Synchronet v3.17b-Win32 (install) has been released (Jan-2019).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
faq:tcpip [2018/06/05 21:45]
digital man Added FAQ for SSH error: importing session key to protect private key
faq:tcpip [2019/01/17 16:17] (current)
digital man [FTP NAT] Fixed typos. Removed stale info.
Line 31: Line 31:
 |SSH         |22 |- |For SecureShell logins (recommended)| |SSH         |22 |- |For SecureShell logins (recommended)|
 |RLogin  ​       |513 |- |Optional for quick-login from RLogin clients (e.g. SyncTERM)| |RLogin  ​       |513 |- |Optional for quick-login from RLogin clients (e.g. SyncTERM)|
-|SMTP  ​       |25 |- |Necessary for receiving Internet e-mail ​and inter-BBS instant messages|+|SMTP  ​       |25 |- |Necessary for receiving Internet e-mail |
 |Submission ​    ​|587 |- |Necessary for users to send Internet e-mail through the BBS from a standard e-mail client| |Submission ​    ​|587 |- |Necessary for users to send Internet e-mail through the BBS from a standard e-mail client|
 +|Submission/​TLS |465 |- |Necessary for users to send Internet e-mail through the BBS from a standard e-mail client using TLS((encrypted communications over TCP))|
 |POP3  ​       |110 |- |Allows BBS users to check their e-mail using standard Internet mail clients (e.g. Outlook Express)| |POP3  ​       |110 |- |Allows BBS users to check their e-mail using standard Internet mail clients (e.g. Outlook Express)|
 +|POP3/​TLS ​      ​|995 |- |Allows BBS users to check their e-mail using standard Internet mail clients (e.g. Outlook Express) using TLS|
 |FTP         |21 |- |Allows access to the BBS file/​download areas using a standard FTP client or web browser| |FTP         |21 |- |Allows access to the BBS file/​download areas using a standard FTP client or web browser|
 |HTTP  ​       |80 |- |Required for access to the BBS's web server| |HTTP  ​       |80 |- |Required for access to the BBS's web server|
 +|HTTPS  ​       |443 |- |Required for secure access to the BBS's web server using TLS|
 |NNTP  ​       |119 |- |Allows BBS users to read and post messages using standard news readers/​clients| |NNTP  ​       |119 |- |Allows BBS users to read and post messages using standard news readers/​clients|
 |Gopher  ​       |70 |- |Archaic protocol allows reading of messages and other BBS info| |Gopher  ​       |70 |- |Archaic protocol allows reading of messages and other BBS info|
 |IRC         |6667 |- |Allows Internet Relay Chat (IRC) clients to connect to your BBS| |IRC         |6667 |- |Allows Internet Relay Chat (IRC) clients to connect to your BBS|
-|Finger  ​       |79 |79 |Allows remote querying of BBS user info, who's online, and other BBS info| +|Finger  ​       |79 | |Allows remote querying of BBS user info, who's online, and other BBS info| 
-|SYSTAT  ​       |11 |11 |Allows remote querying of who's online (aka Active Users)| +|SYSTAT  ​       |11 |11 |Allows remote querying of who's online (aka Active Users) ​required for [[module:​sbbsimsg|inter-BBS instant messaging]]
-|QOTD  ​       |17 |17 |Allows remote querying of the current auto-message (aka Quote Of The Day)+|MSP         |18 |  |Allows incoming ​[[module:​sbbsimsg|inter-BBS instant messages]]| 
-|MSP         |18 |18 |Allows incoming inter-BBS instant messages ​without SMTP connectivity|+|WS             ​|1123 ​  ​| ​      ​|WebSocket Service - to support the [[http://​ftelnet.ca|fTelnet web browser-based terminal]] | 
 +|WSS            |11235 ​ |       ​|WebSocket Secure Service - to support the [[http://​ftelnet.ca|fTelnet web browser-based terminal]] over TLS |
  
