Need to allow access to FTP to users. Using server as router and firewall. Windows server 2003 Enterprise.

The internet connection is a level 2 with a static ip address from road runner.  We do a lot of ftp transfers throughout the day.  Right now I have subdirectory ftp sites on our host provider.  I would like to setup my own FTP site real soon. I have a heavy workload with sublimation printers throughout the day. What size router should I purchase for the business.  The company I'm employed for has about 35 users and they're expanding by the day.  I believe we're getting about 5 to 6 new employees this is why I'm afraid to use this small business office connect router.  I used it in my old building by was getting drops constantly throughout the day.  I figured I would setup the server as the router and firewall for a day or two till I get moved in and situated since I have other means of getting companies the information.  I basically don't want any drops throughout the day like the last few weeks in the old building.  I don't know if it was because we had the basic business account from road runner that only is meant for 10 users.  And the router kept locking up.  Not sure if it was the router looking for dhcp from provider or just the router was going.  Since I purchased the server last week and had to configure sat night before spending all of sunday night laying cable that was soposed to be done by another company and wasn't finished.  I didn't have time to figure this out.  What kind of router would you suggest for this business.  I have done some configuring of cisco routers in college but haven't in a real world situation like this.  I want something that is going to be stable and allow me to setup ftp to allow our users to connect to an outside ftp to our web-host.  I don't want to spend more then $700.  Eventually in a week or so setup in house ftp.  I probably should make sure I reinstall routing and remote access and make sure the basic firewall is turned off when I get the router?  Still don't understand why the users can't access ftp from web host when basic firewall on server is turned off....(this really erks me).... Should I reinstall NAT, after router purchase, and if so should I make both nics private network?  And put NAT on one of them?  Also what is the dhcp allocator in NAT.  Does this work with DHCP, or is it something built into NAT, what one should I use if this is the case.  My mind has severely been overloaded since this move and the growing of the business.   Any help would be appreciated since this is my first real deployment and IT job since I have been out of college.  I may have went a little overboard with typing this.  Sorry for that.   I do appreciate the help.

It's also a cat 6 network.  I should mention I would rather have a snmp over command line for the router.  thanks for the help

I noticed that you mentioned cat6 before -- why? AFAIK, cat6 is just a wiring specification. The kind of cables you're using shouldn't have any bearing on the question -- but maybe I'm missing something?

Don't have much experience myself with SNMP, but most network devices seem to support it to one extent or another. You sure you didn't mean a web-based administrative interface?

Basically use Pasive mode, this will allow outgoing transfers.

I was doing some research for routers.  Being that it's a gigabyte ethernet do I need a gigabyte router?>  I have two dell unmanaged gigabyte switches.

What is your inet bandwidth?
I think you don't need to route 1 Gbps

It isn't near 1 gbps.  I think I understand where you are getting at with a gigabyte router.

I try to access through just a web browser on a client pc and it doesn't allow for ftp.  Would that be different then changing the settings on the ipswitch program used for ftp?

Still can't access outside ftp even with explorer changes.

Finding Host stadriemblemscom.nationprotect.net ...
[2007.08.01 21:22:26.593] Connecting to 204.174.223.205:21
[2007.08.01 21:22:26.593] Connected to 204.174.223.205:21 in 0.000000 seconds, Waiting for Server Response
[2007.08.01 21:22:26.765] 220 ProFTPD 1.3.0 Server ready.
[2007.08.01 21:22:26.765] Host type (1): Automatic detect
[2007.08.01 21:22:26.765] USER stadriemblems
[2007.08.01 21:22:26.765] Error reading response from server.

do a test using smartftp... download from www.smartftp.com

"Still can't access outside ftp even with explorer changes.

Finding Host x.y.z ...
[2007.08.01 21:22:26.593] Connecting to [host-ip]:21"

Where are you getting these log messages? Not from Internet Explorer?

I tried to access ftp through command prompt (i put my username in then), it gives me the error connection closed by remote host.  I also added an ip address of a pc here on the network to allow ftp server access, still no connect from command prompt.(client pc)      I can connect through the server though.  I can't connect through the netnation web based ftp neither(on clients).  Is there something on the General tab on routing and remote access that needs to be configured.    Those error messages were from the smart ftp log.  This is pretty depressing.  thanks for the help.    

