Solved

FTP port forwarding to OS 9.2

Posted on 2004-04-16
30
1,336 Views
Last Modified: 2013-11-13

The main server machine is an OS 9.2 box.  I have enabled FTP access, setup a user, and everything works flawlessly on the servers network (192.168.1.x).  Now, what I need to do, is allow access to this FTP server from the root network (192.168.0.x).

I setup port forwarding for port 21 to go to the server IP address (192.168.1.x).

Now, I should be able to connect to the server by using the routers IP address from the root network (192.168.0.x).  But I can't.  I get nothing.  I am able to ping the machine, but I cannot get an FTP through.

The strange thing is, as a test, I setup an FTP server on a Windows XP machine on the SAME network as the Mac OS 9.2 server.

If I port forward to the IP address of the Windows XP machine, everything works perfectly.


Is it possible that the Mac OS 9.2 server has some sort of built in firewall rules that I am unable to find?  I have searched through online help, apple, and google, and cannot find anything.


Please help.
0
Comment
Question by:mmcinally
  • 14
  • 14
  • 2
30 Comments
 
LVL 30

Expert Comment

by:weed
ID: 10846165
OS 9 does not have any built in firewall. What program are you using as an ftp server and client? Are you using passive FTP? Are you sure port 21 is the one the FTP server is using?
0
 

Author Comment

by:mmcinally
ID: 10846212

1.  The FTP Server on the OS 9.2 machine is the built-in FTP server.

2.  The FTP Server on the Windows XP machine is FileZilla (open-source from sourceforge.net)

3.  The FTP Client I am using to connect is Cute FTP Professional 6.0, and I have also tried using the built-in ftp client available from the command line in Windows XP.

4.  I have tried both passive and port connection types.


As for the last point, I mentioned that I can connect to the Mac OS 9.2 server on the INTERNAL network (192.168.1.x).  I am unable to connect to the Mac OS 9.2 server from the EXTERNAL/root network.  So, yes the FTP server is on port 21, on both machines.

Another thing that I noticed is that the Mac OS 9.2 server is using a static IP address, and the Windows XP machine is using a dynamic (DHCP) IP address.  However, I also setup the Windows XP machine to try a static IP address, and there was no effect, the client can still connect.



0
 
LVL 30

Expert Comment

by:weed
ID: 10846497
There is no built in FTP server in OS 9.2. You have to be using extra software to have an FTP server in 9.2.
0
 

Author Comment

by:mmcinally
ID: 10846525


There is a built-in server in this installation of OS 9.2.  I'm not a Mac person, so I don't know why, but you must go into the administration area, and then into File Sharing.  There is a tab located there "FTP" in which you may turn on FTP server.  It uses the same user permissions as general file sharing.

0
 
LVL 30

Expert Comment

by:weed
ID: 10846543
That's not part of the original OS install. OS 9 has never come with a built in FTP server so you need to find out for us, what is installed, what version of the FTP server software is installed, etc.
0
 

Author Comment

by:mmcinally
ID: 10846558


I believe then that it would be Appleshare installed?  Is that what would include FTP services?

Is there a built-in firewall included in Appleshare?
0
 
LVL 30

Expert Comment

by:weed
ID: 10846604
Ahhh you mean Appleshare IP?

If so, open ports 20 AND 21.
0
 

Author Comment

by:mmcinally
ID: 10846653


I'll give it a try when I am at that office.  It should be Monday afternoon.

I had narrowed it down that there had to be a firewall on that server.  I'm glad I was right.

0
 
LVL 30

Expert Comment

by:weed
ID: 10846855
No, there isn't really a firewall on the server. You're opening or forwarding those ports to the server. That's done on the router.
0
 

Author Comment

by:mmcinally
ID: 10847481


But I already did open the ports on the router.  The port routing does not seem to be the problem.

I believe that Appleshare IP has a software firewall.  Documentation on the apple support site mentions a problem bundled with Appleshare called "DoorStop".  I highly suspect that this program is blocking the incoming FTP port 21 request from any network address other than 192.168.1.x.
0
 
LVL 30

Expert Comment

by:weed
ID: 10847497
You opened 21. You should open 20 as well.
0
 

Author Comment

by:mmcinally
ID: 10889450
I have tried finding the required firewall options in AppleShare IP, and DID find them.  However, they are not turned on.  Therefore, I am back at square one.  I have no idea why this Mac Server OS 9.1 (not 9.2, like I originally thought) will not allow FTP connections from the 192.168.0.x network.  It still allows connections through with 192.168.1.x network addresses.

My temporary solution was to setup a spare PC with an FTP server program and everything is working.  However, I would very much like to have the Mac server hosting FTP.

Does anybody have any other ideas?

P.S.  I have ports 20 and 21 forwarding.

0
 
LVL 30

Expert Comment

by:weed
ID: 10890068
No, not the firewall on the server. There should be a ROUTER somewhere that isnt forwarding 20 and 21. Perhaps 2 of them.
0
 

Author Comment

by:mmcinally
ID: 10890230

There is only one router between 192.168.0.x and 192.168.1.x.  People on the 192.168.0.x network need to be connected to the router between themselves and the 192.168.1.x network.  The mac server is located on the 192.168.1.x network.

NOTE: This is working on a PC server that is located on the same router as the Mac server.  The Mac server just denies the connection when coming from 192.168.0.x.

0
 
LVL 30

Expert Comment

by:weed
ID: 10890328
The mac server is probably denying it because port 20 isnt open on one of the routers, while the PC server only uses 21 which IS open.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:mmcinally
ID: 10899564


As I already mentioned, port 20 is open on the router between the networks.  It is forwarding to the correct address on 192.168.1.x.

Basically, this is what has been done:

port     IP
20       192.168.1.255
21       192.168.1.255

If the Mac server is located at the IP address above, the FTP server does not work.

