Sign-in / Sign-up
Your question

Running an FTP server behind a firewall

Tags:
  • Routers
  • FTP
  • Firewalls
  • Servers
  • Networking
Last response: in Networking
July 24, 2003 12:52:59 AM

I am using a D-link DI-614+ Wireless router, that has a built in firewall. I am trying to host an ftp server. From what I have read I need to turn on pasv in secure ftp server by globalscape. It asks me to assign an ip for pasv mode, do I use my ip address? Or leave it at 0's to use "Home Ip"? Also I read I will have to open up some ports in my firewall. I am not completely sure how to do this.

I found two pages, one that has this on it, for "Applications"

Special Application is used to run applications that require multiple connections.
O Enabled O Disabled
Name [ ]
Trigger Port [ ] - [ ]
Trigger Type TCP/ UDP/ Both
Public Port [ ]
Public Type TCP/ UDP/ Both

Then a Firewall page that looks like this

Name [ ]
Action O Allow O Deny
Interface IP Range Start IP Range End Protocol PortRange

Source */ LAN/ WAN
Destination */ LAN/ WAN TCP/ UDP/ ICMP * [ ]-[ ]

I know those are pretty crptic, but lets say I am wanting to have my ftp port 21, the default ports for pasv are 1024-5000. I am guessing I need to have port 21 forwarded to that port range maybe? The verbiage in the firewall throws me off. Thanks in advance, Dionysus.


*Whats seperated by a / is illustrating different options in a drop down.

More about : running ftp server firewall

July 25, 2003 3:52:24 AM

use the port mapping or open DMZ for the server

No matter how much you know today, you will have to know more tomorrow.

I feel sorry for my bad English and I am in Hong Kong.
July 25, 2003 12:36:23 PM

Educated guess:

Name [] : Is the firewall rule name.

Action : Is the firewall rule specifically allowing or denying packets? You can set up a further rule behind 'allow' rules to explicitly deny all other traffic. Some do this as default.

Interface IP range: You can specify a range of IPs or ports which are 'safe' or unsafe'.

Source: IP or network IP that issue the incoming packets.
Destination: Your network or PC most likely.

Additionally, you can specify outgoing rules to prevent data going from your network/PC to secified IPs or networks.

TCP/UDP/ICMP: Specifies the protocol that the application you are writing the rule for uses.

FTP uses TCP ports 20 & 21.
DNS uses UDP port 53.
HTTP uses TCP port 80, and so on.
Find a website with a list of ports and their corresponding protocols for more info.

BTW that's one hell of a port range to open up. You don't need all that. Most FTP servers I've used only need a couple of ports opened. You also need to forward port 20 too, as FTP uses this for data. Both are TCP.

Be careful how you specify these firewall rules. They can be very unforgiving if you set them up wrongly. A packet will get tested against each rule until it's criteria matches the rule, then the firewall will deall with the packet as per the rule's instructions. Badly designed rules can lead to packets getting denied wrongly, or even worse, unwanted packets getting through.


<b><font color=blue>~ <A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=32..." target="_new">System Specs</A> ~<font color=blue></b> :wink: