# FTP and exposing ports using DMZ?



## LearningIT (Jan 18, 2005)

Ok I set up a ftp using Serv-U software. I am behind a Linksys wrt54gs router. I have given my computer a static IP and registered a name with dyndns.org. After playing with the configuration the only way I could get it working was to enable DMZ service in my router, pointing to the static ip I gave my computer. 

My question is is this safe?

I am running zone alarm on my computer.

I'm new to ftp, so is there a better way to do this?

I did try port forwarding and other settings, but I was unable to get them working. Enabling the DMZ was the only thing that worked for me.


----------



## Rockn (Jul 29, 2001)

Port forwarding only exposes the port to the PC behind the router. Putting the PC on a DMZ leaves every port open to the internet. I would go the port forwar route and then your firewall only needs to monitor FTP.


----------



## LearningIT (Jan 18, 2005)

Rockn said:


> Port forwarding only exposes the port to the PC behind the router. Putting the PC on a DMZ leaves every port open to the internet. I would go the port forwar route and then your firewall only needs to monitor FTP.


Thanks for the respond, I am aware that DMZ leaves every port open, but my problem is that I have tried port forwarding and I cannot access my ftp.

I have honestly tried every configuration, port forwarding on/off, firewall on/off, different ports, port triggering, etc.

The only way I can access the FTP is with DMZ enabled.

My router (Linksys WRT54GS) allows me to enable DMZ on one static IP, so I did that for my FTP server box. I have zone alarm running with the highest security settings, but I am still a little aprehensive about leaving all my ports exposed on this one box.

Any ideas?


----------



## Rockn (Jul 29, 2001)

Set up prt forwarding for your internal static IP address on port 21 and disable your firewall.
There are also access restriction settings in your router that will need to be dealt with if they are conflicting with port forwarding.


----------



## LearningIT (Jan 18, 2005)

Still no go, I tried turning dmz off, firewall off, port forwarding to 21 and under my access restrictions I enabled the ftp setting with my static ip. 

But still cannot get to the ftp. 

I also noticed that if I change the port to the ftp, I cannot access it. I'm wondering if this has something to do with the Serv-U software that I am using?

I just want my network secure and I'm not sure if zone alarm alone can protect me with all my ports exposed. 

Anyone running an FTP, what setup are your running?

Thanks


----------



## Rockn (Jul 29, 2001)

Serv-U has an access list you need to add users to as well as folder setup, but it will default to port 21 unless you specify otherwise for a given FTP site.


----------



## jishaq (Mar 20, 2006)

I have the exact same router, Linksys WRT54GS v5, running the latest firmware (1.50.5), and a Serv-U 6.1 FTP server set up on a WinXP Pro SP2 server whose static IP is 192.168.1.104; it is connected to the WRT54GS by a CAT5, not wirelessly. This box does not have the WinXPSP2 firewall enabled. In the WRT54GS, I have set port forwarding of port 21 over TCP to 192.168.1.104. 

If I go to another WinX Pro PSP2 machine on my intranet, say 192.168.1.200, and issue "ftp 192.168.1.104" it connects to the Serv-U server on .104 just fine. If I use the IP address which is assigned by my ISP, "ftp 72.131.234.22" for example, my ftp client just hangs, and eventually says "ftp: connect :Unknown error number" (great). Note that I actually do have the Dyndns service as well, and unless I'm troubleshooting, I always use my human-readable domain name.

I have tried changing ServU to port 2121 (and updating port forwarding). I have the same experience. Unlike the original poster, even with DMZ enabled for 192.168.1.104, I have never been able to access my ServU server externally; only internally. I have also tried to disable the cryptic "Security : Block Anonymous Internet Requests" settings, which is supposed to "Block WAN requests" -- no clue what this is.

