XP Pro SP2, Linksys BEFSR41 V.2 (1.46.02)

I have set up about 6 different FTP software servers now. I have tried forwarding ports 20 & 21, just 21, changing to another port number, like 27 and then to 2100, I have forwarded the passive port numbers, etc., etc., etc..

DMZ is NOT an option. I did not buy a router, just to have more pretty lights and have it do nothing else, but even set to DMZ, I still have the same problem.

There is virtually zero help, in a "Hi, stupid, this is step 1" format. Every site, everywhere, assumes that you assume at least part of it.

For example, I read about IIS. Well, is it necessary, if you're using your own FTP server software? You see, no one addresses that. So should I install IIS, even if I want to use Serv-U, for example?

Also, for port 20 and for port 21, what should I use, when doing the forwarding? TCP? UDP? Both?

I do not have any software firewall running. None.

Users cannot connect AT ALL. I get ABSOLUTELY NOTHING on the server software screen. It just sits there (yes, I have the FTP server software running and not disabled).

Users have tried AUTO, GLOBAL, PORT, PASSIVE, all of them, to connect. They have changed the port number every time I did. I reset my router each time a change was made and verified it.

Users have tried three different client software packages and they all have no problem connecting with other FTP sites.

It is my understanding that users need to hit my WAN IP, but I gave them both that and my internal, static IP.

I verified with my provider that they do NOT block port 21 incoming.

I can connect to the server from my own machine (same machine it's running on) and so, I assume LAN access is okay. But outside access is just not happening. There is no connection at all. Zero. It doesn't even say that someone TRIED to connect. The log shows zero about a connection attempt.

Users can ping my router's IP over the Internet.

I can use this machine to browse the web, etc..

I have done everything I can think of, for the past three full days (doing nothing else), to get this thing running. I need help BAD!

Is IIS necessary, when using another installed FTP server package?

Is there some "FTP protocol" that's part of the Windows OS, that I don't have installed?

What can I do to get this thing going? And please, carefully review what I've said here. I am truly not trying to be rude at all, but messages like, "forward your ports" are a waste of time, as I have already done that.

Thanks!

ftp doesn't require any additional protocols. You don't need IIS either.

Your internal IP address is internal - not accessible from the outside. WHich IP address does your FTP software bind to? If it's the internal address that could explain why you can only access from the LAN; but that may depend on the package you are using.

Have you tried without the router at all to rule that out?

as cyberskye said, you don't need IIS.

From the command prompt on your machine do this:

C:\> netstat -an

scroll up and look for an entry that says something like this (periods used as spaces):

Proto.........Local Address...............Foreign Address................State
TCP...........0.0.0.0:21...................0.0.0.0:0.........................LISTENING

This will tell you that the FTP server is listening on port 21 for incoming traffic. It should be the top entry. Also make sure that the built in windows firewall is disabled. XP SP2 comes with it enabled by default.

If your ports are forwarded on your router you can do a packet capture on the FTP server to see if there are connection attempts. A good windows based utility for this is www.ethereal.com. This will also install WinPcap which you'll need. From ethereal do a capture making sure you are not in promiscuous mode and you have selected to update packets in real time. You will see under the Protocol field what type of packets you are getting. If someone tries to connect when you are doing this, you will see FTP packets. This will at least tell you if the connection attempts by your users are reaching your FTP server. If you don't see any FTP traffic then you know that there is a misconfiguration on your router that is dropping or misrouting the FTP connection attempt.

edit: They have made small changes to etheral. When you launch it:

Click Capture -> Interfaces -> Prepare (On the network interface you want - may only have 1) and uncheck Capture in promiscous mode and check update packets in real time.

ftp doesn't require any additional protocols. You don't need IIS either.

Your internal IP address is internal - not accessible from the outside. WHich IP address does your FTP software bind to? If it's the internal address that could explain why you can only access from the LAN; but that may depend on the package you are using.

Have you tried without the router at all to rule that out?

No, I have not tried it without the router. That would involve changing back to dynamic, etc.. But I do not believe that six different server packages would not even see an attempt to hit them, considering that I have tried various port numbers.

