# Accessing a FTP from outside my network.



## Kit Fox (May 25, 2004)

So I set up an FTP using "http://www.pcstats.com/articleview.cfm?articleID=1491"

Decent site. I cant however make it ask for a username and password.

I'm running Windows XP and if I'm on a compuer within my network connecting to the internet through my router, if i type in the FTP://IPADDRESS then it will connect, if im outside my house on a differant network it dosent work.


----------



## Squashman (Apr 4, 2003)

Did you forward ports on your router to your server?


----------



## Kit Fox (May 25, 2004)

How do i do that?


----------



## StumpedTechy (Jul 7, 2004)

Log into the router and go to the port forwarding and put the ports you want to forward to your servers IP address.

Also once you have the ports forwarded remember from outside the house you will be doing FTP://WANIPADDRESS if you just do FTP://IPADDRESS of your internal LAN your never going to connect.


----------



## Kit Fox (May 25, 2004)

How do I know which ports I want to foreword?


----------



## Rockn (Jul 29, 2001)

The default port for FTP is 21 TCP.


----------



## Kit Fox (May 25, 2004)

Does this look right? its not working when i type in my FTP://(IP from Whatsmyip.com)


----------



## StumpedTechy (Jul 7, 2004)

I would probably hard code my server and make sure its outside the DHCP scope (just to make sure it never changes IP on you) but it looks right without knowing the IP of your server and assuming its 192.168.0.102.

2 more issues can be in place. Software firewalls. Also things like PASV ports if you set those up on the FTP also have to be setup on the router.


----------



## Kit Fox (May 25, 2004)

yes, the IP of my FTP is 192.168.0.102, my internet ip address is differant, i understand that Id need to type in my IP address as part of the FTP to get it to show outside my network but thats what i cant figure out.


----------



## Kit Fox (May 25, 2004)

bump


----------



## StumpedTechy (Jul 7, 2004)

Well in the browser you can do - ftp://username:[email protected] IPort/directory or ftp://WAN IPort/directory or ftp://WAN IPort

This is all if your not using the standard FTP port 21. If your using that you don't need to specify the port at all.

I never have been a fan of using a web browser as an FTP client though too many issues with PASV and other things for me to care for it.



> i understand that Id need to type in my IP address as part of the FTP to get it to show outside


Forget about 192.168.0.102 when your outside it means NOTHING once your outside except that your router that is getting the WAN IP HAS to have NAT port forwarding to it.

FTP server on lan (firewall permitting Port 21 and any pasv ports if your running pasv) ----> Router with port forwarding of port 21 and PASV ports to the FTP server ----> WAN IP of ISP provided to modem -----> Remote PC with FTP set to WAN IP and port 21.

The only other things that can be happening is the remote network may be blocking port 21 communications? Your running with a modem/router combo and a second router behind that so you have 2 nat firewalls and one you have configured the other isn't?


----------



## Kit Fox (May 25, 2004)

I have one router, and one cable modem. I type in FTP:// and then the IP address that shows up when i go to whatismyip.com. Sorry im being a problem but I would like to figure this out to work. Its the best mothod I think there is for transfering files from my home computer to an outside computer, not very helpfull if it only works within my network.


----------



## StumpedTechy (Jul 7, 2004)

If your running it on port 21, you have done the firewall configuration, and your sure no software firewalls are blocking it. Then your down to 2 options either your ISP is blocking port 21 or the remote network is blocking port 21.


----------



## Rockn (Jul 29, 2001)

Can you access the FTP server internally using your LAN address? If it works from the inside you need the to have someone try it using your WAN IP address from outside of your LAN. Use a real FTP client like filezilla instead of IE.

http://filezilla.sourceforge.net/


----------



## StumpedTechy (Jul 7, 2004)

> I'm running Windows XP and if I'm on a compuer within my network connecting to the internet through my router, if i type in the FTP://IPADDRESS then it will connect, if im outside my house on a differant network it dosent work.


Yeah he can connect internally. This is why I am stressing either port forwarding on the router firewall or ISP port blocking as thats about the only explinations why it works internally but not externally.


----------



## Kit Fox (May 25, 2004)

A proffessional FTP program sounds more enticing to me. I'm gonna abandon my current fight with XP FTP and try that.

On their download site theres a choice for:
Filezilla
Filezilla Server

which one should I use?

Also if I click FIlezilla theres like 6 differant files to choose from. Should I just download the .exe file?

