FTP port time out problem on MN700

[Daniel]

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

Hi

Trying to set up FTP server behind a MN-700.
When connecting inside my LAN it works, when trying from
WAN the FTP client gives me a "No Access/The operation
has timed-out" error.

I'm no great wiz so I have to follow the manual and
instructions in the Help file (yes, I do read them
occasionally but still no luck.
- Could you please check if I have made some config error?

The router:
- Persistant Port Forwarding -
Enable = yes, Inbound Port = 20-21, Type = TCP
Private IP Address = 192.168.2.51
Private Port = 6665 - 6666
- Firewall -
Block ICMP Commands = enabled

The FTP Server:
Listens on port: 6666
User accounts: works in LAN. Quadrouple checked that
accounts exists and that I use correct passwords.
And the usual: "It used to work before I installed the
MN700"

Other settings and comments:
No other firewall than the router installed or used!
Internet, Messenger and such works without problem.
I have also tried connecting to both port 6666 and 21
from the outside, in case I totally mixed up private and
inbound.

Hoping for your assistance.
Thanks /Daniel

 

[Guest]

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

You are likely trying to access your ftp server with passive mode.

Since you didn't set it up, it won't work.

On your router...

Persistant Port Forwarding -
Enable = yes, Inbound Port = 21-21, Type = TCP
Private IP Address = 192.168.2.51
Private Port = 6666 - 6666

the port 20 forward is irrelevant since port 20 is never listened upon
(that's *your* ftp server sending out on the ftp-data port, therefore a port
forward is unnecessary).

That takes care of the connection

now, for passive ftp
On the router
Persistant Port Forwarding -
Enable = yes, Inbound Port = 30000-30009, Type = TCP
Private IP Address = 192.168.2.51
Private Port = 30000-30009

You'll need to specify the WAN ip in your FTP server (so that it uses it as
the passive mode ip)
You'll also have to tell the FTP server to use the port range 30000-30009
for the passive mode ports.

Active mode ftp connections would likely work to your ftp server if you
aren't behind a shared connection, and you aren't behind a firewall.

Active mode ftp connections will almost likely fail if you are using a
shared connection and you are behind a firewall (as your router/firewall
won't know what incoming port to open. Now, port 21 active mode might work
if your firewall or router have a hack to listen for the PORT ftp command so
that it will open up the appropriate port. It'd be impractical for a
firewall or router to monitor every single port for ftp commands. Moral of
the story, if you are behind a firewall or router, you'll probably have to
resort to using passive mode. Hence the need for ftp server ops to set
passive mode up.

See here for a page on how to setup an ftp behind a router.
While it uses a linksys router as an examples, the principles are the same
Just note that you do not have to turn off DHCP in order to port forward
with the MS Routers

http://www.linksysftp.org

Definitive explanation of ftp modes
http://slacksite.com/other/ftp.html

--
Jason Tsang - Microsoft MVP

Find out about the MS MVP Program -
http://mvp.support.microsoft.com/default.aspx

"Daniel" <anonymous@discussions.microsoft.com> wrote in message
news:138001c4265a$5ec57ed0$a401280a@phx.gbl...
> Hi
>
> Trying to set up FTP server behind a MN-700.
> When connecting inside my LAN it works, when trying from
> WAN the FTP client gives me a "No Access/The operation
> has timed-out" error.
>
> I'm no great wiz so I have to follow the manual and
> instructions in the Help file (yes, I do read them
> occasionally but still no luck.
> - Could you please check if I have made some config error?
>
> The router:
> - Persistant Port Forwarding -
> Enable = yes, Inbound Port = 20-21, Type = TCP
> Private IP Address = 192.168.2.51
> Private Port = 6665 - 6666
> - Firewall -
> Block ICMP Commands = enabled
>
> The FTP Server:
> Listens on port: 6666
> User accounts: works in LAN. Quadrouple checked that
> accounts exists and that I use correct passwords.
> And the usual: "It used to work before I installed the
> MN700"
>
> Other settings and comments:
> No other firewall than the router installed or used!
> Internet, Messenger and such works without problem.
> I have also tried connecting to both port 6666 and 21
> from the outside, in case I totally mixed up private and
> inbound.
>
> Hoping for your assistance.
> Thanks /Daniel
>
>