Re: Ftp server behind a router issue
From: Ida (failed_at_rogers.com)
Date: Thu, 12 Jun 2003 01:51:18 GMT
First, I'd like to say something about DMZ. A firewall must protect the
resources and machines in DMZ. It means that DMZ is separated from Internet
by the firewall. I cannot image that a company which has a firewall puts its
http and ftp servers out of its firewall. I think there is some
misunderstanding between you and the support guy of DLink DI-604 firewall.
Second, most of the modern firewalls support ftp protocol because ftp
protocol is so a pupolar protocol. Therefore there must be a very simple way
to configure DLink DI-604 firewall for ftp protocol. Sorry, I am not
familiar with this firewall.
If your local ftp server uses a private IP address and DLink DI-604 firewall
does not understand ftp protocol, the passive mode does not work at all.
Because in this mode the response of PASV command contains the private IP
address of the ftp server. If your local ftp server uses a public IP
address, the passive mode may be a workaround.
In your case, you access your ftp server from Internet, maybe PORT command
works. When PORT command is used, the client tells ftp server where the
client is listening for the data channel via PORT command. Bacause ftp
client is from Internet, a public IP address is wrapped in PORT command
(PORT a1,a2,a3,a4,p1,p2), and sent to server. Then your local ftp server
binds 20/TCP as the local address, and connects to where the client tells
via PORT command.
To diagnose the problem, use the command line ftp because it tells you what
commands are sent and what responses the client receives. As I know,
dos-prompt ftp in Windows 95/98 uses PORT to retrieve the data, ftp in
Redhat 6.0/6.2 uses PASV (the passive mode), ftp in Redhat 7.2 uses PASV,
and Windows 2000 uses PASV(I am not very sure).
Support of ITShield Firewall (http://www.itshield.com)
"andre halle" <firstname.lastname@example.org> wrote in message
> I've been on their web site. Their instruction are simple, and not
> working. It seems that i have a lot of work to do. They're surely a way to
> make that FTP server work, but i cannot access it at this moment.
> I don't know, even if you (peoples who respond to my post) have good
> i still don't know how to set up what is call very easy to do without a
> router : a simple FTP server. So if there's someone who own a Dlink
> router (or some kind of like) and had the same problem i do (accessing my
> ftp server) i would really appreciate a conclusion to this.
> "Kerry Liles" <email@example.com> wrote in message
> > Read the documentation for the DI-604 (on the CD or from the website) -
> > explains how to allow FTP (and other similar applications to run).
> > "andre halle" <firstname.lastname@example.org> wrote in message
> > news:jsEFa.3505$JN6.email@example.com...
> > > I tried about everything i could to access my local ftp server on the
> > > internet. I called the place where i buyed my DLink DI-604 firewall,
> > the
> > > only advice they gave is to use the DMZ to access my ftp server.... I
> > don't
> > > believe that's the best solution, DMZ expose my PC to hackers. I may
> > > wrong on this fact, but in the case of using DMZ to access my ftp
> > > should i configure it (the ftp server) by assigning the adress i gave
> > > the DMZ configuration of the router ? And what's the port i need to
> > >
> > > And on another way, someone talk to me about passive mode but i didn't
> > > understand how i can use passive mode to access my ftp server.
> > > tried to access my ftp server by doing ftp://ip adress given by my
> > internet
> > > service provider. But it didn't work since i installed my router. It
> > me
> > > crazy.
> > >
> > > Can someone help me about this situation ? I would appreciate it .
> > >
> > > Thanks
> > >
> > > André.
> > >
> > >