Whats the differance between FTP and SFTP?

If my computer is turned of I understand that the FTP will not work if I try to access it.

Can I control a shutdown/startup procedure remotly also using the FTP?


----------



## StumpedTechy (Jul 7, 2004)

No you cannot start up the remote server with FTP.
No you can't access your FTP server if its shut off.
FTP = File tranfer protocol SFTP = Secure FTP where your running FTP over SSH adding SSH encryption to it.
Server is the FTP server and the other is more than likely the client.


----------



## StumpedTechy (Jul 7, 2004)

Also note theres a TON of FTP clients out there. I tend to like Bulletproof FTP if your checking out clients (but its not free but does have a nice trial period).


----------



## Kit Fox (May 25, 2004)

OO, so to use that Filezilla thing you need both a client and a server, eww, that sucks, I just want a simple server, the server would work, if its installed on just the host computer. I dont wanna install it on all other computers. To access the FTP I'd just want to type in a address and view it that way.


----------



## Kit Fox (May 25, 2004)

bump (wow am i impatiant lol)


----------



## Squashman (Apr 4, 2003)

You need an FTP client to access the server. Doesn't matter what client you use to access the server. You can use FileZilla's client and server if you want, or you could use Filezilla Server and the WSFTP client. Doesn't matter. You just need to run the server on one computer and any computer with an FTP client can access.

Filezilla server is a great product as well as the client. I use the client all the time.

If you want a really easy FTP server to setup use this.
http://www.pablosoftwaresolutions.com/html/quick__n_easy_ftp_server.html


----------



## Kit Fox (May 25, 2004)

But I can access a FTP server just normaly with using the IP address in explorer or internet explorer to acess it also through right. I was able to acess my FTP like that before. Is it not true for those FTP servers also?


----------



## JohnWill (Oct 19, 2002)

Yes, you can access pretty much any FTP server with IE, I do it all the time. I have WSFTP too, but many times I just use IE.


----------



## Kit Fox (May 25, 2004)

Awsome. I got Bulletproof FTP and I'm kinda impresed. I must admit theres thousands of options and its slightly confusing but I think ive been able to set it up to the point that its the same way it was. It works on my network but not outside.


----------



## Couriant (Mar 26, 2002)

Doesn't Port 20 need to be allowed to?


----------



## Kit Fox (May 25, 2004)

no luck with 20 also enabled


----------



## JohnWill (Oct 19, 2002)

Try port 21.


----------



## Couriant (Mar 26, 2002)

JohnWill said:


> Try port 21.


he/she did


----------



## Rockn (Jul 29, 2001)

I am slightly confused as to what it is exactly that you are trying to accomplish. Are you trying ot run an FTP server from your LAN to be accessed from the outside or not? WHat exactly are you trying to do here???


----------



## Kit Fox (May 25, 2004)

I want to have an FTP set up so I can access it from outside of my home network. So that anyone in the world who would want to can type in my FTP://IP and see it. Not just my own network. Sorry. Thanks for all the help so far.


----------



## JohnWill (Oct 19, 2002)

All you "should" have to do is as follows.

Startup an FTP server on a machine in your LAN.

Port forward port 21 to that machine through your router.

Using an FTP client outside your network, access the FTP server using your public IP address. For an easier way to find a dynamic IP address on the Internet, a service like DynDNS will give you a constant URL.


----------



## Kit Fox (May 25, 2004)

^^ Thats what I did do. No luck


----------



## Rockn (Jul 29, 2001)

What FTP server do you have set up and running and do you have your firewall disabled or set to pass requests to port 21?


----------



## Kit Fox (May 25, 2004)

No firewall. I'm running bulletproof FTP


----------



## Rockn (Jul 29, 2001)

Are you using the Belletproof FTP client or the server, there is a difference. If you are using the FTP server in IIS it is a pain in the backside to get working and has crappy setup for individual user access. Use something like BFTP server or ServU. Even the Filezilla server is better.


----------



## StumpedTechy (Jul 7, 2004)

> Doesn't Port 20 need to be allowed to?


Not usually in some cases the FTP will connect but then give you no directory and things like that if thats the case then yes you want to open up Port 20. Also 20 is not needed at all if you go pasv and then do a full pasv range the cross communication (anything non auththentication) then shoves off the user onto the pasv ports and leaves port 21 open. PASV ports can be defined per FTP server and really can be in any port range you wish. Just remember whne dealing with FTPs its 1 port per 1 user so if your serving 50 people at the same time then you need 50 pasv ports.


