Both sides previous revisionPrevious revision | Next revisionBoth sides next revision |
faq:tcpip [2019/01/01 23:53] – Added WS & WSS, removed some unused UDP ports. Added SMTP-Submission/TLS and POP3 over TLS ports. digital man | faq:tcpip [2019/01/17 16:17] – [FTP NAT] Fixed typos. Removed stale info. digital man |
---|
[[http://www.ncftpd.com/ncftpd/doc/misc/ftp_and_firewalls.html|This document]] contains the technical details about how and why and the recommended solutions. | [[http://www.ncftpd.com/ncftpd/doc/misc/ftp_and_firewalls.html|This document]] contains the technical details about how and why and the recommended solutions. |
| |
**Note**: Most web browsers (e.g. //Microsoft Internet Explorer//) use passive FTP transfer mode by default. | **Note**: Most web browsers use //passive// FTP transfer mode by default, though this may be configurable. |
| |
**Note**: Some FTP clients (e.g. the Windows command-line FTP client, ''ftp.exe'') only support active mode transfers. | **Note**: Some FTP clients (e.g. the Windows command-line FTP client, ''ftp.exe'') //only// support //active// mode transfers. |
| |
Enabling the logging of FTP data channel activity can help diagnose these kinds of problems. This can be done by adding the ''DEBUG_DATA'' option to the ''Options'' value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file or by checking the //Data Channel Activity// checkbox in the //Log// tab of the FTP Server Configuration dialog in the Synchronet Control Panel for Win32. | Enabling the logging of FTP data channel activity can help diagnose these kinds of problems. This can be done by adding the ''DEBUG_DATA'' option to the ''Options'' value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file or by checking the //Data Channel Activity// checkbox in the //Log// tab of the FTP Server Configuration dialog in the Synchronet Control Panel for Windows. |
| |
If you're having problems with passive transfers and you're seeing | |
!UNSUPPORTED COMMAND from username: 'P@SW' | |
in your FTP server log/window output, you're probably using an //SMC Barricade// router (see [[http://www.gbnetwork.co.uk/smcftpd/|this document]] for details). Upgrade to Synchronet v3.13a (FTP Server Revision 1.296) or later to work-around this problem with this device. | |
| |
If you're having problems with passive (PASV) transfers through your NAT/firewall device and you're running Synchronet v3.13a (FTP Server Revision 1.296) or later: | If you're having problems with passive (PASV) transfers through your NAT/firewall device and you're running Synchronet v3.13a (FTP Server Revision 1.296) or later: |
If the remote client is attempting to connect to your [[#private IP]] address (your NAT device isn't translating the PASV response from the FTP server) and you have a static [[#public IP]] address, you can work-around this limitation of your NAT device by using the ''PasvIpAddress'' value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file to specify your [[#public IP]] address. | If the remote client is attempting to connect to your [[#private IP]] address (your NAT device isn't translating the PASV response from the FTP server) and you have a static [[#public IP]] address, you can work-around this limitation of your NAT device by using the ''PasvIpAddress'' value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file to specify your IPv4 [[#public IP]] address. |
| |
This problem can be identified (on the client) by finding a comma-separated [[#private IP]] address in the PASV response received from the FTP server (in response to a directory or file transfer request from the client). | This problem can be identified (on the client) by finding a comma-separated [[#private IP]] address in the PASV response received from the FTP server (in response to a directory or file transfer request from the client). |
If you have a dynamically-assigned IP address (via DHCP), then your IP address may change at some point, so setting the ''PasvIpAddress'' to a specific IP address may not be a long term solution for your FTP Server. In Synchronet v3.14a and later, you can enable the new //Lookup Passive IP// feature by checking the //Lookup// checkbox on the //Passive// tab of the FTP Server Configuration Dialog in [[monitor:SBBSCTRL]]-Win32, or by adding ''LOOKUP_PASV_IP'' to the Options value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file. This option instructs the Synchronet FTP Server to perform a DNS hostname lookup on your BBS's public hostname and use the resulting IP address (which should be your BBS's [[#public IP]] address) in passive responses. | If you have a dynamically-assigned IP address (via DHCP), then your IP address may change at some point, so setting the ''PasvIpAddress'' to a specific IP address may not be a long term solution for your FTP Server. In Synchronet v3.14a and later, you can enable the new //Lookup Passive IP// feature by checking the //Lookup// checkbox on the //Passive// tab of the FTP Server Configuration Dialog in [[monitor:SBBSCTRL]]-Win32, or by adding ''LOOKUP_PASV_IP'' to the Options value in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file. This option instructs the Synchronet FTP Server to perform a DNS hostname lookup on your BBS's public hostname and use the resulting IP address (which should be your BBS's [[#public IP]] address) in passive responses. |
| |
If your firewall cannot dynamically open/forward FTP PASV data ports for incoming passive FTP data connections, you can specifiy a limited range of TCP port numbers to use for passive transfers by modifying the PasvPortLow and PasvPortHigh values in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file. You will of course need to configure your firewall device to open/forward these ports to your FTP server. | If your firewall cannot dynamically open/forward FTP PASV data ports for incoming passive FTP data connections, you can specify a limited range of TCP port numbers to use for passive transfers by modifying the PasvPortLow and PasvPortHigh values in the ''[FTP]'' section of your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file. You will of course need to configure your firewall device to open/forward these ports to your FTP server. |
| |
===== Bind ===== | ===== Bind ===== |