Sorry for the length of this...

Background:
I am trying to setup an FTP server on my LAN using BulletProof FTP Server (V2.21) running on one of my PC's. I use a Nexland WaveBase (wireless) unit as my router. I have 3 PC's connected with wireless cards and 1 PC directly connected. All PC’s are running Win XP SP1. I am connected to the Internet via a DSL connection. I already have 2 Web sites setup that work quite well. I use the Apache HTML server. I use a Dynamic DNS service with a dynamic domain name.
This is what I have done so far:
On the Router:
- I reserved an entry on the Host IP & Group screen for the PC to be the server (192.168.0.2); - On the Virtual Server screen, I checked FTP and entered the address 192.168.0.2; - After filling in the Virtual Server entry the Custom Virtual Server had an entry automatically filled in for FTP for 192.168.0.2 with 21 filling for all Port entries;
On the Server:
I installed the server software; called the server "My_FTP'; set it to Listen to Port 21 and with a max number of users = 2; I set it to use Passive Mode IP with a Dynamic IP; then when it came down to the Passive Port assignment I entered 50000 to 50100 (the default was originally 1024 to 65535). I did this because of the following (which came from the Bulletproof site):

Q5 - How to use passive mode with a router ?
When running the ftp server behind a router, the ftp server can only use local ip (10.0.xxx.yyy, 192.168.0.xxx ...).
This causes problems when a client switches to passive mode (PASV) because the ftp server will reply with the internal lan ip; as a consequence the ftp client can not transfer data (no directory listing, no upload / downloads, only commands).

To solve this problem :
1) Go in server option / multi ip settings / passive ip and enter your internet ip (not local, but the one assigned by your isp, check http://www.bpftpserver.com/ip.php to know your ip.
You can also enter your dynamic domain name so that the server resolve it instead of an ip.
2) enter a passive port range 50000-50100 in passive port range option.
3) in your router (hardware or software) create a port range redirection for 50000-50100 to the computer ip running the ftp server.

- Question 1: How do I create the “port range redirection to be 50000-50100” on the router? I think that this Port issue may be my problem area because I don't see the connection between the Port 21 and the assignment of these Passive Ports!! Question 2: Should the WaveBase ports (on the Custom Virtual Server screen) be the same as these? Question 3: Should I enter 21 to 21 for the range of Passive Ports in the software?

- I then set up a user account, with password, with full access to the files of a specified directory on the server;
On a Client:
- I installed FTP client software on one of the other PC's in my LAN and tried to connect by entering the dynamic domain name and the user name and password I created
The Results & Problem:
- As you can see (below are excerpts from the logs) I did manage to connect to the server; however the client cannot see any of the files or directories it should have access to!! Looking at the bottom of the Client log (Connecting to 68.95.142.24 port 50047) my guess is that the client cannot get at this port... is this because I have only set access to port 21 on the WaveBase router??

Question 4: Does anyone have any ideas on what I should change to properly configure my system?? (Any experience out there with the Nexland WaveBase router and BulletProof FTP Server?). I sent an email to Nexland support (now Symantec) but have heard nothing.