----------



## JohnWill (Oct 19, 2002)

Kit Fox said:


> No firewall. I'm running bulletproof FTP


How about your router?


----------



## StumpedTechy (Jul 7, 2004)

We seem to be beating a dead horse here I have to say IMHO post 11 and 13 really cover FTP and FTP serving remotely.

The fact he can FTP internally tells me theres only a few options 1) its a firewall - be it software or NAT OR 2) an ISP blocking the serving port or 3) something disabled on the secondary external network side.

Also the fact he is using I.E. instead of an FTP client to connect in externally is a big bane because we can't even ask for the FTP logs (if I.E. logs FTP commands and failures please tell me because I have been looking for this for a LONG time.)

I think I may have to leave this thread to you guys as I am unsure how to describe this in any other form that may be benificial to the original poster.


----------



## JohnWill (Oct 19, 2002)

I agree, I'm not sure we'll make progress without more information. If he can ping the public IP address externally, I'm going to start guessing that the ISP has blocked FTP ports.


----------



## Kit Fox (May 25, 2004)

I have no firewall on in my router. I am using the Bulletproof FTP Server not the client. If I try to login externamly it dosent show up in the server log any attempts.


----------



## Squashman (Apr 4, 2003)

Well, if think you forwarded the ports correctly on your router then have someone do a port scan of your WAN IP address to actually see what is open.


----------



## StumpedTechy (Jul 7, 2004)

Actually you can do your own port scan using shields up it will tell you all ports you have open to the outside.


----------



## Couriant (Mar 26, 2002)

Just curious, under the Filter button in your D-Link page, have you made any filters for FTP there too? and are they enabled?


----------



## JohnWill (Oct 19, 2002)

Run the common ports scan at Shields Up! and see if it sees your Internet port. Here's what you should see if there's an FTP server available. You'll see the second example if the port is sensed, but there is no response from the FTP application.


----------



## Kit Fox (May 25, 2004)

I think these might help. I dont understand the filters page, should i turn those all off?


----------



## Kit Fox (May 25, 2004)

I had someone scan me:

"but ports 0-20, 22-24, 26-109, and 111-65535 are closed, by comcast i bet and port 21 is open."


----------



## Kit Fox (May 25, 2004)

If I use ftp://127.0.0.1/ on the server computer it accesses the FTP also, idk if that means anything


----------



## Kit Fox (May 25, 2004)

More info when i accessed it localy

"(000005) 10/2/2006 8:53:52 PM - (not logged in) (127.0.0.1) > connected to ip : 127.0.0.1
(000005) 10/2/2006 8:53:52 PM - (not logged in) (127.0.0.1) > sending welcome message.
(000005) 10/2/2006 8:53:52 PM - (not logged in) (127.0.0.1) > 220 Viper Network
(000005) 10/2/2006 8:53:52 PM - (not logged in) (127.0.0.1) > USER anonymous
(000005) 10/2/2006 8:53:52 PM - (not logged in) (127.0.0.1) > 331 Password required for anonymous.
(000005) 10/2/2006 8:53:52 PM - (not logged in) (127.0.0.1) > PASS [email protected]
(000005) 10/2/2006 8:53:52 PM - (not logged in) (127.0.0.1) > 530 Login or Password incorrect.
(000005) 10/2/2006 8:53:58 PM - (not logged in) (127.0.0.1) > USER Kit Fox
(000005) 10/2/2006 8:53:58 PM - (not logged in) (127.0.0.1) > 331 Password required for Kit Fox.
(000005) 10/2/2006 8:53:58 PM - (not logged in) (127.0.0.1) > PASS -----------
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > logged in.
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 230 User Kit Fox logged in.
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > SYST 
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 215 UNIX Type: L8
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > PWD 
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 257 "/" is current directory.
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > TYPE I
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 200 Type set to I.
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > PASV 
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 227 Entering Passive Mode (127,0,0,1,167,225)
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > SIZE /
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 550 No such file or directory.
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > MDTM /
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 213 18991230000000
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > RETR /
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > asked to download 'D:\FTP\' --> Access denied (No Such File).
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 550 '/' : No Such File.
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > PASV 
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 227 Entering Passive Mode (127,0,0,1,153,95)
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > CWD /
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > asked to change directory : 'D:\FTP\ -> D:\FTP\' --> Access allowed.
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 250 CWD command successful. "/" is current directory.
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > LIST 
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 150 Data connection accepted from 127.0.0.1:1226; transfer starting.
(000005) 10/2/2006 8:53:58 PM - Kit Fox (127.0.0.1) > 226 Transfer ok
"


----------



## Couriant (Mar 26, 2002)

I think I was wrong on the button, I meant Firewall. But from what your scan showed, your FTP port (21) is open...


