• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1348
  • Last Modified:

FTP port forwarding to OS 9.2


The main server machine is an OS 9.2 box.  I have enabled FTP access, setup a user, and everything works flawlessly on the servers network (192.168.1.x).  Now, what I need to do, is allow access to this FTP server from the root network (192.168.0.x).

I setup port forwarding for port 21 to go to the server IP address (192.168.1.x).

Now, I should be able to connect to the server by using the routers IP address from the root network (192.168.0.x).  But I can't.  I get nothing.  I am able to ping the machine, but I cannot get an FTP through.

The strange thing is, as a test, I setup an FTP server on a Windows XP machine on the SAME network as the Mac OS 9.2 server.

If I port forward to the IP address of the Windows XP machine, everything works perfectly.


Is it possible that the Mac OS 9.2 server has some sort of built in firewall rules that I am unable to find?  I have searched through online help, apple, and google, and cannot find anything.


Please help.
0
mmcinally
Asked:
mmcinally
  • 14
  • 14
  • 2
2 Solutions
 
weedCommented:
OS 9 does not have any built in firewall. What program are you using as an ftp server and client? Are you using passive FTP? Are you sure port 21 is the one the FTP server is using?
0
 
mmcinallyAuthor Commented:

1.  The FTP Server on the OS 9.2 machine is the built-in FTP server.

2.  The FTP Server on the Windows XP machine is FileZilla (open-source from sourceforge.net)

3.  The FTP Client I am using to connect is Cute FTP Professional 6.0, and I have also tried using the built-in ftp client available from the command line in Windows XP.

4.  I have tried both passive and port connection types.


As for the last point, I mentioned that I can connect to the Mac OS 9.2 server on the INTERNAL network (192.168.1.x).  I am unable to connect to the Mac OS 9.2 server from the EXTERNAL/root network.  So, yes the FTP server is on port 21, on both machines.

Another thing that I noticed is that the Mac OS 9.2 server is using a static IP address, and the Windows XP machine is using a dynamic (DHCP) IP address.  However, I also setup the Windows XP machine to try a static IP address, and there was no effect, the client can still connect.



0
 
weedCommented:
There is no built in FTP server in OS 9.2. You have to be using extra software to have an FTP server in 9.2.
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
mmcinallyAuthor Commented:


There is a built-in server in this installation of OS 9.2.  I'm not a Mac person, so I don't know why, but you must go into the administration area, and then into File Sharing.  There is a tab located there "FTP" in which you may turn on FTP server.  It uses the same user permissions as general file sharing.

0
 
weedCommented:
That's not part of the original OS install. OS 9 has never come with a built in FTP server so you need to find out for us, what is installed, what version of the FTP server software is installed, etc.
0
 
mmcinallyAuthor Commented:


I believe then that it would be Appleshare installed?  Is that what would include FTP services?

Is there a built-in firewall included in Appleshare?
0
 
weedCommented:
Ahhh you mean Appleshare IP?

If so, open ports 20 AND 21.
0
 
mmcinallyAuthor Commented:


I'll give it a try when I am at that office.  It should be Monday afternoon.

I had narrowed it down that there had to be a firewall on that server.  I'm glad I was right.

0
 
weedCommented:
No, there isn't really a firewall on the server. You're opening or forwarding those ports to the server. That's done on the router.
0
 
mmcinallyAuthor Commented:


But I already did open the ports on the router.  The port routing does not seem to be the problem.

I believe that Appleshare IP has a software firewall.  Documentation on the apple support site mentions a problem bundled with Appleshare called "DoorStop".  I highly suspect that this program is blocking the incoming FTP port 21 request from any network address other than 192.168.1.x.
0
 
weedCommented:
You opened 21. You should open 20 as well.
0
 
mmcinallyAuthor Commented:
I have tried finding the required firewall options in AppleShare IP, and DID find them.  However, they are not turned on.  Therefore, I am back at square one.  I have no idea why this Mac Server OS 9.1 (not 9.2, like I originally thought) will not allow FTP connections from the 192.168.0.x network.  It still allows connections through with 192.168.1.x network addresses.

My temporary solution was to setup a spare PC with an FTP server program and everything is working.  However, I would very much like to have the Mac server hosting FTP.

Does anybody have any other ideas?

P.S.  I have ports 20 and 21 forwarding.

0
 
weedCommented:
No, not the firewall on the server. There should be a ROUTER somewhere that isnt forwarding 20 and 21. Perhaps 2 of them.
0
 
mmcinallyAuthor Commented:

There is only one router between 192.168.0.x and 192.168.1.x.  People on the 192.168.0.x network need to be connected to the router between themselves and the 192.168.1.x network.  The mac server is located on the 192.168.1.x network.

NOTE: This is working on a PC server that is located on the same router as the Mac server.  The Mac server just denies the connection when coming from 192.168.0.x.

0
 
weedCommented:
The mac server is probably denying it because port 20 isnt open on one of the routers, while the PC server only uses 21 which IS open.
0
 
mmcinallyAuthor Commented:


As I already mentioned, port 20 is open on the router between the networks.  It is forwarding to the correct address on 192.168.1.x.

