Can't get FTP to work on Zyxel 660H router

Discussion in 'Home Networking' started by tinnews, Apr 9, 2008.

  1. tinnews

    tinnews Guest

    I'm trying to configure a Zyxel 660H router to allow FTP to a system
    on my Soho LAN.

    I have the Zyxel configured so that all systems on the LAN can see the
    outside world OK, i.e. a basic default ADSL configuration.

    In addition I have got outside access to my web server on port 80 and
    my ssh server on port 22 working (with the ssh acces restricted to a
    few trusted IP addresses).

    However I just can't get FTP access from the outside to work. I can
    ftp to the ftp server from inside the LAN so the server is working but
    when I try and access it from the outside nothing happens at all, just
    silence and eventually a timeout. I have port 21 mapped across in the
    NAT mapping and I hav opened up port 21 with the firewall, all exactly
    as for the services that work.

    So, what am I doing wrong? I know FTP is odd in some ways and can be
    difficult to make work but surely it should be possible.
     
    tinnews, Apr 9, 2008
    #1
    1. Advertisements

  2. tinnews

    tinnews Guest

    OK, a little Googling suggests that maybe I'm not going to have much
    success trying to FTP through NAT and a firewall. I'm pretty sure my
    previous Speedtouch router managed FTP OK but, presumably, that had
    some tweaks in the firmware will allowed it to work.

    It's not a big issue, I'll use rsync, scp, etc. instead.
     
    tinnews, Apr 10, 2008
    #2
    1. Advertisements

  3. tinnews

    Clint Sharp Guest

    FTP uses two ports, one a control channel and the other a data channel.
     
    Clint Sharp, Apr 10, 2008
    #3
  4. tinnews

    Rob Morley Guest

    And any number of dynamically allocated high-numbered ports, if it's
    running in active mode.
     
    Rob Morley, Apr 11, 2008
    #4
  5. tinnews

    Clint Sharp Guest

    Yeah, but if you're running the server you'd configure it to use passive
    mode so the ports of interest are 'standard'.
     
    Clint Sharp, Apr 11, 2008
    #5
  6. tinnews

    Rob Morley Guest

    There's no need to configure the server - if it receives a PORT command
    from a client it opens an active session, and if it receives a PASV
    command it runs in passive mode.
     
    Rob Morley, Apr 12, 2008
    #6
  7. tinnews

    Alex Fraser Guest

    It is possible - but it depends on the FTP server and router.

    The bottom line is that there should be no problem getting "active" FTP
    to work (with just forwarding of port 21) for a server behind a NAT
    router, but "passive" FTP often causes problems.

    Unfortunately, a lot of client software defaults to passive mode because
    this is most likely to work with the client behind a NAT router.
    However, active FTP is normally fine - NAT routers are invariably
    capable of modifying the PORT command usually sent by a client.

    To get passive FTP to work from a server behind a NAT router, either the
    router needs to modify the server's response to the PASV command
    (similar to modifying a client's PORT command) or you must be able to
    configure the address the server gives in the PASV response, control the
    range of ports it will use, and configure the router to forward those
    ports in addition to port 21.

    Where it is an option (and it sounds like it is for you), I would
    recommend forgetting FTP entirely, instead using scp/sftp for private
    files and HTTP for public ones.

    Alex
     
    Alex Fraser, Apr 12, 2008
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.