I used to have no problems at all with the exact same server setup, until my router died and I replaced it with the WRT54GS v5. I thought I would just slap an entry in port forwarding, and be done with it. No such luck. Having discovered that the original poster had the same problem, and getting an astonishingly dense response back from Linksys tech support (they simply explained how I could use the Status tab to get the "Internet IP address" of my router so I could FTP to it ... I don't think they read the question), I am planning to return this unit to Staples and getting a different brand.

On a side note, I did hardware and software technical support for three years back in the 90's, and I am saddened by the poor work ethic of most tech support reps these days. I worked very hard to solve all of my customers' problems, even if I had to do research and get back to them. I didn't string them along with innane responses and pointless tests, hoping they would just go away.

-Jeff Ishaq


----------



## jishaq (Mar 20, 2006)

I have the exact same router, Linksys WRT54GS v5, running the latest firmware (1.50.5), and a Serv-U 6.1 FTP server set up on a WinXP Pro SP2 server whose static IP is 192.168.1.104; it is connected to the WRT54GS by a CAT5, not wirelessly. This box does not have the WinXPSP2 firewall enabled. In the WRT54GS, I have set port forwarding of port 21 over TCP to 192.168.1.104. 

If I go to another WinX Pro PSP2 machine on my intranet, say 192.168.1.200, and issue "ftp 192.168.1.104" it connects to the Serv-U server on .104 just fine. If I use the IP address which is assigned by my ISP, "ftp 72.131.234.22" for example, my ftp client just hangs, and eventually says "ftp: connect :Unknown error number" (great). Note that I actually do have the Dyndns service as well, and unless I'm troubleshooting, I always use my human-readable domain name.

I have tried changing ServU to port 2121 (and updating port forwarding). I have the same experience. Unlike the original poster, even with DMZ enabled for 192.168.1.104, I have never been able to access my ServU server externally; only internally. I have also tried to disable the cryptic "Security : Block Anonymous Internet Requests" setting, which is supposed to "Block WAN requests" -- no clue what this is.

I used to have no problems at all with the exact same FTP server setup and could connect externally just fine, until my router died and I replaced it with the WRT54GS v5. I thought I would just slap an entry in port forwarding, and be done with it. No such luck. Having discovered that the original poster had the same problem, and getting an astonishingly dense response back from Linksys tech support (they simply explained how I could use the Status tab to get the "Internet IP address" of my router so I could FTP to it ... I don't think they read the question), I am planning to return this unit to Staples and getting a different brand.

On a side note, I did hardware and software technical support for three years back in the 90's, and I am saddened by the poor work ethic of most tech support reps these days. I worked very hard to solve all of my customers' problems, even if I had to do research and get back to them. I didn't string them along with innane responses and pointless tests, hoping they would just go away.

-Jeff


----------



## LearningIT (Jan 18, 2005)

UPDATE: I have gotten it working. Here are my settings,

static ip on my box, windows firewall off, zone alarm firewall on allowing serv u

In the router, dmz on, block internet requests unchecked, port forwarding to port 21

on the serv u software I have checked off the box saying "use dynamic dns service"....even though I am using a static ip, this works for me....and thats that. 

I can elaborate more when I get home from work if anyone needs me to.


----------



## jishaq (Mar 20, 2006)

Sorry for the double post.

I tried the DYNDNS trick in ServU, but it still didn't work. As a last-ditch effort, I decided to uninstall ServU (I have been using it for about 6 years) and try Bullet Proof FTP (BPFTP) Server instead. It worked like a dream.

With BPFTP, simple port forwarding to 21 (or in my case, I use 2100 and set my FTP server accordingly, to minimize the amount of war-FTPing hits my server gets) was all that was required. I do NOT have DMZ enabled, and I have left "Block Anonymous Internet Requests" *enabled*. Simple port-forwarding, that's all.

Happy to say, I didn't have to return the Linksys router nor deal with their horrible tech support. The problem was with ServU 6.1 -- too bad, it used to be a really nice app, but BPFTP works so end of story for me.

Thanks,
-Jeff


----------

