Sign in with
Sign up | Sign in
Your question

FTP server behind a Firewall/proxy

Tags:
  • FTP
  • Firewalls
  • Servers
  • Networking
Last response: in Networking
Share
Anonymous
July 28, 2001 6:44:55 PM

My dorm has an internal net with connection to the internet. So I've an internal IP number, not a static one eg. it keeps changing.
Between me and the net there is an Firewall wich blocks the Socks protocol but allows http.
And I'd really like to set a ftp server up so I can share films with my friends. And I'd like to be able to use ftp clients for the same reason.
But ftp servers connect via socks... :( 
I could of course use somkind of tunneling program but they only operate at the speed of circa 1.5 kb/s.

And there is also the problem of not having a static IP adress.

If there is anyone who can help me I would be very gratefull.

The Diven Lord

More about : ftp server firewall proxy

Anonymous
July 28, 2001 8:58:37 PM

ok, the reason you have a dynamic ip address is because you 'lease' a number from the server on your internal network. when you disconnect from the network your computer sends a 'release' signal to the server so that your number can be recycled and issued to another user. you can achieve virtual static ip address by never allowing your 'lease' of the number to expire. I do this with a Linksys router. since its the router that is assigned the ip address, and its always on (never sends the 'release' signal, and is always on when the 'renew' signal is sent), i always have the same ip address for the router. you can then give this ip number to friends so they can connect to you.

As far as getting through the router for FTP, i wouldnt push it. the IT people will probably detect your tunnelling attempts and give you a call. If you are running windows 2000, you can set up a VPN (virtual private network) between you and several friends. this would allow them to access shared files on your computer and to copy them to theirs......setting up a VPN is not REALLY complex, but it would take a little reading. once you get it, its easy to maintain, though.

ignore everything i say
Anonymous
July 28, 2001 11:33:18 PM

Thanks alot, you really helped me there. That VPN seemes like a good idea. If it works like I understand it then it uses the TC/IP protocol to access other computers over the net. Without using the Socks protocol.
Is that correct?

But about that router thingy. Could I use a ethernethub? It's cheaper.
What is the difference between a router, hub and a switch anyways? I've never gotten that one straight.

And again thanks alot.

The Divine Lord

I'll ignore all you say
Related resources
Anonymous
July 29, 2001 2:00:16 AM

yeah, a VPN uses tcp/ip to access other computers on the net. its really very cool stuff, and it creates a connection that is encrypted so its very secure (not that you be transfering top secret data, but it doesnt hurt to have security). if you have windows 2000, your machine can operate as a VPN server for others on the net. let me know if you think that its something you're interested in and ill post some links to articles to get you started. Its really a lot like FTP except better, with the exception that the computer connecting to yours needs to be configured to access your computer. with ftp, only the server needs to be configured. but, it would sneak right past the firewall cause the VPN 'wraps' the data in a blanket of tcp/ip, then unwraps it when it gets to its destination. cool......

as far as the router and switch question - a switch or hub wont achieve the same result because the switch or hub cannot be assigned an IP number. switches and hubs are non-entities in the world of tcp/ip in the sense that they are never assigned an address. a router is unique because you can assign it an IP address just like a pc. then, cause its always on, it holds that address indefinately. A router is a little like a small pc that just handles the directing of information (like a traffic cop). Plus, routers are two-faced, meaning that they have one address for the internet (outside world), and one address for the intranet (your computer or computers). a switch handles the direction of information like a router except it has no address. its more like a curve in a pipe - it just deflects information. a router actually translates it from the internal address to the external address.

Whew! hows that! head spinning now??!?! If you cant afford a router and/or its just too much trouble, thats cool. but remember that these skills are very marketable. so, setting this up might cost a few bucks and cuase you a few headaches but it'd be a good investment.....

ignore everything i say<P ID="edit"><FONT SIZE=-1><EM>Edited by antivirus on 07/28/01 10:03 PM.</EM></FONT></P>
July 30, 2001 1:37:16 PM

hmm,

well - to summarise your situation...

your provider/admin has a firewall which filters connections outbound right? you can browse the web (http) and retrieve files (http) but not much else?

you are getting a dynamic address from your provider as well.

the lay of the land, as I see it, is that you are sol unless the admin is your mate. The firewall is firstly blocking the majority of well known TCP and UDP ports to the Internet. you have a dynamic address which will mean than the firewall is also probably acting as a NAT device (network adress translation) which means the IP address on your PC is not a real, unique internet address, but hidden behing the firewall as a private address. the firewall translates the address to a real one (probably shared by you and the rest of the nodes on the private network) so there is no way for anyone on the internet to make a connection to you, unless you talk to them first and open a connection.

basically, unless you know the firewall admin, you can forget it, the only way you can get this working would be to run a sharing app like iMesh, Napster etc. and I strongly doubt your admin is that nice, but they may be.

lastly, routers, switches and hubs.

I won't go into vast detail here and the explanation will be a little simplified, otherwise we'd be here all week. <A HREF="http://www.cisco.com" target="_new">cisco</A> have some good educational materials if you are interested.

right, a hub is a very basic device, originally little better than a piece of wire. it is/was a device to allow many computers on the same TCP/IP to communicate with each other. it has few features and was on a basis of first person talking speaks. imagine the computer signals as a group of people in a crowded room, trying to all shout at each other. Whoever was already talking could talk, but the others must wait for a pause before thay can speak. so it is with a hub, all pcs share the same bandwidth - usually 10Mbs. nowadays hubs have become more advanced and can handle 10 and 100mbs connections and a certian level of tools.

Switches, right, imagine that everyone in that room just got a telephone. now, no-one has to wait, they can call up whoever they like in the rooom and all talk at the same time (except to the same person, in which case they must wait). Switching is like this. every device has the same easy connectivity as a hub (same tcp/ip network) but dedicated bandwidth, not shared. Again speeds are usually 10 or 100Mbs.

Routers are a bit like the postal service. They are designed to send things to computers that are not really local. they are a demarkation. Using TCP/IP the 'letters' must be properly addressed and can travel to the other side of the world but will take a little longer to get there. The router is a junction between TCP/IP networks and sorts data on the basis of IP address, like a telephone number or zip code. The PC must talk with the router in the same way as it would to another PC on the same network and the router will then 'arrange' to forward that data to the correct destination, hop by hop.

so there we go - I hope this helped slightly.

-* This Space For Rent *-
email for application details
Anonymous
July 30, 2001 4:36:46 PM

Quote:
you have a dynamic address which will mean than the firewall is also probably acting as a NAT device (network adress translation) which means the IP address on your PC is not a real, unique internet address, but hidden behing the firewall as a private address

yeah, i had forgotten that his address is not only dynamic, but also private.

ignore everything i say
!