Ftp using non-standard port behind MN-500

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

I encountered a problem when setting up a ftp server behind
MS web station MN-500. The web station is set to NAT mode
and is configured properly on the port forwarding page.
Everything works fine when I configure my ftp server to
listen on port 21, but as soon as I change it to some other
ports(>1024), there will be a problem when using LIST
command under PORT mode; the client from outside can only
login and use pwd, but cannot do ls(DIR). In other words,
the ftp-data socket cannot be established.
Can anyone give me a hint on what's going on? Why
non-standard ports won't fully function?!

Thanks a lot.

Joseph
8 answers Last reply
More about standard port
  1. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    Active mode doesn't work too well for almost all routers when using
    non-standard ports.

    Essentially, all routers (and/or firewalls) would have issues with active
    mode due to the way the FTP protocol communicates. Most routers get around
    this by having an Application Layer Gateway (ALG) to sniff FTP connections
    on port 21. This is done so that the router can then redirect the
    communications port (randomly assigned by the server you are connecting to)
    back to the ftp client (i.e. you). It would be prohibitively expensive
    (CPU-wise) for your router to sniff ALL ports, hence why only the standard
    FTP port is monitored for PORT commands.

    Your best bet is to use passive mode for FTP. Of course, you'll need to
    make sure that your FTP server that you are connecting to is configured
    properly for passive mode.

    --
    Jason Tsang - Microsoft MVP

    Find out about the MS MVP Program -
    http://mvp.support.microsoft.com/default.aspx

    "Joseph" <anonymous@discussions.microsoft.com> wrote in message
    news:164501c4bbec$cadccb00$a501280a@phx.gbl...
    >I encountered a problem when setting up a ftp server behind
    > MS web station MN-500. The web station is set to NAT mode
    > and is configured properly on the port forwarding page.
    > Everything works fine when I configure my ftp server to
    > listen on port 21, but as soon as I change it to some other
    > ports(>1024), there will be a problem when using LIST
    > command under PORT mode; the client from outside can only
    > login and use pwd, but cannot do ls(DIR). In other words,
    > the ftp-data socket cannot be established.
    > Can anyone give me a hint on what's going on? Why
    > non-standard ports won't fully function?!
    >
    > Thanks a lot.
    >
    > Joseph
  2. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    >Most routers get around this by having an Application
    Layer Gateway (ALG) to sniff FTP connections
    >on port 21. This is done so that the router can then
    redirect the
    >communications port (randomly assigned by the server you
    are connecting to)
    >back to the ftp client (i.e. you).

    I am pretty sure that under active mode when establishing
    the ftp-data socket, client is actually the one that is
    listening. So there's no reason for the router to block
    this connection from inside of its network. It's just a
    normal connection going outside.
    This is the part I don't understand.


    >Your best bet is to use passive mode for FTP. Of course,
    you'll need to
    >make sure that your FTP server that you are connecting to
    is configured
    >properly for passive mode.
    >

    Yes, I tried passive mode with port forwarding, but I
    found out that the server would give its local ip address
    instead(i.e. 192.168.1.5). Therefore, when the client
    receive this IP there's no way it can find the rout to the
    server( client is out side of NAT).

    Thank you.

    Joseph
  3. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    The router doesn't know which port to listen on (that's choosen by the ftp
    server). That's where the problem lies (this is under the assumption that
    you are connecting to an FTP server on the internet, it does not apply when
    you connect to an FTP server within your own LAN).

    --
    Jason Tsang - Microsoft MVP

    Find out about the MS MVP Program -
    http://mvp.support.microsoft.com/default.aspx

    "Joseph" <anonymous@discussions.microsoft.com> wrote in message
    news:18a201c4bc47$3ed93a20$a501280a@phx.gbl...
    > >Most routers get around this by having an Application
    > Layer Gateway (ALG) to sniff FTP connections
    >>on port 21. This is done so that the router can then
    > redirect the
    >>communications port (randomly assigned by the server you
    > are connecting to)
    >>back to the ftp client (i.e. you).
    >
    > I am pretty sure that under active mode when establishing
    > the ftp-data socket, client is actually the one that is
    > listening. So there's no reason for the router to block
    > this connection from inside of its network. It's just a
    > normal connection going outside.
    > This is the part I don't understand.
    >
    >
    >>Your best bet is to use passive mode for FTP. Of course,
    > you'll need to
    >>make sure that your FTP server that you are connecting to
    > is configured
    >>properly for passive mode.
    >>
    >
    > Yes, I tried passive mode with port forwarding, but I
    > found out that the server would give its local ip address
    > instead(i.e. 192.168.1.5). Therefore, when the client
    > receive this IP there's no way it can find the rout to the
    > server( client is out side of NAT).
    >
    > Thank you.
    >
    > Joseph
  4. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    First, thanks for your kindly reply, but..I still don't
    uderstand. Why does the router on the server side needs to
    know which port to listen on? It's the server that is
    trying to connect to some other machine. Besides that, the
    port is actually choosen by the ftp client under active
    mode, so all what the ftp server has to do is connect to
    the socket that's listening on the client's machine.