*******************
Here are the log files excerpts:
Server Log:
29/11/2003 12:40:53 PM - (not logged in) (68.95.142.24) > USER XXXX
29/11/2003 12:40:53 PM - (not logged in) (68.95.142.24) > 331 Password required for XXXX.
29/11/2003 12:40:53 PM - (not logged in) (68.95.142.24) > PASS ********
29/11/2003 12:40:53 PM - XXXX (68.95.142.24) > logged in.
29/11/2003 12:40:53 PM - XXXX (68.95.142.24) > 230 User XXXX logged in.
29/11/2003 12:40:59 PM - XXXX (68.95.142.24) > CWD /
29/11/2003 12:40:59 PM - XXXX (68.95.142.24) > asked to change directory : 'C:\FTP\ -> C:\FTP\' --> Access allowed.
29/11/2003 12:40:59 PM - XXXX (68.95.142.24) > 250 CWD command successful. "/" is current directory.
29/11/2003 12:40:59 PM - XXXX (68.95.142.24) > PWD
29/11/2003 12:40:59 PM - XXXX (68.95.142.24) > 257 "/" is current directory.
29/11/2003 12:40:59 PM - XXXX (68.95.142.24) > TYPE A
29/11/2003 12:40:59 PM - XXXX (68.95.142.24) > 200 Type set to A.
29/11/2003 12:40:59 PM - XXXX (68.95.142.24) > PASV
29/11/2003 12:40:59 PM - XXXX (68.95.142.24) > 227 Entering Passive Mode (68,95,142,24,195,127).
29/11/2003 12:51:07 PM - XXXX (68.95.142.24) > 421 Connection timed-out !
Client Log:
29/11/2003 12:40:59 PM - XXXX (68.95.142.24) > 227 Entering Passive Mode (68,95,142,24,195,127).
Connecting to dynamic domain name port 21
Connected, waiting for response...
220 My_FTP
USER XXXX
331 Password required for XXXX.
PASS (not shown)
230 User XXXX logged in.
CWD /
250 CWD command successful. "/" is current directory.
pwd
257 "/" is current directory.
TYPE A
200 Type set to A.
PASV
227 Entering Passive Mode (68,95,142,24,195,127).
Connecting to 68.95.142.24 port 50047
Connection timed out

With you running on a DYNAMIC Public IP there really is no way to run your FTP server in a Passive mode effectively unless each and every time your IP changes you go in and set the new public IP up.

Change your setup to not use passive and then just forward Port's 20 & 21 in your router to the PC that is running the ftp server.

Mntsnow,

I just received an email reply from Nexland that seems to be what you are saying "our routers will not support the FTP in Passive Mode you will need to configure your FTP server in Active mode".

The router seems to only accept Port 21 for Internal & External Start & End ports! So I don't know how to deal with Port 20.

I changed the Server to not be in Passive mode and retried... below are the log messages... I still cannot see the files. Any other thoughts?

01/12/2003 2:01:29 PM - XXXX (68.93.226.23) > 257 "/" is current directory.
01/12/2003 2:01:29 PM - XXXX (68.93.226.23) > TYPE A
01/12/2003 2:01:29 PM - XXXX (68.93.226.23) > 200 Type set to A.
01/12/2003 2:01:30 PM - XXXX (68.93.226.23) > PORT 68,93,226,23,5,15
01/12/2003 2:01:30 PM - XXXX (68.93.226.23) > 200 Port command successful.
01/12/2003 2:01:30 PM - XXXX (68.93.226.23) > LIST
01/12/2003 2:01:30 PM - XXXX (68.93.226.23) > 150 Opening data connection for directory list.
01/12/2003 2:01:51 PM - XXXX (68.93.226.23) > 425 Cannot open data connection (10060).
01/12/2003 2:01:51 PM - XXXX (68.93.226.23) > disconnected. (00:00:25)

Just create another entry (manually) for port 20 Unfortunately I cant help to much with the nextland router as I've never used it.

Make sure you have your FTP Client set to not use Passive as well. What are you using for your FTP Client software?

These two pages will be the one's that will help you

http://www.awaremag.com/hardware/nexland/wavebase/virserver.html
and this one to add in the custom port range if you need too
http://www.awaremag.com/hardware/nexland/wavebase/customvirser.html

For FTP Client software, I am using the time trial BulletProof V2.43. I went into the General Options / Firewall / FTP and made sure the Passive mode box was not checked. Under the Firewall / My IP should I check the Dynamically assigned port numbers?

The links you sent for the WaveBase screens are indeed the ones I use... the first one Virtual Servers is where I check for FTP and then enter the IP address (192.168.0.2). Saving the entry on this screen automatically creates an entry on the second screen Custom Virtual Servers for FTP / with the right IP address and with Port 21 filled in for all 4 (Internal & External ; Start & End).

Whenever I try to change the ports, the entry on the first screen (Virtual Servers) disappears; when I reenter that setting the Custom Virtual Servers settings are back to port 21 for all 4!