As for which IP, as I said above, I gave them both to try and my external IP is confirmed to be correct.

as cyberskye said, you don't need IIS.

From the command prompt on your machine do this:

C:\> netstat -an

scroll up and look for an entry that says something like this (periods used as spaces):

Proto.........Local Address...............Foreign Address................State
TCP...........0.0.0.0:21...................0.0.0.0:0.........................LISTENING

This will tell you that the FTP server is listening on port 21 for incoming traffic. It should be the top entry. Also make sure that the built in windows firewall is disabled. XP SP2 comes with it enabled by default.

If your ports are forwarded on your router you can do a packet capture on the FTP server to see if there are connection attempts. A good windows based utility for this is www.ethereal.com. This will also install WinPcap which you'll need. From ethereal do a capture making sure you are not in promiscuous mode and you have selected to update packets in real time. You will see under the Protocol field what type of packets you are getting. If someone tries to connect when you are doing this, you will see FTP packets. This will at least tell you if the connection attempts by your users are reaching your FTP server. If you don't see any FTP traffic then you know that there is a misconfiguration on your router that is dropping or misrouting the FTP connection attempt.

edit: They have made small changes to etheral. When you launch it:

Click Capture -> Interfaces -> Prepare (On the network interface you want - may only have 1) and uncheck Capture in promiscous mode and check update packets in real time.


I did go into services and disable the Windows Firewall service, which also disables Internet Connection Sharing. I just did that this morning and have not tried to have someone connect again yet. I did that, just in case it's interfering and I don't think (correct me if I'm wrong) that Internet Connection Sharing is needed for this to work. I did have it disabled priot to posting (meaning just turned off), but I kept getting that warning message about being vulnerable at boot up, so I disabled the service completely. Again, when I posted the message originally, I did not disable that yet (the service), but I did have it turned off in Control Panel.

I do NOW (after disabling service) get the following as the first line in the Cerebrus screen...

"Unable to initialize Windows Firewall profile"


Doing a "NETSTAT -AN" does show that the following...

Proto Local Address Foreign Address State
TCP 192.168.1.20:21 0.0.0.0:0 LISTENING

It is not the top entry.

As for "packet attempts", wouldn't the FTP server show someone trying to connect and failing? I will still try what you recommended though. I just downloaded and installed it.

If your ports are forwarded on your router you can do a packet capture on the FTP server to see if there are connection attempts. A good windows based utility for this is www.ethereal.com. This will also install WinPcap which you'll need. From ethereal do a capture making sure you are not in promiscuous mode and you have selected to update packets in real time.



It instaledWinPcap, but does that get called up automatically, when I do what you said in Ethereal? I don't see a separate start menu item for it. Just for Ethereal. Thanks!

I did go into services and disable the Windows Firewall service,

That would probably be the problem - in re-reading your post, you only connected successfully from the machine on which on the ftp server is running - that doesn't mean 'it works from the LAN' it means it works on a single machine.

edit: They have made small changes to etheral. When you launch it:

Click Capture -> Interfaces -> Prepare (On the network interface you want - may only have 1) and uncheck Capture in promiscous mode and check update packets in real time.

Okay, do I want "automatic scrolling"?

I'm a little confused by what I'm looking at here. I have a big screen and then a little one, that shows like, "TCP", etc.. The big screen has all kinds of stuff on it. What exactly am I looking for when someone tries to hit my FTP server?

And btw, if you wish, you can try to hit it. I have it set up Anonymous right now. There's really nothing there. I'm only going to use it for pics and home made movies and stuff and some drivers for friends that work on PC's and might need them. I'm just trying to get it running right now, there is only one file there to download anyway. The FTP is 65.32.212.153 port 21.

The user name uses a cap for the "A", but I doubt it will make a difference. I'm using Cerebrus, which comes right up and detects the WAN IP, etc.. Just let me know here, what time is convenient for you to hit it, if you're willing and I'll leave both the server and the program running for you, just before your log on time. I'm using EST, so let me know what time it will be for me. Today is Sunday. If it will be another day (if you're willing), please let me know that. It is 5 PM right now (EST).

