Ftp – Problems accessing FileZilla FTP Server from static IP

ftpport-forwarding

I'm trying to connect to my FTP server from my external IP address on Comcast Business.

On the gateway I've set up port-forwarding on ports 20-21 to my server. Additionally I've forwarded ports 7000-8000 to my server for use in passive mode.

In my FileZilla Server application I've set up passive mode to use my static IP and to use the subset of ports listed above.

Unfortunately, it doesn't work through the external static IP for some reason, but I can internally.

When I try to connect through static IP, the FileZila monitor says

Connected, sending welcome message....
220 FileZillaServer version 0.9.37 beta
could not send reply, disconnected

My firewall doesn't register any block events and windows firewall is disabled. What am I doing wrong or missing?

Best Answer

What you are trying to do generally won't work without reconfiguration on the firewall/NAT device.

The traffic flow for your current setup would basically goes as follows (using example IP's):

Internal Client IP: 10.0.0.100
Internal FTP IP: 10.0.0.1
External FTP IP: 1.2.3.4

Internal client (10.0.0.100) opens an FTP connection (port 21) to 1.2.3.4
Internal client sends traffic to default gateway/firewall
Firewall has a rule that sends port 21 traffic to 10.0.0.1 and sends the traffic to 10.0.0.1 sending it with a true source address of the client IP (10.0.0.100)
FTP server sends response back directly to 10.0.0.100 with source address 10.0.0.1 and never goes back out the firewall since it sees the local source address.
Internal client is expecting FTP traffic to come back with source 1.2.3.4 and discards response from 10.0.0.1
FTP connection times out

You would need to setup or enable a hairpin NAT rule (or NAT reflection, or other various terms depending on the manufacturer) on the firewall in order to establish the NAT session to the external interface before having the traffic come back in. The Comcast device may have an option to enable NAT reflection but not having worked with them before, I can't say for certain if they do or not.

The real question is why are you trying to do it this way? If you're just trying to test, then use a true external client (either have a friend test or setup an external client). If you're trying to do it this way moving forward, then just go directly using IP or a split-DNS solution.

Related Solutions

Ftp – Passive mode for FileZilla FTP isn’t working

I suggest you try to locally on the server using Windows' FTP or another installed client. This way you will see if it's network/firewall issue or an issue with the configuration of the FTP server. Also check Filezilla server's log files if the commands.

If it depends on the firewall, here is a TechNet article that could help: How to Configure Windows Firewall for a Passive Mode FTP Server. But you wrote that the Windows firewall is off, so I suppose it is a problem of the external firewall/router (also check the client side).

Linux – FTP server timeouts on passive, I can only use active

As far as I see, you are connecting to your internal ip (192.168.1.53) but the server gives its external IP (71.127.90.47) according to MasqueradeAddress directive. You are also using TLS, that's why the router may not be able to track the FTP connection.

I had the same problem with my pureftpd server and worked it around with launching two different addresses to announce (like MasqueradeAddress in your case) one for internal zone and one for external (external address is being staticaly NATed be ciso router). These server processes listen to different ports (10021 and 20021). I also added these strings to my iptables config:

-A PREROUTING -i eth0 -p tcp -m tcp --dport 21 -j REDIRECT --to-ports 10021
-A PREROUTING -i eth1 -p tcp -m tcp --dport 21 -j REDIRECT --to-ports 20021

As you see, all requests from internal networ are redirected to "local" server and all others are redirected to "internet" server.

I hope, I understood the problem right and my explanation is clear enough.

P.S. About FTPtest.net. I also tested my server with this tester, but it hav very strict rules. My tests passed with http://www.net2ftp.com/

Best Answer

Related Solutions

Ftp – Passive mode for FileZilla FTP isn’t working

Linux – FTP server timeouts on passive, I can only use active

Related Topic