6
12 Comments
 

Expert Comment

by:dsplice
ID: 6869160
Davedo,

When using the RT314, you have to enable port fowarding on the router.  You can do this by either telneting to the interface, or using the web interface.  Its menu 15 in the commandline interface or you can browse to it in the web interface.  Once there, what you do is specify the ports that you want fowarded to you, the common ones are 80, 21, 23, Web, FTP and telnet, respectively.  Here you also have to specify which local server you want to point to, in your case, you would want to use port 2121 for the port and ip 192.168.0.2.  Now ftp requests made to the public of your DSL router should be routed to 192.168.0.2.  The other thing that you might want to do on your router is turn off telnet, ftp and web server to the wan, that will disallow anyone to access your router remotely, which is always a smart thing to do.

Dsplice
0
 

Author Comment

by:davedo
ID: 6869881
Hi dsplice, Thanks for the ideas, but as I tried to state in my original question, I already used the web interface to Netgear to set port forwarding. I verified via telnet that it was indeed set to pass port 2121 packets to IP 192.168.0.2, the Netgear assigned IP of the PC running the Guild server. Also, there are no filters in place, other than the Netgear defaults, so that shouldn't be the problem. I apologize if I didn't make myself understood...Dave
0
 

Expert Comment

by:dsplice
ID: 6870082
Dave,

In your TCP/IP filter rule for FTP, do you have specified : Action Matched = Foward

Dsplice
0
 

Expert Comment

by:dsplice
ID: 6870378
Dave,

In your TCP/IP filter rule for FTP, do you have specified : Action Matched = Foward

Dsplice
0
 

Author Comment

by:davedo
ID: 6871915
Dsplice, as I mentioned, the only filters installed are the Netgear defaults, which are for HTTP, Telnet and FTP (port 21). Since I have elected to use port 2121 for FTP it wouldn't seem to make any sense/difference to modify the filter in place for port 21, but I'll go ahead and try it. My understanding was that by setting the port forwarding option on Menu 15 (the telnet interface to maintenance) to direct port 2121 to IP 192.168.0.2 (the Netgear assigned IP of the PC running the server) that in itself enables and defines the forward option.
What am I missing here?...Dave
0
 

Expert Comment

by:dsplice
ID: 6871977
Davedo,

If you want to use port 21, you will have to define a filterin rule.  The router will not automatically know that the traffic going to 192.168.0.2.  When you select a port to foward to, it does not dynamiclly create a filter rule.  YOu have to set the paramaters to foward the packets to the destination address.  Onmy RT314, I foward my ftp trafffic to a ip on my lan on port 8080, and I HAD to create the rule for it to work.  Create teh rule, or use the default rule. Netgear's website actually has a tutorial on how to run servers behind the firewall, and I think it might be in the manual.

Dsplice

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:davedo
ID: 6874393
Hi Dsplice,
No, I didn't want to use port 21, I had used menu 15 to port forward port 2121 to 192.168.0.2, so perhaps that choice of port numbers confused the issue. Let's assume for talking purposes that I used your port assignment of 8080 for ftp and configured both my ftp server on the 192.168.0.2 PC and an ftp client on another PC accordingly. I also did a Netgear menu 15 port forward of 8080 to 192.168.0.2. Oh, and I'm running at Netgear release 3.25, the latest for the RT314.

OK, since I'm not able to connect, and you are, I assume you're correct, so I also established a filter rule for port 8080, but
I would appreciate a critique of it as I'm not at all clear on some of the fields. First, I added it to the existing Filter Set #3, Tel_FTP_WEB_WAN, so it became Filter # 3,4. Here is what I entered:

Filter # 3,4
Filter Type TCP/IP Filter Rule
Active = Yes
IP Protocol = 6
IP Source Route = No
Destination:
IP Address = 192.168.0.2
IP Mask = 255.255.255.255
Port # = 8080
Port # Comp = Equal
Source:
IP Address = 0.0.0.0
IP Mask = 0.0.0.0
Port # = 8080
Port # Comp = Equal
TCP Estab. = N/A
More = No
Log = None
Action Matched = Forward
Action Not Matched = Check Next Rule

OK, having done all that, I still can't get anything but connection refused - I'm stumped...Dave
0
 

Expert Comment

by:dsplice
ID: 6874603
Davdo,

You have the source and destination adress set to the same port...your destination address should be set to the port you are forwarding to and you do not need to specify the ip addr or the mask, all you need to do is specify the port number you want as your destination port....here is my configuration for my webserver:


 Filter #: 3,3
 Filter Type= TCP/IP Filter Rule
 Active= Yes
 IP Protocol= 6     IP Source Route= No
 Destination: IP Addr= 0.0.0.0
              IP Mask= 0.0.0.0
              Port #= 80
              Port # Comp= Equal
      Source: IP Addr= 0.0.0.0
              IP Mask= 0.0.0.0
              Port #=
              Port # Comp= None
 TCP Estab= No
 More= No           Log= None
 Action Matched= Forward
 Action Not Matched= Forward

If you follow this as a guide, it should work, unless there are other factors that I am aware of?  What isyour ISP and are they blocking the ports your trying to use?  Let me know if this works.

Doug

0
 

Author Comment

by:davedo
ID: 6874836
Hi Doug,

Well, I adjusted the filter as per your example (using 8080 as the port rather than the 80 shown above), but still no go.
I guess I'm giving it up as a lost cause - I appreciate all of your suggestions, but I'm sorry for burning up so much of your time.

I have DSL service from PacBell. Possibly things are getting stopped at their end, but I haven't heard anyone else mention that as a concern if high order ports are assigned for services such as ftp...Dave
0
 

Accepted Solution

by:
dsplice earned 50 total points
ID: 6874848
Davedo,

The only other thing I can offer is where are you trying to access the FTP site from, meaning which side of the firewall are you trying to get to it from?  If you are trying to access it from inside your firewall with the ext. ip, then it will never connect. Try using a network connection outside your fire wall in order to test it.
DOug
0
 

Author Comment

by:davedo
ID: 6875094
Hi Doug,

Mea Culpa - that was *exactly* the problem. I had been trying to connect via another PC attached to the same router, not knowing that this wouldn't work. I disconnected the line from the router and started a dial-up PPP connection and voila, I was able to connect to my ftp server. Sorry for all the confusion and thank you for your patience!...Dave
0
 

Author Comment

by:davedo
ID: 6875101
Dsplice went the distance on this one, which was complicated by my lack of understanding of my own firewall's role.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now