Then, if you can leave a message here, telling me what to do, to see what I need to see, after trying to hit it, I would greatly appreciate it.

Thanks!

That would probably be the problem - in re-reading your post, you only connected successfully from the machine on which on the ftp server is running - that doesn't mean 'it works from the LAN' it means it works on a single machine.

Okay, with all due respect and not meaning to be rude, you are not reading my messages. You are skimming one or two sentences and then replying. This causes me to keep typing the same things over and over. I will use caps this time for emphasis.

I clearly said that I disabled that THIS MORNING.

Now, before you say anything about the Windows Firewall, even though the service was enabled in Administrative Tools, it was TURNED OFF. I HAD NO FIREWALL RUNNING. NONE.

I had the problem ALREADY. I posted that first message, after spending three days trying to get this thing to work, with the SERVICE ENABLED, but the Windows Firewall turned off in Control Panel.

I know you're trying to help and thanks for your time, but PLEASE, read ALL of what I write.

I hope that helped clarify the situation.

I hope that helped clarify the situation.

It did. I had trouble getting through the rambling, I admit - I can tell this is upsetting you.

Best of luck.

New info. I just installed some FTP software on my wife's PC and tried to connect to my FTP server.

If I use the external IP, I cannot connect from her machine.

If I use the internal IP, then I connect fine over the LAN, from her machine.

Because of this, I do not believe that disabling the Windows Firewall/Internet Connection Sharing service in Administrative Tools (which I just did this morning) is blocking my FTP server from working, as was suggested.

I think your intarweb may be broken. Please format your router and try again.

I think your intarweb may be broken. Please format your router and try again.

Intarweb - Intentional misspelling for 'internet' usually used when making fun of people who are technologically impaired

It isn't nice to make fun of people.

I am not technologically impaired. I have been a tech for over 20 years. I have simply never run across this problem before and have never had to set up an FTP server behind a router before. I have other apps that require port forwarding that are running behind my router right now, that I set up. But I've never had the need to set up an FTP server behind a router before now.

It is also not polite to make a joke like that, belittling me and trying to send me on a wild goose chase, to "format my router", when if YOU know what YOU are talking about, then you would know that this has been a VERY BIG issue for MANY, MANY technically savvy people. I have even consulted with a friend of mine, who is extremely good at what he does and is Cisco certified and he threw up his hands. He is not local to me anymore, or he would have come over and checkes it out for me.

Now as for you, you need to understand that when you want information, saying that you know a vast amount of information, means that people skip steps when they respond, because they assume that you know everything except the one thing they happen to say.

You know, I come in here looking for help and because I am very clear about what it is I need, I am ridiculed. That's real nice, especially considering it wasn't me who was ignoring what was said and frankly, if you don't know the answer, or what I could try, then why respond at all? Just to be mean?

It did. I had trouble getting through the rambling, I admit - I can tell this is upsetting you.

Best of luck.

Yes, it is. Very much, since I can't see any reason for this not to work.

I will readily admit that I am not a networking expert. I can set one up home or office easily, but I've never had to set up an FTP server (even office) and I have never had something just utterly fail like this, even after three solid days of working on it. I have set up FTP servers many times on my own systems, but before now, never had a router attached. So this is my first attempt at an FTP server behind a router and from what I have been reading, this is an extremely big issue for many, many people.

I also have not had to use a utility like Etheral before, at least not to capture packets and there is much I can look at and not know what I'm looking for in a utility like that. It is a good thing to learn however.

I can understand the more technical jargon, but I still don't understand why people assume that you know everything, when they respond (not directed toward you). If you did, you wouldn't be asking and I still think there needs to be a "See Dick Run" version put out there, for folks to download and read.

Many might say that if you don't understand these things, you shouldn't be attempting it, but the reality is, no one understands it all, until they do it and even then, there is more to learn. So how does NOT putting the help docs out there help anyone? And why do router screens say the exact opposite of what needs to be done, in whatever information one can find? Why say, "Ext Port", when the docs never use those words and uses "Internal"? This seems to me, to be the highest form of stupidity, since no one can claim that they don't know that the terms are stated differently for the same setting (docs and router screen), every single time.