    Please correct me if I was wrong.

    p.s.
    Let's clearify the situation again:
    The server is behind NAT(mn-500) and the client is on the
    internet with real IP address and no firewall. Problem
    occus when the two machines are trying to establish the
    ftp-port connection.

    Thank you.

    Joseph

    >-----Original Message-----
    >The router doesn't know which port to listen on (that's
    choosen by the ftp
    >server). That's where the problem lies (this is under
    the assumption that
    >you are connecting to an FTP server on the internet, it
    does not apply when
    >you connect to an FTP server within your own LAN).
    >
    >--
    >Jason Tsang - Microsoft MVP
    >
    >Find out about the MS MVP Program -
    >http://mvp.support.microsoft.com/default.aspx
    >
    >"Joseph" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:18a201c4bc47$3ed93a20$a501280a@phx.gbl...
    >> >Most routers get around this by having an Application
    >> Layer Gateway (ALG) to sniff FTP connections
    >>>on port 21. This is done so that the router can then
    >> redirect the
    >>>communications port (randomly assigned by the server you
    >> are connecting to)
    >>>back to the ftp client (i.e. you).
    >>
    >> I am pretty sure that under active mode when establishing
    >> the ftp-data socket, client is actually the one that is
    >> listening. So there's no reason for the router to block
    >> this connection from inside of its network. It's just a
    >> normal connection going outside.
    >> This is the part I don't understand.
    >>
    >>
    >>>Your best bet is to use passive mode for FTP. Of course,
    >> you'll need to
    >>>make sure that your FTP server that you are connecting to
    >> is configured
    >>>properly for passive mode.
    >>>
    >>
    >> Yes, I tried passive mode with port forwarding, but I
    >> found out that the server would give its local ip address
    >> instead(i.e. 192.168.1.5). Therefore, when the client
    >> receive this IP there's no way it can find the rout to the
    >> server( client is out side of NAT).
    >>
    >> Thank you.
    >>
    >> Joseph
    >
    >
    >.
    >
  5. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    You are incorrect.

    See here for a description of how active and passive mode ftp work

    http://slacksite.com/other/ftp.html

    See step three of Active mode. The router doesn't know what port to forward
    back to the ftp client.

    --
    Jason Tsang - Microsoft MVP

    Find out about the MS MVP Program -
    http://mvp.support.microsoft.com/default.aspx

    <anonymous@discussions.microsoft.com> wrote in message
    news:211e01c4bc7c$c070c8c0$a301280a@phx.gbl...
    > First, thanks for your kindly reply, but..I still don't
    > uderstand. Why does the router on the server side needs to
    > know which port to listen on? It's the server that is
    > trying to connect to some other machine. Besides that, the
    > port is actually choosen by the ftp client under active
    > mode, so all what the ftp server has to do is connect to
    > the socket that's listening on the client's machine.
    >
    > Please correct me if I was wrong.
    >
    > p.s.
    > Let's clearify the situation again:
    > The server is behind NAT(mn-500) and the client is on the
    > internet with real IP address and no firewall. Problem
    > occus when the two machines are trying to establish the
    > ftp-port connection.
    >
    > Thank you.
    >
    > Joseph
    >
    >>-----Original Message-----
    >>The router doesn't know which port to listen on (that's
    > choosen by the ftp
    >>server). That's where the problem lies (this is under
    > the assumption that
    >>you are connecting to an FTP server on the internet, it
    > does not apply when
    >>you connect to an FTP server within your own LAN).
    >>
    >>--
    >>Jason Tsang - Microsoft MVP
    >>
    >>Find out about the MS MVP Program -
    >>http://mvp.support.microsoft.com/default.aspx
    >>
    >>"Joseph" <anonymous@discussions.microsoft.com> wrote in
    > message
    >>news:18a201c4bc47$3ed93a20$a501280a@phx.gbl...
    >>> >Most routers get around this by having an Application
    >>> Layer Gateway (ALG) to sniff FTP connections
    >>>>on port 21. This is done so that the router can then
    >>> redirect the
    >>>>communications port (randomly assigned by the server you
    >>> are connecting to)
    >>>>back to the ftp client (i.e. you).
    >>>
    >>> I am pretty sure that under active mode when establishing
    >>> the ftp-data socket, client is actually the one that is
    >>> listening. So there's no reason for the router to block
    >>> this connection from inside of its network. It's just a
    >>> normal connection going outside.
    >>> This is the part I don't understand.
    >>>
    >>>
    >>>>Your best bet is to use passive mode for FTP. Of course,
    >>> you'll need to
    >>>>make sure that your FTP server that you are connecting to
    >>> is configured
    >>>>properly for passive mode.
    >>>>
    >>>
    >>> Yes, I tried passive mode with port forwarding, but I
    >>> found out that the server would give its local ip address
    >>> instead(i.e. 192.168.1.5). Therefore, when the client
    >>> receive this IP there's no way it can find the rout to the
    >>> server( client is out side of NAT).
    >>>
    >>> Thank you.
    >>>
    >>> Joseph
    >>
    >>
    >>.
    >>
  6. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    Ok I've re-read your first posting.

    The problem lies with the FTP client (whoever is connecting to you).

    Are you sure the person connecting to you isn't behind a shared connection
    or firewall.

    --
    Jason Tsang - Microsoft MVP

    Find out about the MS MVP Program -
    http://mvp.support.microsoft.com/default.aspx

    <anonymous@discussions.microsoft.com> wrote in message
    news:211e01c4bc7c$c070c8c0$a301280a@phx.gbl...
    > First, thanks for your kindly reply, but..I still don't
    > uderstand. Why does the router on the server side needs to
    > know which port to listen on? It's the server that is
    > trying to connect to some other machine. Besides that, the
    > port is actually choosen by the ftp client under active
    > mode, so all what the ftp server has to do is connect to
    > the socket that's listening on the client's machine.
    >
    > Please correct me if I was wrong.
    >
    > p.s.
    > Let's clearify the situation again:
    > The server is behind NAT(mn-500) and the client is on the
    > internet with real IP address and no firewall. Problem
    > occus when the two machines are trying to establish the
    > ftp-port connection.
    >
    > Thank you.
    >
    > Joseph
    >
    >>-----Original Message-----
    >>The router doesn't know which port to listen on (that's
    > choosen by the ftp
    >>server). That's where the problem lies (this is under
    > the assumption that
    >>you are connecting to an FTP server on the internet, it
    > does not apply when
    >>you connect to an FTP server within your own LAN).
    >>
    >>--
    >>Jason Tsang - Microsoft MVP
    >>
    >>Find out about the MS MVP Program -
    >>http://mvp.support.microsoft.com/default.aspx
    >>
    >>"Joseph" <anonymous@discussions.microsoft.com> wrote in
    > message
    >>news:18a201c4bc47$3ed93a20$a501280a@phx.gbl...
    >>> >Most routers get around this by having an Application
    >>> Layer Gateway (ALG) to sniff FTP connections
    >>>>on port 21. This is done so that the router can then
    >>> redirect the
    >>>>communications port (randomly assigned by the server you
    >>> are connecting to)
    >>>>back to the ftp client (i.e. you).
    >>>
    >>> I am pretty sure that under active mode when establishing
    >>> the ftp-data socket, client is actually the one that is
    >>> listening. So there's no reason for the router to block
    >>> this connection from inside of its network. It's just a
    >>> normal connection going outside.
    >>> This is the part I don't understand.
    >>>
    >>>
    >>>>Your best bet is to use passive mode for FTP. Of course,
    >>> you'll need to
    >>>>make sure that your FTP server that you are connecting to
    >>> is configured
    >>>>properly for passive mode.
    >>>>
    >>>
    >>> Yes, I tried passive mode with port forwarding, but I
    >>> found out that the server would give its local ip address
    >>> instead(i.e. 192.168.1.5). Therefore, when the client
    >>> receive this IP there's no way it can find the rout to the
    >>> server( client is out side of NAT).
    >>>
    >>> Thank you.
    >>>
    >>> Joseph
    >>
    >>
    >>.
    >>
  7. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    Yes, I doubt the client is behind a firewall though I
    really don't know.

    So was I right about the problem? Because what you meant by

    >the router doesn't know what port to forward back to the
    ftp client.

    is refering the problem on the client side, but what I said
    was what happened on the server side.

    Is there a way to work this out besides from setting the
    port to 21 if the client is behind a firewall? 'cause you
    will never know what kind of network the client is
    connecting from.
    BTW, even if the server is not behind a NAT but with a
    non-standard port, the client will still have problem
    establishing the ftp-data socket! because the NAT on the
    client side will not check the non-standard port as you said!

    It shouldn't be that complicated, shouldn't it? :(

    thanks

    Joseph


    >-----Original Message-----
    >Ok I've re-read your first posting.
    >
    >The problem lies with the FTP client (whoever is
    connecting to you).
    >
    >Are you sure the person connecting to you isn't behind a
    shared connection
    >or firewall.
    >
    >--
    >Jason Tsang - Microsoft MVP
    >
    >Find out about the MS MVP Program -
    >http://mvp.support.microsoft.com/default.aspx
    >
    ><anonymous@discussions.microsoft.com> wrote in message
    >news:211e01c4bc7c$c070c8c0$a301280a@phx.gbl...
    >> First, thanks for your kindly reply, but..I still don't
    >> uderstand. Why does the router on the server side needs to
    >> know which port to listen on? It's the server that is
    >> trying to connect to some other machine. Besides that, the
    >> port is actually choosen by the ftp client under active
    >> mode, so all what the ftp server has to do is connect to
    >> the socket that's listening on the client's machine.
    >>
    >> Please correct me if I was wrong.
    >>
    >> p.s.
    >> Let's clearify the situation again:
    >> The server is behind NAT(mn-500) and the client is on the
    >> internet with real IP address and no firewall. Problem
    >> occus when the two machines are trying to establish the
    >> ftp-port connection.
    >>
    >> Thank you.
    >>
    >> Joseph
    >>
    >>>-----Original Message-----
    >>>The router doesn't know which port to listen on (that's
    >> choosen by the ftp
    >>>server). That's where the problem lies (this is under
    >> the assumption that
    >>>you are connecting to an FTP server on the internet, it
    >> does not apply when
    >>>you connect to an FTP server within your own LAN).
    >>>
    >>>--
    >>>Jason Tsang - Microsoft MVP
    >>>
    >>>Find out about the MS MVP Program -
    >>>http://mvp.support.microsoft.com/default.aspx
    >>>
    >>>"Joseph" <anonymous@discussions.microsoft.com> wrote in
    >> message
    >>>news:18a201c4bc47$3ed93a20$a501280a@phx.gbl...
    >>>> >Most routers get around this by having an Application
    >>>> Layer Gateway (ALG) to sniff FTP connections
    >>>>>on port 21. This is done so that the router can then
    >>>> redirect the
    >>>>>communications port (randomly assigned by the server you
    >>>> are connecting to)
    >>>>>back to the ftp client (i.e. you).
    >>>>
    >>>> I am pretty sure that under active mode when establishing
    >>>> the ftp-data socket, client is actually the one that is
    >>>> listening. So there's no reason for the router to block
    >>>> this connection from inside of its network. It's just a
    >>>> normal connection going outside.
    >>>> This is the part I don't understand.
    >>>>
    >>>>
    >>>>>Your best bet is to use passive mode for FTP. Of course,
    >>>> you'll need to
    >>>>>make sure that your FTP server that you are connecting to
    >>>> is configured
    >>>>>properly for passive mode.
    >>>>>
    >>>>
    >>>> Yes, I tried passive mode with port forwarding, but I
    >>>> found out that the server would give its local ip address
    >>>> instead(i.e. 192.168.1.5). Therefore, when the client
    >>>> receive this IP there's no way it can find the rout to the
    >>>> server( client is out side of NAT).
    >>>>
    >>>> Thank you.
    >>>>
    >>>> Joseph
    >>>
    >>>
    >>>.
    >>>
    >
    >
    >.
    >
  8. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    The best thing to do (IMHO) is to either use port 21 (there are reasons why
    you might not want to though, understandably), or set up passive mode
    transfers on your ftp server.

    It's too bad FTP isn't NAT friendly.

    --
    Jason Tsang - Microsoft MVP

    Find out about the MS MVP Program -
    http://mvp.support.microsoft.com/default.aspx

    <anonymous@discussions.microsoft.com> wrote in message
    news:194d01c4bca7$eeda22d0$a601280a@phx.gbl...
    > Yes, I doubt the client is behind a firewall though I
    > really don't know.
    >
    > So was I right about the problem? Because what you meant by
    >
    >>the router doesn't know what port to forward back to the
    > ftp client.
    >
    > is refering the problem on the client side, but what I said
    > was what happened on the server side.
    >
    > Is there a way to work this out besides from setting the
    > port to 21 if the client is behind a firewall? 'cause you
    > will never know what kind of network the client is
    > connecting from.
    > BTW, even if the server is not behind a NAT but with a
    > non-standard port, the client will still have problem
    > establishing the ftp-data socket! because the NAT on the
    > client side will not check the non-standard port as you said!
    >
    > It shouldn't be that complicated, shouldn't it? :(
    >
    > thanks
    >
    > Joseph
    >
    >
    >>-----Original Message-----
    >>Ok I've re-read your first posting.
    >>
    >>The problem lies with the FTP client (whoever is
    > connecting to you).
    >>
    >>Are you sure the person connecting to you isn't behind a
    > shared connection
    >>or firewall.
    >>
    >>--
    >>Jason Tsang - Microsoft MVP
    >>
    >>Find out about the MS MVP Program -
    >>http://mvp.support.microsoft.com/default.aspx
    >>
    >><anonymous@discussions.microsoft.com> wrote in message
    >>news:211e01c4bc7c$c070c8c0$a301280a@phx.gbl...
    >>> First, thanks for your kindly reply, but..I still don't
    >>> uderstand. Why does the router on the server side needs to
    >>> know which port to listen on? It's the server that is
    >>> trying to connect to some other machine. Besides that, the
    >>> port is actually choosen by the ftp client under active
    >>> mode, so all what the ftp server has to do is connect to
    >>> the socket that's listening on the client's machine.
    >>>
    >>> Please correct me if I was wrong.
    >>>
    >>> p.s.
    >>> Let's clearify the situation again:
    >>> The server is behind NAT(mn-500) and the client is on the
    >>> internet with real IP address and no firewall. Problem
    >>> occus when the two machines are trying to establish the
    >>> ftp-port connection.
    >>>
    >>> Thank you.
    >>>
    >>> Joseph
    >>>
    >>>>-----Original Message-----
    >>>>The router doesn't know which port to listen on (that's
    >>> choosen by the ftp
    >>>>server). That's where the problem lies (this is under
    >>> the assumption that
    >>>>you are connecting to an FTP server on the internet, it
    >>> does not apply when
    >>>>you connect to an FTP server within your own LAN).
    >>>>
    >>>>--
    >>>>Jason Tsang - Microsoft MVP
    >>>>
    >>>>Find out about the MS MVP Program -
    >>>>http://mvp.support.microsoft.com/default.aspx
    >>>>
    >>>>"Joseph" <anonymous@discussions.microsoft.com> wrote in
    >>> message
    >>>>news:18a201c4bc47$3ed93a20$a501280a@phx.gbl...
    >>>>> >Most routers get around this by having an Application
    >>>>> Layer Gateway (ALG) to sniff FTP connections
    >>>>>>on port 21. This is done so that the router can then
    >>>>> redirect the
    >>>>>>communications port (randomly assigned by the server you
    >>>>> are connecting to)
    >>>>>>back to the ftp client (i.e. you).
    >>>>>
    >>>>> I am pretty sure that under active mode when establishing
    >>>>> the ftp-data socket, client is actually the one that is
    >>>>> listening. So there's no reason for the router to block
    >>>>> this connection from inside of its network. It's just a
    >>>>> normal connection going outside.
    >>>>> This is the part I don't understand.
    >>>>>
    >>>>>
    >>>>>>Your best bet is to use passive mode for FTP. Of course,
    >>>>> you'll need to
    >>>>>>make sure that your FTP server that you are connecting to
    >>>>> is configured
    >>>>>>properly for passive mode.
    >>>>>>
    >>>>>
    >>>>> Yes, I tried passive mode with port forwarding, but I
    >>>>> found out that the server would give its local ip address
    >>>>> instead(i.e. 192.168.1.5). Therefore, when the client
    >>>>> receive this IP there's no way it can find the rout to the
    >>>>> server( client is out side of NAT).
    >>>>>
    >>>>> Thank you.
    >>>>>
    >>>>> Joseph
    >>>>
    >>>>
    >>>>.
    >>>>
    >>
    >>
    >>.
    >>
Ask a new question

Read More

Routers FTP Servers Networking