Basically, this is what has been done:

port     IP
20       192.168.1.255
21       192.168.1.255

If the Mac server is located at the IP address above, the FTP server does not work.

If the PC server (or my laptop, where I had a test server) is located at the IP address above, the FTP server works.

The router is located at say 192.168.0.1.

Connecting directly to the internal IP address on the 1 network works for the PC and Mac servers.

Connecting through the router located at 192.168.0.1 works on the PC servers, but not on the Mac.

0
 
weedCommented:
Why are the routers IP and the IP of the FTP server on different networks? If the router is 192.168.0.1, the ftp server behind it should be 192.168.0.255.
0
 
mmcinallyAuthor Commented:


No, the FTP server and the people that want to access the FTP server are on DIFFERENT networks.

I have been quite explicit with that explanation all along.

How about I try this:

The routers IP address on the internal network is: 192.168.1.1.

The routers IP address on the external network is: 192.168.0.255.

The router exists on both networks.

In other words, the FTP is located on a sub-network of the main network.

The network is setup like this to prevent unauthorized access between networks.

All ports are blocked *except* for ports 20 and 21.

Everything is working fine on a PC based server running an FTP server.

When I attempt to switch the FTP server access to another machine located on the interal machine on the 1 network, it will not work.


0
 
weedCommented:
I don't get the feeling the FTP server that comes with AppleShare IP is going to let you use it across subnets. Any other FTP software probably would. OS X, or the older FTP serving apps for OS 9 would be a better bet.
0
 
mmcinallyAuthor Commented:


It seems to me that there has to be some sort of blocking software present that I am unable to find.

Why (and how?) would the AppleShare IP software be able to distinguish a request from another network?

It would only interpret the request as coming from the 192.168.1.1 IP address, would it not?

I am beginning to dislike the available options on Mac Servers.  There seems to be a great deal that either cannot be done, or is very near to impossible.



0
 
weedCommented:
Has nothing to do with Mac Servers. It has everything to do with an ancient OS, discontinued server software that is just as ancient and was never intended to be able to support a large network. Using OS X it wouldnt be a problem, or any other FTP software for that matter.
0
 
mmcinallyAuthor Commented:


So are you saying that you believe a port forwarding router setup with direct connection to the internet would not be able to forward to a Mac OS 9.x or earlier server?

Somehow I just can't believe that.  That would make the FTP server capabilities of Mac OS 9.x virtually useless.

0
 
weedCommented:
No, im saying AppleShare IP was always a bit shaky when subnets were involved.

Again, OS 9 has *NO* built in FTP server capabilities. You are using additional server software called AppleShare IP and it was by no means a robust FTP server. Its primary purpose was to server as a small network filesharing server. Not an intranetwork FTP server.

It's time to update to something released within the last 5 years. Like OS X which is BSD with a pretty face. Can't do any better than that.
0
 
michael_georgeCommented:
My 2 cents worth. Confirm that the gateway address on your Appleshare IP Mac is indeed set to the router address (192.168.1.1) that your request is being forwarded from. Also, you only need port 21 forwarded. I have clients who have been using an Appleshare IP server for 5 years with only port 21 open on the router. The FTP clients just have to remember to change their passive (PASV) mode.

If you suspect that Doorstop is running then check in the Preferences folder for the DoorStop logfile. Check its modification date to see if it has been modified recently. This should tell you if Doorstop is active. The logfile can be read by any spreadsheet and assuming that Doorstop is running, should let you know if the machine is being accessed
0
 
mmcinallyAuthor Commented:

It is possible that the gateway address is not set.  The machine has been set as a static IP address.  It is the only Mac on the network that has a static IP.

I wonder if whoever set the server up did not give it the correct gateway.

I will need to check that.

I did check Doorstop, and it is NOT running.  That was my original suspect, but I managed to find the Doorstop configuration.

0
 
mmcinallyAuthor Commented:


I have given up on this server.

I attempted to update the gateway address, and the machine crashed.

The crash caused fatal corruption in the network settings of the machine.

It was not accessable to the network for a few hours while I attempted to rebuild the network settings.

I believe this machine is cursed.

0
 
weedCommented:
Get OS X on it. Makes life easy.
0
 
michael_georgeCommented:
Sorry that happened. I had that happen once - when I forgot to shutdown the AppleShare server software before updating the TCP/IP Control Panel settings. Locked up solid. Did a restart with shift key, threw out TCP preferences and restarted. Once rebooted, I then shut down the server software, recreated the TCP/IP Control Panel settings and restarted.

Cursed - not likely - just a source for a lot of cursing.
0
 
mmcinallyAuthor Commented:


We have a planned upgrade to a new OSX server, but that will not take place for another 6-9 months.

Until then, I must deal with this damned OS 9.1 server.


The problem I had was that, trying to update TCP/IP without shutting down Appleshare.  And I thought Windows machines were flaky.

Has anybody ever lost a server by trying to change a gateway with a Windows machine?  I know I never have.
0
 
weedCommented:
Never. Sounds like this machine is just on shaky ground anyway though. Probably hasnt had any maintenance done on it in a long time. Says alot that it's still running ASIP.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 14
  • 14
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now