Anyway, enough whining. :)

And if your other comment was meant as humor, I apologize for coming down on you.

After reading through your posts I'm beginning to believe your router is the culprit. Automatic scrolling isn't important.

In assuming 65.32.212.153 is your router's IP? I'm timing out trying to ping it so is it dynamic or are you dropping ICMP? I'm also timing out trying to connect to it. I suspect that my attempts are not getting to your FTP server.

This is why I had you DL ethereal. What I suggest is to launch the utility, begin a packet capture on the server. Have someon try and connect or try and connect from your wife's computer using the external IP (65.32.212.153). After the connection fails, stop the packet capture. Look through the capture for FTP packets. If you aren't familiar enough with TCP/IP to look through it, save it and I'll give you my e-mail address and I'll look at it. If there are no FTP packets in the capture we know that the problem exists with either your router or ISP.

After reading through your posts I'm beginning to believe your router is the culprit. Automatic scrolling isn't important.

In assuming 65.32.212.153 is your router's IP? I'm timing out trying to ping it so is it dynamic or are you dropping ICMP? I'm also timing out trying to connect to it. I suspect that my attempts are not getting to your FTP server.

This is why I had you DL ethereal. What I suggest is to launch the utility, begin a packet capture on the server. Have someon try and connect or try and connect from your wife's computer using the external IP (65.32.212.153). After the connection fails, stop the packet capture. Look through the capture for FTP packets. If you aren't familiar enough with TCP/IP to look through it, save it and I'll give you my e-mail address and I'll look at it. If there are no FTP packets in the capture we know that the problem exists with either your router or ISP.

First of all, thank you for taking the time to help me.

I went into the other room just now, after getting Ethereal running on this system, so that I could capture the log for you. It took me some time to get back to you, because I am also dealing with a piece of spyware, that shows zero hits for the file name on the Internet, using Google.

But anyway, I went to my wife's machine and proceeded to try to log in through the WAN IP. It connected immediately and I was logged into the server!

The only explanation that I can come up with, is that yesterday, I changed my NIC out, since I had been given a way cool 3Com card, that was better than the SMC I was running. It is set up the same way (Static IP, etc.), but there must have been something going on with that old card, that the router didn't like, since the server never saw the connection attempt. For some reason, I guess the router was not able to forward the packets to my NIC. Strange, considering I could do everything else Internet wise. I'm going to have someone else test it out too. You can try to hit it also, if you wish. 65.35.212.153:21 Anonymous. If you do, please let me know what happens. I'll leave it running. Let me know if you can transfer a file, etc.. Thanks!

Once I get it working for sure, I'll try a different port # and see what happens.

Btw, web browsing, etc., is faster now, with this new card. :)

After reading through your posts I'm beginning to believe your router is the culprit. Automatic scrolling isn't important.


It was the NIC. The FTP server is working fine (see my last message), although I only get about 80-100kbs using different packages. But hey, I won't complain. I would have limited it to that anyway, so it's not a concern. :)

Respice, thank you very kindly for your help! Thank you for taking the time to work with me and rest assured, if there's anything I can ever do to help you, I would be glad to. When it comes to hardware, you'll be hard pressed to find someone better than me, so if you ever have any questions, just email me at giantwaffle@yahoo.com and I'd be glad to do my best to help you troubleshoot something. I can even call you voice at no cost to you, since I have free long distance. :)

Thanks again buddy! I greatly appreciate your time and effort!

Dave

It was the NIC. The FTP server is working fine (see my last message), although I only get about 80-100kbs using different packages. But hey, I won't complain. I would have limited it to that anyway, so it's not a concern. :)

Dave

I am having a new problem. Speeds are dropping like a rock and sometimes it disconnects. Could this be the port number I'm using? Which port would be the best one to use, for FTP, besides 21? I don't wish to have every kind on the Internet block trying to hack my system. :)

Thanks!

Let's take a look. Some of the following questions should help us.

1) What type of Internet connection do you have? DSL or Cable?

2) Are you sharing the Internet connection with anything else besides the FTP server?

3) What version of firmware is your Linksys router Running?

4) Under Applications and Gaming is a QoS tab. Can you set FTP priority to high?