Please check event log and look for NAT/Basic Firewall events. Post here if any.

The DHCP allocator has detected a DHCP server with IP address 10.94.64.1 on the same network as the interface with IP address 169.254.25.33. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.

The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.

The DHCP allocator has detected a DHCP server with IP address 10.94.64.1 on the same network as the interface with IP address 169.254.25.33. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.

The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.

The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

These are the error codes i found.


When i configure the FTP Server under services and ports. incoming port should be 21 and outgoing port should be 20?  Using the private ip address of the client pc or on Nic2 of server?

SmartFTP's behavior doesn't have anything to do with the FTP settings in Internet Explorer; that's why I was confused by the post that started with "can't access outside ftp even with explorer changes" and then included log messages from SmartFTP.

When you ran SmartFTP and got as far as entering your username, what computer were you using? The server, or one of the clients?

Also, you haven't yet described how your network is connected to the Internet. There's got to be some network device that the DSL line is plugged into. Is that device able to do NAT and/or routing? If so, could it be causing some trouble here?

as you are connecting to ftp server on internet, you need outgoing access on port 21, do not open access to incoming ports yet, until you see that firewall is blocking them...

You have a NAT problem there, are there any other messages related to NAT?

The server is used as the router and also NAT.

"The server is used as the router and also NAT."

I said "DSL" above but then remembered that you said "road runner" earlier; sorry. Where is the cable connected? Does it connect to a cable modem, which then plugs directly into the Windows server? Does this cable "modem" also do some routing/NAT or does it just bridge the cable signal to Ethernet?

I think you will save yourself a lot of headache and heartache if you go to the nearest office-supply or electronics retailer, drop $50-$150 on a decent-brand-name broadband router with a firewall, install it in your network, turn off routing and NAT on the Windows server, disable one of its network interfaces and assign the other one a static private IP, and reconfigure it and your clients to use the broadband router as their default gateway.

Then if you want to get fancy with a $700 Cisco router later, fine. But at least for now you'll have a working Internet connection and your Windows server won't be directly exposed to the Internet.

Yeah, I'm connecting to an ftp server on the internet.  I did outgoing access on port 21. (still nothing )  Those were all the messages related to NAT.  

road runner gave us a router but it's not configurable.  I've never had this problem, I don't like how I have no control over this problem with everything I've tried.  I think you guys are right about just getting a router.  I'm able to send files to the companies through mediafire, it isn't confidential data so it will do for a few days.  everything is operational.  Do you know of a good router that has a good web-based administrative interface.  I don't want to spend much time having to configure the router as I have heavy work duties.

What do you mean "it's not configurable"? Has RoadRunner disabled the administrative interface or withheld the password? Are you using the router, with whatever default configuration RoadRunner has imposed? Or is it powered-off and disconnected from the rest of your network?

I'm using the router with the default configuration from roadrunner.  Do you think I should contact them to see if it's configurable?  The router doesn't even have a manufacturer name, it's very generic looking.  

are you sure it's a router and not just a cable modem?

They told me over the phone that it was a router because I had them upgrade our account and give me a static ip address.

If it is a router, then yes, I would recommend trying to configure it. Check out broadbandreports.com -- click on FAQ and then, under "Provider Specific", click on "RoadRunner HSI Forum FAQ". You may find some information about the device there.

They don't have any information on the router.  They do provide some useful information thou.  I thought at first maybe road runner was blocking the ports but I was able to FTP on the server, so that eliminated that theory.  

I just want to thank you guys for taking the time to help me with this problem. I purchased a Wireless-N Broadband Router from linksys. (owner wanted wireless)  I didn't want to fiddle with using the server as the router anymore.  I set it up yesterday here at the office and there has been no drops so far so good.  I don't see any decrease in performance...You guys were dead on with your responses, I truely appreciate the help you have given me.  

It's great you solved the problem.
Regards.

And FTP is working now...? ;-)