Ken Robertson's Blog

what do you mean by "I am behind a cable router" ??

a NAT box? a Linksys/Dlink/ firewall box??

also are you saying that you need for a remote user to transfer files to/from your server??

and who is your ISP/cable co. ??

are they blocking ports at the headend??

what about a VPN?

are you on a dynamic IP ??

depending on some of the answeres there are several ways to get what you need.

if you want to take this off you blog then email me denny at my domain name
PS: my web server is down right now but I am figuerres.com

FTP uses port 21 for connections and port 20 for negotiation. Depending on the configuration it will also often negotiate a high port for transfers. You really need a 'real' firewall to properly expose FTP.

> what do you mean by "I am behind a cable router" ??
> a NAT box? a Linksys/Dlink/ firewall box??

Yes, just a basic "cable/DSL router". Mine is Linksys.

> also are you saying that you need for a remote user to transfer files to/from your server??

I'm the remote user and I want to be able to FTP files up to my server.

> and who is your ISP/cable co. ??
> are they blocking ports at the headend??

That doesn't matter. Active FTP simply won't work because the little router wouldn't know who the connection is supposed to go to, since there are multiple computers behind it.

> what about a VPN?

Don't want to have to open a VPN connection. Then all my net traffic starts to route through the server and some open connections (like IM) close out/reconnect and then alert me because multiple users are logged in (since the old one wouldn't timeout by then). Always a hassle for simple stuff.

> are you on a dynamic IP ??

No.


The question is pretty simple... how can you tell the Windows firewall/routing stuff that FTP is going to be on a port other than 21 so it'll know how to handle passive connections? This is primarily so I can connect to my colocated server without having the standard FTP port open for people to probe. Not worth buying another firewall app. I have ISA server (since the server is running SBS2003), but it is way overkill for my needs. Exchange for just me is already overkill.

Why not just configure the router for static port forwarding and then run active FTP? This is what I do for FTP, HTTP, and RDP on my machine, and all I have is a cheap Linsys router.

Try Windows Server 2003 Service Pack 1 RC2. It has a built in firewall (like the one in the Windows XP Service Pack 2) which doen't confilct with other applications.

If you're having that trouble with VPN it's because you haven't turned off the 'Use default gateway' on the VPN connection's TCP/IP properties (you need to go to the Advanced tab).

With that turned off then only traffic for the subnet on the end of the VPN connection will be routed there and you will use the gateway specified on your main TCP/IP connection for other traffic.

^_^,Pretty Good!

How to configure a firewall for ftp server, see www.raidenftpd.com/.../howto-configure-firewall.html

well written, It helped me a lot.

375680.. He-he-he :)

375680.. Reposted it :)