Here is why it is such a pain to get any Network Address Translator (NAT) routing device like the LinkSys to run FTP - either as a client or server.
I hope you're already aware what a client and a server are. For FTP...Clients
can be programs such as MSIE, Netscape, WS_FTP, CuteFTP, BPFTP, FlashFTP, ftp commandline, etc.Servers
are programs such as ftpd, wu-ftpd, BPFTPServer(G6ftp), Serv-U, IIS, etc.
FTP uses 2 TCP connections (or channels), 1 for control
and one for data
The standard control connection
is TCP port 21.
The default data connection (and extremely rare to see - you can almost forget it exists) is port 20.When an FTP connection is made but listing a directory or sending data fails it is almost ALWAYS the data connection at fault!
This is by far the most common problem encountered in FTP connections.
FTP has 2 modes, PORT
(also called "regular" or "normal" mode) and PASV
("passive" mode for clients behind firewalls).The client determines the mode
that will be used (or attempted as the case may be)...
If the client issues a PORT
command, it is attempting "PORT" mode.
If the client issues a PASV
command, it is attempting "PASV" mode.
If the client does not issue either command, PORT mode is assumed using port 20 for data (again, very rare these days).
mode, the client (yes to CLIENT!) is the server end of the data channel.
mode, the server is the server end of the data channel.The difference between PORT and PASV modes is which end plays "server" for the data channel!If you are going to use FTP regularly, get to know how to read logs and what the PORT and PASV commands do!
Here's some help...Client> PORT 12,34,56,78,65,43
Server> 200 PORT command successful.
In this example of PORT mode the client has said it will be listening on IP address 126.96.36.199 on TCP port 16683 for the data channel.
(Note: the port is the 65,43 pair and is: 65x256 + 43 = 16683).
The client is the server for the data channel so if behind an NAT, port 16683 better be forwarded!Client> PASV
Server> 227 Entering Passive Mode (123,45,67,89,158,26)
In this example of PASV mode the server has said it will be listening on IP address 188.8.131.52 on TCP port 40474 for the data channel.
(Note: the port is the 158,26 pair and is: 158x256 + 26 = 40474).
The server needs this data channel to be forwarded along with the control channel!Important Note - How the LinkSys helps a bit and why your log can fool you:
The LinkSys BEFSRx1 (as of f/w 1.39) translates and then forwards the data port correctly for a PORT command from a client on the LAN - but ONLY IF the command channel is port 21 (the standard ftp command port). THIS IS NOT TRUE ON NON-STANDARD COMMAND PORTS!
This means the client's log will say: PORT 192,168,1,5,9,27
1) The server end will see the 192.168.1.5 LAN address changed to the WAN address.
2) The LinkSys will forward the data port (port 9x256 + 27 = 2331 in this case) to the LAN PC that connected.
These 2 things are done automatically by the LinkSys.Some servers and clients know how to handle FTP modes behind an NAT!
Notice PORT and PASV commands involve an IP address and a port for the data channel.
One problem is the client or server in on a LAN but needs the WAN address to be sent.
The other problem is the client or server needs to have the data channel port forwarded - if it is the server end of the data channel.
Both IP and port ranges is handled by some clients and servers. Here's some I know about:Servers that can do PASV mode behind an NAT firewall:
Serv-UClients that can do PORT mode behind an NAT firewall:
BPFTPBAD NEWS FOR DYNAMIC IPs!
These servers and clients have a setting for the port range that must be forwarded and the IP address to send. Unfortunately, as of this writing, none of these has the ability to change that IP address dynamically (but look for some soon I hope!).
Additional Stuff:FTP and the LinkSys RouterFTP and LinkSys Routers - How Much Interest?Setting Up BPFTPServer to run PASV