WTF FTP?
September 26, 2007 8:53 PM   Subscribe

WTF FTP Server?

I just set up an FTP server on my machine. I opened the ports and set up my network connection to let the FTP server through. I got my home machine talking through the FTP client after some trial and error, and the only way I can connect to it is through my home computer using an FTP client, not actually OUTSIDE the house like I need.

Hmm. What am I doing wrong?

I'm using Filezilla, Filezilla Server Client, and ports 51000 thru 52000. I am using a dyndns.org forwarding address to update my IP.

I cannot get any other computer to connect, not even my wife's machine in the next room. Help? Tips? Tricks? Something I haven't considered? I checked the Filezilla WIKI, I have everything connected as per the instructions and various help pages across the series of tubes.

Help? I wanna FTP!
posted by jimmyhutch to Computers & Internet (14 answers total) 2 users marked this as a favorite
 
Using XP / Vista? If so, have you checked to see that the firewall is allowing incoming connections?
posted by Dipsomaniac at 8:59 PM on September 26, 2007


When you say you 'opened the ports', are you talking about the Windows firewall, or your router? For that matter, do you even have a router? How are you connected to the net?
posted by pompomtom at 9:04 PM on September 26, 2007


Response by poster: yeah, router. running XP. sorry, forgot these details.

I opened the ports on both the firewall in windows and the router.
posted by jimmyhutch at 9:09 PM on September 26, 2007


Can you connect locally?
posted by McSly at 9:15 PM on September 26, 2007


If your router uses NAT it may be an issue with whether the FTP server and/or client are set up properly regarding passive/active transfers.

In passive transfers, the client opens a connection to the FTP server, and all data comes back over that connection.

In active, the client opens a connection to the FTP server, but the FTP server opens a connection BACK to the client to transfer the data. There are all kinds of misconfiguration woes that can make this not work, on either the client or the server side.

If the client is in passive mode, try active, if it's in active, try passive.
posted by RustyBrooks at 9:15 PM on September 26, 2007


Also, if the server keeps any logs anywhere, look at those... I don't do FTP on windows but most unix ftp servers will log incoming connections (and failures), transfers, etc.
posted by RustyBrooks at 9:16 PM on September 26, 2007


I would try first connecting using your IP, and not your dyndns name. If that doesn't work, I'd try using nmap (or similar portscanner for windows) from outside to see what can be accessed on your IP (ie: in case your ISP is blocking something).
posted by pompomtom at 9:18 PM on September 26, 2007


not even my wife's machine in the next room.

On your wife's machine are you trying to connect to your routable IP address or your local NATed address (192.168.x.x / 10.x.x.x)? I feel like ideally both should work but I would half-expect it to fail in the real world if you tried to connect to the routable adresss.

You should be able to connect to it using the local address if both computers are on the same router - trying this will help you to separate a routing/NAT problem from an FTP server problem.

Without even doing an nmap, I'd just preemptively try running the FTP server on port 2121 to see if port 21 being blocked is the problem.
posted by TheOnlyCoolTim at 9:50 PM on September 26, 2007


I kinda suspect it's the passive/active FTP thing also. Try switching to "passive FTP" on the client side, and see if that fixes things. Also, make sure to open port 21, since that's the port that passive FTP will want to use for everything.

Good explanation of passive vs active FTP and how it relates to the ports you need to have open:
http://slacksite.com/other/ftp.html
posted by Kadin2048 at 11:33 PM on September 26, 2007


Response by poster: well, due to my lack of immediate knowledge about this (I did research UDP and TCP), I have the aforementioned ports open on both TCP and UDP. Is that a redundant statement, or does it make a bit of sense?
posted by jimmyhutch at 6:35 AM on September 27, 2007


Err, why 51000-52000? Is that a Filezilla thing? Standard FTP ports are 20 & 21 TCP, plus whatever magic you'll need for active/passive transfer.
posted by scalefree at 8:46 AM on September 27, 2007


Response by poster: No reason on the ports range - I was just trying something different. Apparently it's not working. I'm gonna try to revert back to ports 21 and 990 like everything says I should.
posted by jimmyhutch at 9:21 AM on September 27, 2007


FTP servers are problematic behind NAT. You need to be able to tell the server what range of ports to use for data connections, the server needs to know (or be able to find out) its WAN-accessible IP address (otherwise, it'll tell the clients to connect to its LAN address, e.g. 192.x.x.x, and that never works), and all those ports need to be opened in your firewall and forwarded to the server machine.

More trouble than it's worth. Do something else.

If it's just for you to access files, set up an ssh server instead and use a scp client (e.g. WinSCP). It only uses one port, the ssh port, and has none of the active/passive woes. Plus it's cryptographically secured.

If it's a public server where other, possibly anonymous, people need to be able to upload and download files, use a Web server and an upload CGI script to accept files.
posted by kindall at 11:44 AM on September 27, 2007


Umm, opening random ports will rarely get you where you want to go. You should either try to follow the directions in Kadin2048 's link or stop trying to make it work, else you'll end up opening up your home network to worms & hackers without ever knowing it.

As for the TCP/UDP issue, you only need TCP ports for FTP. Whichever way you go on the active/passive issue, it's all still TCP.

(FYI, FTP is a really messed up protocol, it was designed to be used under the predecessor to TCP, something called Network Control Protocol or NCP which only allowed unidirectional connections so they had to build session management into the FTP protocol. When TCP came along FTP was just ported to it pretty much without change, so you have session management both at the transport layer & the protocol level, redundantly. And then the active/passive thing was bolted on when firewalls came along, to allow us to hop over them. All in all it's just a mess to make sense of let alone implement in a modern environment.)
posted by scalefree at 12:55 PM on September 27, 2007


« Older How Can I Get More Students?   |   I'm a cyberspace commuter? Newer »
This thread is closed to new comments.