Hi all,
I'm having trouble accessing to my friend FTP server and I need some help. I have a D-Link 524Up Router, when I remove it, I can connect to the FTP server without any trouble, but with it doesn't work. I have set a fix local Ip adress but I'm having trouble forwording port and correctly using the nat.There is 3 way to configure those thing in router interface: Virtual Server, Application and FireWall. Can anybody help with configuring it ?
[URL=http://imageshack.us][IMG]http://img242.imageshack.us/img242/1481/virtualserverax0.jpg[/IMG][/URL]
[URL=http://imageshack.us][IMG]http://img517.imageshack.us/img517/729/applicationlx5.jpg[/IMG][/URL]
[URL=http://imageshack.us][IMG]http://img242.imageshack.us/img242/8177/firewallue9.jpg[/IMG][/URL]

I'm assuming that you try to connect to your friends FTP server through the internet, there is nothig you have to forward.
You need to forward ports only, if YOU will provide services like FTP though the Internet.
Have you tried to access any other FTP server in the Internet?

Yes it's through internet. I just tried to connect to Intel and ea ftp's and it worked fine. But with my friends ftp it's still not working. I get a [R]530 PORT error.
I have found I great website explaining the connection for ftp : http://www.slacksite.com/other/ftp....
Sounds like There is 4 thing to do:
* FTP server's port 21 from anywhere (Client initiates connection)
* FTP server's port 21 to ports > 1023 (Server responds to client's control port)
* FTP server's port 20 to ports > 1023 (Server initiates data connection to client's data port)
* FTP server's port 20 from ports > 1023 (Client sends ACKs to server's data port)
I know that this is for the server side, but I'm also interested, but I don't know what to put in my router interface :( any ideas ?

As paulsep said, you shouldn't have to do anything on your router to connect to a remote ftp site.

I don't understand, and can't explain, why you can connect with your router out of the mix and can't with it in. I suspect you've been playing around with firewall settings and have disallowed ftp type connections. Have you been tweaking settings? Added/changed any rules regarding the ftp ports?

What you could do to test if it's settings in your router is to reset it to factory defaults and try connecting to your friends ftp site. If it works, you know it's something you did.

You will want to backup your present config before resetting it just in case that's not the problem. If it's not, just copy your config back on and it'll be back to where it was in a minute or two without you having to redo all the settings manually.

I think, the firewall at your friends side is misconfigured.
FTP server needs port 20, 21, and after that the ftp at server side needs to be able to use one TCP high port out of the range 1024 to 65535 to communicate.
So it's always a good idea to use stateful packet filtering for FTP server.
FTP is a mess for firewall admins.

Yep, That's exactly what I did. I have maid a bckp and reset to factory, even update the firmware but stil, router in -> no connection.
I have Tried with 4 diffrent ftp client:
FlashFxp, CuteFtp, FTP expert and BulletProof FTP Client, all the same. I presume that something must be wrong with he's configuration. He is using BulletProof FTP Server and he has put he's modem in router mode. I told him to uncheck the "Block Server-to-Server transfert (FXP, FTP Bounce attack) didn't helped. Anyway, the thing I would like to understand is how exactly work the routeur interface. In Virtual server There is Private and public port, What's the diffrence ? In Application, I can put a range of ports: Trigger port and again public port.
(See pictures in my first post) In the BulletProof FTP Server options, I can specify a range of port for passive mode, I guess it have to match with the router but dunno where to put it in the router interface :S If only UPnP worked correctly... da** routers ^^

Re: Paulsep

You mean FTP Server Always need port 20 and 21 ?
Because when starting the ftp server, he and I have chosen a diffrent port to listen to.

me Listen on port number: 48625
him --> 59999

Maybe I need to open 48625 AND 48624
am I right ?

If he wants to use a another port for ftp, he has to add a new rule in "Advanced / Virtual Server".
Private IP: <the_ip_address_of_ftp_server>
Protocol:Type: TCP
Private Port: <port configured in BulletProof>
Public Port: <port configured in BulletProof> (same as Private Port)

That's all you need to do.

oops maybe I've make myself misundertoob, My english is quite good, I'm french lol sry
Let's forget about me trying to connect to he's server.
I'm the one owning the DI-524Up. I have 3 computers, behind the DI-524Up:
Compt 1 : 192.168.0.100
Compt 2 : 192.168.0.101
Compt 3 : 192.168.0.102

Gateaway: 192.168.0.1

I have set this in hard in the TCP/IP IPV4 configuration + dns.

If I want to start a ftp server on my computer 1 on port 48625.
I go to "Advanced / Virtual Server"
Private IP : 192.168.0.100
Protocol:Type: TCP
Private Port: 48625
Public Port: 48625

This is ok, but it looks like the 1st step only. They say:

From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:

* FTP server's port 21 from anywhere (Client initiates connection)
* FTP server's port 21 to ports > 1023 (Server responds to client's control port)
* FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server)
* FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port)

1st step is done, but what about the 3 others ?

I think, there are no other steps to accomplish, because the routers firewall uses Stateful Packet Filtering. That means, if a connection is established, the router opens the additional needed ports for that connection for the time of that connection and closes the additional ports, when at disconnection of e.g. FTP session.

Have you tried, whether the port 48625 is open?
You can use online port scanner to do so.
http://www.auditmypc.com/

Performing a Port Scan

First check online port scan:
http://www.auditmypc.com/

Ouch, What the Hell :

We detected that you are using a proxy server of some type. This means that if we continue, we would be scanning a computer other than your own. Large companies, such as AOL and others, use proxy and cache servers to speed up your connection to the Internet.

We have provided a link to an advanced section of this site that may be able to determine your correct IP address and allow you to continue the test; we can not continue at this time. If we are mistaken, please let us know! Thank you.

I have tryed the [Ranged Security Scan] same results :(

Open or closed port 48625?

It's not telling me :(

I'll try with another website

Wow, All closed :

Le port TCP 48620 est fermé
Le port TCP 48621 est fermé
Le port TCP 48622 est fermé
Le port TCP 48623 est fermé
Le port TCP 48624 est fermé
Le port TCP 48625 est fermé
Le port TCP 48626 est fermé
Le port TCP 48627 est fermé
Le port TCP 48628 est fermé
Le port TCP 48629 est fermé

So is there running the windows firewall too?
Maybe this odd thing is blocking the port.

Ah, BulletProof must be runnig during the port scan, ok?

Yep I lunched it, same results

Windows Firewall?
Running or stooped?

BulletProof FTP Server Is allowed in windows Firewall and I added the port just in case, but still not open. Maybe it needs a client ftp to access the port

Did you get my email ?

No !!!
I would recommend to disable Windows Firewall just for testing.
Then, do an online port scan again.
Tell me, what happens.

Done, Same results

I guess I'll have to remove the router everytime I want to use FTP.

Thanks a lot for your help and your time.

Any other setting for the ftp server done in the router firewall, like port triggering or something else?

And someting else.
Open a dos box (start / run / cmd)
and try a
netstat -anb | more
and look, whether BulletProof is listenning to the configured port.

I had put some things, but as nothing worked, I removed all the entries. Now There's only the one you told me : "Advanced / Virtual Server"...

I'll try the dos thing and let you know

lol everything is at Zero :

http://img166.imageshack.us/my.php?...

sry didn't noticed that I had to press a key LOOL what a noob. let me check again

I have an :

[svhost.exe]
UDP [::]:49748
FDResPub

but nothing on 48625

I have Check With TCP Viewer and it is listening:

System:-1 TCP PC-de-Mustaine:48625 PC-de-Mustaine:0 LISTENING

Thats not correct.
BulletProof must be running and switched to Online.
Then on an netstat -anb | more you should see something like this:
TCP 0.0.0.0:48625 0.0.0.0:0 LISTENING
[G6FTPSrv.exe]

ok I try again

Yes I got it :

TCP 0.0.0.0:48625 0.0.0.0:0 LISTENING

Why is it TCP Port 49152 ???

sry I couldn't select the right line but It is in :

http://img238.imageshack.us/my.php?...

Ok, and now again an online scan to the given port with exactly this settings.

Yup, It's open:

Port
Status Protocol and Application

48624
Closed Unknown Protocol for this port
Unknown Application for this port

48625
OPEN! Unknown Protocol for this port
Unknown Application for this port

48626
Closed Unknown Protocol for this port
Unknown Application for this port

Ok, now it should work.
Try to connect to your FTP via Internet.
Keep in mind, you can not connect to your FTP server from a PC whithin your network via Internet.
That will not work.
It's like you ring at your door from the outside and open your door from the inside by yourself.

You need another Internet line to connect to your FTP.

Ok Thanks dude !!

No problem :-)