Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
 ·TekSavvy Solutions..
4 edits |  How to setup FTP server behind LinkSys ?
FTP can operate in two modes, Active and Passive. For detailed explanation of these modes read the Active FTP vs. Passive FTP, a Definitive Explanation article.
In order to be able to run FTP server behind NAT device (Gateway Mode of the LinkSys router) the router needs to have FTP ALG (Application Layer Gateway) algorithms implemented to correctly translate external to internal IP addresses (and vice versa) and open necessary ports for additional data communication (especially in Passive mode). Unfortunately LinkSys's FTP ALG is only partially implemented and for passive mode additional configuration is needed.
Here's what needs to be done:
1) Make sure your ISP is not blocking port 21
2) Assign your FTP Server PC a static IP address
FAQ: »Linksys FAQ »How do I set a fixed/static IP address on a LAN PC?
3) Turn off any software firewall you may have on your PC
Or at least make sure that you open it for FTP communication. If running Windows XP don't forget that the Windows firewall is ON by default and you need to turn it off (or open for FTP).
4) Get yourself a "NAT friendly" FTP server
NAT friendly FTP server is a server which has a configuration options for WAN IP and Passive port range. Such FTP servers are GuildFTPd, BFTP, Serv-U for Windows or vsftpd for Linux. (I'm sure there are many more).
IIS is not NAT friendly!
5) Find out your WAN IP address
by clicking here »checkip.dyndns.org
6) In your router forward port 21 and range of ports for passive connections to your FTP server PC
For passive range pick any continuous range above port 1024. You need as many ports as many concurrent connections you're expecting at any given time plus some reserve (due to NAT timeouts) I'd say about 25-50%.
You don't need to forward port 20.
7) Configure your FTP server
With the same range for passive connections as you've just forwarded on the router.
Also configure your FTP server with your WAN IP address.
8) Test your FTP server from LAN and WAN side
To test it from WAN side ask your friend to log in or run this Security Scan and you should see FTP response on port 21.
From LAN side you can use command line ftp client or any other client. Note, that Passive mode will not work from LAN side!
9) Enjoy 
Here is an example with LinkSys WRT54G and GuildFTP.
Assuming that my router is on default IP 192.168.1.1, my FTP server PC is on 192.168.1.2 address.
My example WAN IP is 100.100.100.100.
I'm expecting 100 concurrent connections therefore I'm going to forward 125 ports (5000 to 5125).
LinkSys Port Forwarding
Port forwarding for port 21 can be done on Port Forwarding or UPnP Forwarding page on some LinkSys models.
The port range for passive is just an example and can be modified as you want.
GuildFTP Advanced Setup
Note the WAN IP and the Passive range.
10) Dynamic DNS
- Instead of WAN IP in 8) you can use your FQDN (Fully Qualified Domain Name) if you have one. This is especially useful when your WAN IP is Dynamic and it's changing from time to time. There are few threads that describe how to setup DDNS (Dynamic DNS).
- Additional recommended threads:
»REFERENCE: FTP Modes and Ports
»HOW TO: vsftpd, linux and linksys router
»What is a DMZ ?
Note, this all info above is valid as of today. Things may change if LinkSys decides to improove their FTP ALG some day.
My special thanks to Bill_MI  |
