maxnero
2002-03-03, 09:44 PM
After more test about ftp server, I have following conclusion:
1. if you are behind a NAT server(for you,it is your broadband router), then you should use passive mode to connect to a ftp server.
2. if you set up a ftp server with a port 2101, then you should map a private port 2101 to public port 2101,
then other people try to connect to you ftp server(port 2101) will work only when he is not behind a NAT server(he has a real internet IP, not 192.168.x.x private IP)
3. How could we set up a ftp server to support a ftp client behind a NAT server(they don't have a real internet IP) ? the answer is that you have to set up your ftp server to support PASV mode. if you use Serv-U, then you have to check "Domains"->"Settings"->"Advanced"->"Allow passive mode data transfers, use IP_____",( you can enter your static internet IP here or leave it blank for dynamic IP)
if you leave "Local Server"-->"Settings" ->"Advanced"->"PASV port range" to blank, the server will acquire a new listening socket with a random port number between 1024 and 65535 for every passive mode transfer. because you are behind broadband router, you could set a range, for example, 32000--32005, and you MUST map these private ports to public ports, but this will also require your client to use a special ftp client software, you could suggest them to use ,for example, FlashFXP, and they need to check "Site uses IP Masq/NAT/Non-Routable IP" in "Site Options".(Other ftp client software maybe not work.)
Hope above explaination will help you to set up a ftp server successfully.
Note:
====
I don't suggest you to use DMZ function.
Virtual DMZ Host – If you have a client PC that cannot run an
Internet application properly from behind the firewall or after
configuring the Special Applications function, then you can open
the client up to unrestricted two-way Internet access. Enter the IP
address of a DMZ host to this screen. Adding a client to the DMZ
(Demilitarized Zone) may expose your local network to a variety
of security risks, so only use this option as a last resort
PLEASE FORGIVE MY POOR ENGLISH.
-max
1. if you are behind a NAT server(for you,it is your broadband router), then you should use passive mode to connect to a ftp server.
2. if you set up a ftp server with a port 2101, then you should map a private port 2101 to public port 2101,
then other people try to connect to you ftp server(port 2101) will work only when he is not behind a NAT server(he has a real internet IP, not 192.168.x.x private IP)
3. How could we set up a ftp server to support a ftp client behind a NAT server(they don't have a real internet IP) ? the answer is that you have to set up your ftp server to support PASV mode. if you use Serv-U, then you have to check "Domains"->"Settings"->"Advanced"->"Allow passive mode data transfers, use IP_____",( you can enter your static internet IP here or leave it blank for dynamic IP)
if you leave "Local Server"-->"Settings" ->"Advanced"->"PASV port range" to blank, the server will acquire a new listening socket with a random port number between 1024 and 65535 for every passive mode transfer. because you are behind broadband router, you could set a range, for example, 32000--32005, and you MUST map these private ports to public ports, but this will also require your client to use a special ftp client software, you could suggest them to use ,for example, FlashFXP, and they need to check "Site uses IP Masq/NAT/Non-Routable IP" in "Site Options".(Other ftp client software maybe not work.)
Hope above explaination will help you to set up a ftp server successfully.
Note:
====
I don't suggest you to use DMZ function.
Virtual DMZ Host – If you have a client PC that cannot run an
Internet application properly from behind the firewall or after
configuring the Special Applications function, then you can open
the client up to unrestricted two-way Internet access. Enter the IP
address of a DMZ host to this screen. Adding a client to the DMZ
(Demilitarized Zone) may expose your local network to a variety
of security risks, so only use this option as a last resort
PLEASE FORGIVE MY POOR ENGLISH.
-max