Any other thoughts?

Just manually setup a rule on the "Custom" page for the other port like this

http://www.xtremepccentral.com/tutorials/nextland.jpg assuming that your ftp server is at the 192.168.0.2 address

Thxs again for the suggestion... however, if I manually enter the entry like you suggest on the Custom Virtual Servers screen, then the entry on the other screen (Virtual Servers) disappears! If I then reenter the entry on the Virtual Servers screen... the entry that I manually entered on the Custom Virtual Servers screen is revised back to 21 for all 4 port entries!!

Do I really need to have the port range set to 20-21 or is it possible to make it work with the 21-21 range?

Subsequent Note:

I just received an email from Nexland/Symantec saying "once you enable Virtual Servers with FTP the router its opening both ports 20 and 21 and Custom Virtual Server will only show port 21 in the List, but both ports are open." So it appears that my ports are properly setup! I assume then that the problem must lie in my setup of either the server or the client, or both. Any ideas on where to start looking?

Cool on the auto setup of both ports by nextland.

let me ask this first....When your testing your not running the server AND the client software on the same system correct?

Also try this ftp client as it's very straight forward and easy to use. and I know it is compatable with the bulletproof server as I personally use it ;)

Just choose "home user" "private/personal use" and enjoy!

http://www.xtremepccentral.com/downloads/ws_ftple.zip

No... I am not using the client on the same PC... I have it on another PC in my home LAN.

I have downloaded the FTP client you suggested. I will try it and let you know what happens.

I loaded the new client and tried it with the result being that I can connect to the server but I still can't see the files in the directory. Given that the client has all rights activated... I was able to switch directories and even create a new directory on the server (test2) but still not ale to see any files!!

Below is the log from the client... I don't understand the 530 PORT command only accepts client IP address issue... the 192.168.0.5 is the local address assigned to the client PC...

Any other thoughts??


230 User XXXX logged in.
CWD /
250 CWD command successful. "/" is current directory.
PWD
257 "/" is current directory.
Host type (I): Microsoft NT
PORT 192,168,0,5,5,237
530 PORT command only accepts client IP address.
! Failed "port":
! Retrieve of folder listing failed (0)
CWD /test
250 CWD command successful. "/test" is current directory.
PWD
257 "/test" is current directory.
PORT 192,168,0,5,5,238
530 PORT command only accepts client IP address.
! Failed "port":
! Retrieve of folder listing failed (0)
PWD
257 "/test" is current directory.
PORT 192,168,0,5,5,239
530 PORT command only accepts client IP address.
! Failed "port":
! Retrieve of folder listing failed (0)
PWD
257 "/test" is current directory.
PORT 192,168,0,5,5,240
530 PORT command only accepts client IP address.
! Failed "port":
! Retrieve of folder listing failed (0)
MKD /test2
257 '/test2': directory created.
PWD
257 "/test" is current directory.
PORT 192,168,0,5,5,241
530 PORT command only accepts client IP address.
! Failed "port":
! Retrieve of folder listing failed (0)
PWD
257 "/test" is current directory.
PORT 192,168,0,5,5,242
530 PORT command only accepts client IP address.
! Failed "port":
! Retrieve of folder listing failed (0)

Ok....have you double checked to make sure you dont have passive enabled in the ws_ftp client for your session as it would seem like you do.

A couple of things to check.

1st. From your c"session properties" choose your connection and then click on the "advanced" tab. there you will find the Passive box. Uncheck it

2nd choose "auto detect" for "host type" on th "general" tab.


If after those we will have to start looking at the server setup ;)

It now works!!!!!

I checked what you last suggested and everything was fine so I went back to the server and looked at the various options that I had chosen... the one that obviously created the problem was Block server-to-server transfer (FXP, FTP bounce attack)... I unchecked this and voila... it works! I checked this option when I was trying to get the FTP site working under passive mode and I neglected to turn it off again...

Thanks for all your help... :):):)

Glad your up and running :)