Home FTP access from outside the LAN...
Hey all quick question, to see if anybody has any ideas. In all reality my problem could be Comcast not allowing me to access my server via the internet.
Anyway I have debian setup as a file server on an old laptop. I also configured [FONT=arial, sans-serif]vsftp in attempt to manage my files remotely. I forwarded ports 20 and 21 from my router to the Linux box's private IP address. When accessing my debian server via FTP locally everything works fine. But when trying to access it from a cellular connection via the Routers public IP address, it will not allow me to connect.
Anybody have any ideas?[/FONT]
Anyway I have debian setup as a file server on an old laptop. I also configured [FONT=arial, sans-serif]vsftp in attempt to manage my files remotely. I forwarded ports 20 and 21 from my router to the Linux box's private IP address. When accessing my debian server via FTP locally everything works fine. But when trying to access it from a cellular connection via the Routers public IP address, it will not allow me to connect.
Anybody have any ideas?[/FONT]
Never stop learning.
Comments
-
CloudKill9 Member Posts: 22 ■□□□□□□□□□Have you checked your logs to see if it is hitting the firewall/router?
-
ptilsen Member Posts: 2,835 ■■■■■■■■■■I am not aware of Comcast blocking FTP, although it is possible and would not shock me. In any event, it seems more likely you are encountering a NAT transversal issue. There are some considerations for properly configuring your server, NAT router, or both. The Wikipedia article gets into some of the details, but it will come down to either a router-side change or a server-side change.
File Transfer Protocol - Wikipedia, the free encyclopedia -
Asif Dasl Member Posts: 2,116 ■■■■■■■■□□If you are being blocked, you could sign up for an Amazon Web Services server (which is free for a year) or sign up for a cheap linux VPS (virtual private server) and do an SSH tunnel to your static IP or DynDNS address. Or like ptilsen said you could change the FTP port numbers which might work also.
-
CodeBlox Member Posts: 1,363 ■■■■□□□□□□Yeah, try changing the ports. Here is a good test to determine if it's an issue on your LAN or somewhere within the ISPs network: Initiate your ftp session internally but use the public address on your router to connect to the server. This would ensure that the NAT and port forwarding are working properly, would seem that way to me anyways.
I access a linux box at home from work via ssh and it works like a charm.Currently reading: Network Warrior, Unix Network Programming by Richard Stevens -
Qord Member Posts: 632 ■■■■□□□□□□On your router, are you sure you enabled the port-forwarding? On my router, you can add line items to the forwarding list and not actually enable them. Confused the hell out of me when I "learned" this the hard way. After creating the rule, I had to go back and enable it.
-
zachkenemer Member Posts: 22 ■□□□□□□□□□It could be a NAT issue; however, if you are using a hostname or DDNS service like DynDNS, make sure the DNS records are updated accordingly, if not then you might have to install a client updater for the specific service (if they offer it and if your using DNS).
This could depend on your home router as well. I have a D-Link 825 and I find the Virtual Server section to be easier to use, rather than port forwarding, but accomplishes the same thing.
If your using a cell signal, make sure you can ping your external IP address from an External source. If that is successful, you can try changing the ports like everyone else said, if Comcast is blocking those ports this will succeed.
I'm not sure about the debian config here, as I am more red hat, fedora. make sure to restart the vsftpd service after changing configs. -
CodeBlox Member Posts: 1,363 ■■■■□□□□□□I have that exact same wireless device ZachCurrently reading: Network Warrior, Unix Network Programming by Richard Stevens
-
discount81 Member Posts: 213I find these modem routers that isps give are usually not the greatest and sometimes have options locked, mine had the option to create a DMZ which basically forwards everything to my DMZ subnet and I put my own firewall in front of that so I can vpn home without any issues, I'd suggest doing the same if you canhttp://www.darvilleit.com - a blog I write about IT and technology.
-
paul78 Member Posts: 3,016 ■■■■■■■■■■When you say that you cannot connect - what do you mean? If you try to just telnet to your IP on port 21 - are you not getting a FTP connect?