If the PC server (or my laptop, where I had a test server) is located at the IP address above, the FTP server works.

The router is located at say 192.168.0.1.

Connecting directly to the internal IP address on the 1 network works for the PC and Mac servers.

Connecting through the router located at 192.168.0.1 works on the PC servers, but not on the Mac.

0
 
LVL 30

Expert Comment

by:weed
ID: 10905065
Why are the routers IP and the IP of the FTP server on different networks? If the router is 192.168.0.1, the ftp server behind it should be 192.168.0.255.
0
 

Author Comment

by:mmcinally
ID: 10905124


No, the FTP server and the people that want to access the FTP server are on DIFFERENT networks.

I have been quite explicit with that explanation all along.

How about I try this:

The routers IP address on the internal network is: 192.168.1.1.

The routers IP address on the external network is: 192.168.0.255.

The router exists on both networks.

In other words, the FTP is located on a sub-network of the main network.

The network is setup like this to prevent unauthorized access between networks.

All ports are blocked *except* for ports 20 and 21.

Everything is working fine on a PC based server running an FTP server.

When I attempt to switch the FTP server access to another machine located on the interal machine on the 1 network, it will not work.


0
 
LVL 30

Expert Comment

by:weed
ID: 10905165
I don't get the feeling the FTP server that comes with AppleShare IP is going to let you use it across subnets. Any other FTP software probably would. OS X, or the older FTP serving apps for OS 9 would be a better bet.
0
 

Author Comment

by:mmcinally
ID: 10905198


It seems to me that there has to be some sort of blocking software present that I am unable to find.

Why (and how?) would the AppleShare IP software be able to distinguish a request from another network?

It would only interpret the request as coming from the 192.168.1.1 IP address, would it not?

I am beginning to dislike the available options on Mac Servers.  There seems to be a great deal that either cannot be done, or is very near to impossible.



0
 
LVL 30

Expert Comment

by:weed
ID: 10905251
Has nothing to do with Mac Servers. It has everything to do with an ancient OS, discontinued server software that is just as ancient and was never intended to be able to support a large network. Using OS X it wouldnt be a problem, or any other FTP software for that matter.
0
 

Author Comment

by:mmcinally
ID: 10905262


So are you saying that you believe a port forwarding router setup with direct connection to the internet would not be able to forward to a Mac OS 9.x or earlier server?

Somehow I just can't believe that.  That would make the FTP server capabilities of Mac OS 9.x virtually useless.

0
 
LVL 30

Assisted Solution

by:weed
weed earned 250 total points
ID: 10905279
No, im saying AppleShare IP was always a bit shaky when subnets were involved.

Again, OS 9 has *NO* built in FTP server capabilities. You are using additional server software called AppleShare IP and it was by no means a robust FTP server. Its primary purpose was to server as a small network filesharing server. Not an intranetwork FTP server.

It's time to update to something released within the last 5 years. Like OS X which is BSD with a pretty face. Can't do any better than that.
0
 
LVL 2

Accepted Solution

by:
michael_george earned 250 total points
ID: 10905365
My 2 cents worth. Confirm that the gateway address on your Appleshare IP Mac is indeed set to the router address (192.168.1.1) that your request is being forwarded from. Also, you only need port 21 forwarded. I have clients who have been using an Appleshare IP server for 5 years with only port 21 open on the router. The FTP clients just have to remember to change their passive (PASV) mode.

If you suspect that Doorstop is running then check in the Preferences folder for the DoorStop logfile. Check its modification date to see if it has been modified recently. This should tell you if Doorstop is active. The logfile can be read by any spreadsheet and assuming that Doorstop is running, should let you know if the machine is being accessed
0
 

Author Comment

by:mmcinally
ID: 10907112

It is possible that the gateway address is not set.  The machine has been set as a static IP address.  It is the only Mac on the network that has a static IP.

I wonder if whoever set the server up did not give it the correct gateway.

I will need to check that.

I did check Doorstop, and it is NOT running.  That was my original suspect, but I managed to find the Doorstop configuration.

0
 

Author Comment

by:mmcinally
ID: 10930046


I have given up on this server.

I attempted to update the gateway address, and the machine crashed.

The crash caused fatal corruption in the network settings of the machine.

It was not accessable to the network for a few hours while I attempted to rebuild the network settings.

I believe this machine is cursed.

0
 
LVL 30

Expert Comment

by:weed
ID: 10930101
Get OS X on it. Makes life easy.
0
 
LVL 2

Expert Comment

by:michael_george
ID: 10930525
Sorry that happened. I had that happen once - when I forgot to shutdown the AppleShare server software before updating the TCP/IP Control Panel settings. Locked up solid. Did a restart with shift key, threw out TCP preferences and restarted. Once rebooted, I then shut down the server software, recreated the TCP/IP Control Panel settings and restarted.

Cursed - not likely - just a source for a lot of cursing.
0
 

Author Comment

by:mmcinally
ID: 10931433


We have a planned upgrade to a new OSX server, but that will not take place for another 6-9 months.

Until then, I must deal with this damned OS 9.1 server.


The problem I had was that, trying to update TCP/IP without shutting down Appleshare.  And I thought Windows machines were flaky.

Has anybody ever lost a server by trying to change a gateway with a Windows machine?  I know I never have.
0
 
LVL 30

Expert Comment

by:weed
ID: 10934238
Never. Sounds like this machine is just on shaky ground anyway though. Probably hasnt had any maintenance done on it in a long time. Says alot that it's still running ASIP.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

SUMMARY Enterprise backup in a heterogeneous network is a subject full of complications and restrictions. Issues such as filename & path structure, attributes and extended metadata always tend to complicate the subject to the extent where either …
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now