----------



## StumpedTechy (Jul 7, 2004)

Well we know your PASV range is somewhere in the 42977 range your sure your pasv ports are open on your router to your Server? Can you show us this same log externally? Oh yeah and remove anything in the log that is in the same spot as 127,0,0,1 if your paranid about security. This will tell me more.



> 111-65535 are closed


So basically I think this is your problem your running PASV with that range but the ports are showing closed externally.

- Edit for adding some information that most people don't know -

BTW in case people are reading and wonder how I got the 42977 number
Line - 227 Entering Passive Mode (127,0,0,1,167,225) in the ()'s is IP,IP,IP,IP, Port*256,port so 167*256+225 = 42977

It will be interesting to find out the IPv6 version of FTP log diagnosis I havent begun to look at that formula.


----------



## Kit Fox (May 25, 2004)

Supposedly Comcast is blocking my 21st port, *******s, and when I call them they refuse to open it unless I have a business account. Can I put an FTP on a differant port or something?


----------



## Lotus4669 (Jan 6, 2006)

Yeah port forwarding is the key. However, in many programs, you will need to forward port 20 & 21.

EDIT: I just noticed there was more than one page to this thread, lol, dohhh


----------



## Lotus4669 (Jan 6, 2006)

Kit Fox said:


> Supposedly Comcast is blocking my 21st port, *******s, and when I call them they refuse to open it unless I have a business account. Can I put an FTP on a differant port or something?


Filezilla FTP Server/Client will allow you to change the ports IIRC


----------



## StumpedTechy (Jul 7, 2004)

I thought it was either ISP or firewall...

Anyhow this is besides the point most any FTP servers can be forced onto a non standard port so you can serve on ANY port you want. The biggest issue is when you change ports on your pc you have to do this -

Instead of ftp://ip you have to do ftp://ip:port because with ftp://ip it will automatically try the standard FTP port of 21. By doing ftp://ip:port you are telling it the port you want so you can use any port you want.


----------



## JohnWill (Oct 19, 2002)

Kit Fox said:


> Supposedly Comcast is blocking my 21st port, *******s, and when I call them they refuse to open it unless I have a business account. Can I put an FTP on a differant port or something?


I used Comcast for years and had an FTP server up all of that time, there was never an issue. FWIW, the only port I forward is 21, the PASV ports should be outgoing, so you don't have to open them.


----------



## StumpedTechy (Jul 7, 2004)

> the PASV ports should be outgoing, so you don't have to open them.


I have to respectfully disagree there Johnwill. no FTP server functioning 100% properly should be setup like you mentioned - While this is just one citing I can find numerous others that say the same thing.

http://support.ipswitch.com/kb/FS-20051115-DM01.htm



> Once WS_FTP Server has found an available port to use, it will send its IP address and the available port back to the client. This return of information is known as the 'passive response'. *If WS_FTP Server is behind a firewall or router, the TCP port specified in the passive response must be open inbound to the computer on which WS_FTP Server is installed,* or the client will not be able to successfully connect.


If you don't have your PASV ports open then you can't get the PASV commands from the client.


----------



## JohnWill (Oct 19, 2002)

I checked, and I'm not running in PASV mode, my mistake. OTOH, I've also never had any issues accessing the FTP server remotely, so I never felt the need to change the configuration.


----------



## StumpedTechy (Jul 7, 2004)

PASV is only good for serving large numbers of users really. If its single connection PASV is a waste.

What is is is one user per port so implementing a pasv range of say 59900 to 60000 would allow you to have 101 clients connecting (because one can stay active on the 21). You connect in on 21 then it shuffles you off to another port to make your transactions.

To be totally honest the only reason I usually use PASV in my setups is just on the off chance someones connected when I am trying to connect using PASV gives me that access still. I hate to have it where I try and do something yet can't because someone else is connected.


----------



## JohnWill (Oct 19, 2002)

Good point. The FTP I have running is for my use, so I'm pretty sure nobody is connected except me.


----------