One of the details that a lot of people confuse about FTP is how the FTP data port works - I.e. TCP port 20. In active mode FTP (the default on most FTP clients), the FTP server doesn't listen on port 20 - it sources connections from port 20. If you want to have your FTP client make the data connection to your FTP server - then you need to use passive mode FTP. However, you will need a firewall that is capable of proxy-ing FTP - otherwise you will have to bind the specific port that you want to use as your data port in your FTP server configuration. -
Whiteout Member Posts: 248Hey all, thanks for the ideas! Been at work all day so going to start doing some troubleshooting with all your advice.
Oh and I just have a cheapo Linksys router, but have upgraded the firmware to DD-WRT.Never stop learning. -
gorebrush Member Posts: 2,743 ■■■■■■■□□□Surely if you are using a Debian machine, you could just forward port 22 out to it and use SSH?
This is more secure and a bit easier than having to worry about PASV FTP. You also have the added benefit of tunneling things from your remote machine back to home. For example, I use WOL to wake up my desktop when I am at work. I then tunnel a random port number, say 9000 to my desktop's IP (10.1.3.4 for example) thus I can then open Windows RDP and go to localhost:9000
I can then be at my home connection. It is most useful. I've got an arseload of port mappings to all sorts of things.
For example, I also have port 22 mapped to my Debian server, so I can fire up WinSCP, point it to localhost:22 and then manage the server over SCP (through an SSH tunnel) All nice and secure. -
jibbajabba Member Posts: 4,317 ■■■■■■■■□□Active FTP is usually a deal breaker when going through a firewall / router as it is using random ports (>1023)
For exampleftp: setsockopt (ignored): Permission denied PORT 10,10,16,80,12,172
Above would calculate to a port of 3244 .... basically impossible to open those specific ports.
I agree though - you got Debian ? Use SFTP instead (FTP over SSH) and simply open port 22...
Or of course change the client and server to use passive FTP instead and just open 20/21.My own knowledge base made public: http://open902.com -
networkjutsu Member Posts: 275 ■■■□□□□□□□AFAIK, Comcast is not blocking anything. At least in my area, they do not block any ports that I open. I use Filezilla FTP at home and using FTPS. paul78 is right about the active and passive mode. IIRC, traversing NAT is passive mode. Since I use FTPS, I decided to use the regular port which is 990 then for the data stuff, I had to open about 10 or 50 ports on top of it then everything started to work. Good luck!
-
Whiteout Member Posts: 248jibbajabba wrote: »Use SFTP instead (FTP over SSH) and simply open port 22...
Gave this a shot and it worked. Maybe Comcast blocks unsecured FTP? I don't know, but i'm good to go now. Thanks all!Never stop learning. -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Comcast isn't blocking FTP, FTP is just a tricky protocol from a network standpoint.
(Passive mode)
Client connect port 21
Server returns random port to establish 2nd (data) connection on
Client connects to 2nd port
FTP established.
So opening port 20/21 doesn't get FTP working. Opening port 20 wouldn't ever really do anything even in active mode.
So the trick is to go into the FTP server and manually specify the range of ports that FTP will use for the data connection, then allow those through the firewall. My suggestion, as was previously suggested, would be to use SFTP and skip all of those headaches.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
jibbajabba Member Posts: 4,317 ■■■■■■■■□□Gave this a shot and it worked. Maybe Comcast blocks unsecured FTP? I don't know, but i'm good to go now. Thanks all!
Glad you got it working .. SFTP might just be a tad slower.My own knowledge base made public: http://open902.com -
life980 Registered Users Posts: 3 ■□□□□□□□□□This could be related to ACTIVE/PASSIVE mode of FTP transmission. You can try both in the FTP client to see if that resolves the issue. Also, make sure you unblock the FTP server application itself and not just the port 21 since the application will bind to other ports to create a data channel.
Turn the firewall off on the FTP client machine because I have had issues using FTP client on Windows 8.1 with firewall enabled even with the FTP client unblocked.