On 5 May 2006 at 8:16, Robert Fernando wrote:
> I am trying to set up the ftp side of iis5 personal webserver (running
> under windows 2k sp4), which is connected to the internet via a
> linksys router.
> I have enabled port forwarding of port 20 and 21 to be routed to the
> relevant internal IP address.
> I now forwarding works as the webside is visible via the Internet.
>
> When I test the ftp side using Microsoft's command line ftp client I
> am getting connection timed out errors.
> However connecting to the ftp serverver using it's internal IP
> address, works correctly.
>
> What could be wrong ?
You shouldn't need to forward port 20; if it is possible to achieve what
you want with this equipment (I doubt it...), that may be preventing it from
working.
You've correctly recognized that FTP uses two TCP connections, one for the
"control" conversation and one for the actual data. The control connection
is opened from the client to the server's port 21, and will need to be
forwarded if you are using NAT.
In normal FTP, the data connection is opened from the server's port 20, to
a port specified by the client. A device trying to NAT this connection
needs to preserve the source port (20) and to have seen (and perhaps
translated) the client message on port 21 that specified the other port to
use. (Your port-forward of port 20 *may* be interfering with the router's
ability (if it has it) to do this.)
In "passive" FTP, the data connection is opened from the client to a port
chosen by the server (NOT port 20!), and again the NATting device needs to
have seen (and perhsp translated) the message on port 21 where that was
communicated.
You may find -- if you're lucky! -- that one form of FTP works with your
current setup and the other does not.
There ARE devices on the market that perform NAT and do the necessary
fixups for FTP, but they're sold as "firewalls" rather than "routers", and
generally start at several hundred dollars and go up from there.
Using NAT with a small device like a LinkSys router is usually done where
one has a single, possibly dynamic, IP address from the ISP. There are a
variety of kludges available to allow running a small-scale server on such a
connection, but it's simpler to operate a server, especially for FTP, if you
have a static address to dedicate to it, and avoid NAT if possible.
David Gillett
PCBUILD maintains hundreds of useful files for download
visit our download web page at:
http://freepctech.com/downloads.shtml
|