 Enabling connectivity to Synchronet through your firewall is no different than enabling connectivity to any other TCP/IP server. Follow your firewall documentation for forwarding or opening ports for TCP/IP servers located "​behind"​ the firewall. Your firewall may have the option of placing the entire BBS computer in a "​DMZ"​ (opening all its ports to the public Internet), but doing so is not normally recommended. ​ Enabling connectivity to Synchronet through your firewall is no different than enabling connectivity to any other TCP/IP server. Follow your firewall documentation for forwarding or opening ports for TCP/IP servers located "​behind"​ the firewall. Your firewall may have the option of placing the entire BBS computer in a "​DMZ"​ (opening all its ports to the public Internet), but doing so is not normally recommended. ​
Line 203: Line 207:
 [[http://​www.ncftpd.com/​ncftpd/​doc/​misc/​ftp_and_firewalls.html|This document]] contains the technical details about how and why and the recommended solutions. ​ [[http://​www.ncftpd.com/​ncftpd/​doc/​misc/​ftp_and_firewalls.html|This document]] contains the technical details about how and why and the recommended solutions. ​
  
-**Note**: Most web browsers ​(e.g. //Microsoft Internet Explorer//) use passive ​FTP transfer mode by default. ​+**Note**: Most web browsers ​use //passive// FTP transfer mode by default, though this may be configurable
  
-**Note**: Some FTP clients (e.g. the Windows command-line FTP client, ''​ftp.exe''​) only support active mode transfers. ​+**Note**: Some FTP clients (e.g. the Windows command-line FTP client, ''​ftp.exe''​) ​//only// support ​//active// mode transfers. ​
  
-Enabling the logging of FTP data channel activity can help diagnose these kinds of problems. This can be done by adding the ''​DEBUG_DATA''​ option to the ''​Options''​ value in the ''​[FTP]''​ section of your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file or by checking the //Data Channel Activity// checkbox in the //Log// tab of the FTP Server Configuration dialog in the Synchronet Control Panel for Win32.  +Enabling the logging of FTP data channel activity can help diagnose these kinds of problems. This can be done by adding the ''​DEBUG_DATA''​ option to the ''​Options''​ value in the ''​[FTP]''​ section of your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file or by checking the //Data Channel Activity// checkbox in the //Log// tab of the FTP Server Configuration dialog in the Synchronet Control Panel for Windows
- +
-If you're having problems with passive transfers and you're seeing +
-  !UNSUPPORTED COMMAND from username: '​P@SW'​ +
-in your FTP server log/window output, you're probably using an //SMC Barricade// router (see [[http://​www.gbnetwork.co.uk/​smcftpd/​|this document]] for details). Upgrade to Synchronet v3.13a (FTP Server Revision 1.296) or later to work-around this problem with this device+
  
 If you're having problems with passive (PASV) transfers through your NAT/​firewall device and you're running Synchronet v3.13a (FTP Server Revision 1.296) or later: ​ If you're having problems with passive (PASV) transfers through your NAT/​firewall device and you're running Synchronet v3.13a (FTP Server Revision 1.296) or later: ​
-If the remote client is attempting to connect to your [[#private IP]] address (your NAT device isn't translating the PASV response from the FTP server) and you have a static [[#public IP]] address, you can work-around this limitation of your NAT device by using the ''​PasvIpAddress''​ value in the ''​[FTP]''​ section of your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file to specify your [[#public IP]] address. ​+If the remote client is attempting to connect to your [[#private IP]] address (your NAT device isn't translating the PASV response from the FTP server) and you have a static [[#public IP]] address, you can work-around this limitation of your NAT device by using the ''​PasvIpAddress''​ value in the ''​[FTP]''​ section of your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file to specify your IPv4 [[#public IP]] address. ​
  
 This problem can be identified (on the client) by finding a comma-separated [[#private IP]] address in the PASV response received from the FTP server (in response to a directory or file transfer request from the client). ​ This problem can be identified (on the client) by finding a comma-separated [[#private IP]] address in the PASV response received from the FTP server (in response to a directory or file transfer request from the client). ​
Line 236: Line 236:
 If you have a dynamically-assigned IP address (via DHCP), then your IP address may change at some point, so setting the ''​PasvIpAddress''​ to a specific IP address may not be a long term solution for your FTP Server. In Synchronet v3.14a and later, you can enable the new //Lookup Passive IP// feature by checking the //Lookup// checkbox on the //Passive// tab of the FTP Server Configuration Dialog in [[monitor:​SBBSCTRL]]-Win32,​ or by adding ''​LOOKUP_PASV_IP''​ to the Options value in the ''​[FTP]''​ section of your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file. This option instructs the Synchronet FTP Server to perform a DNS hostname lookup on your BBS's public hostname and use the resulting IP address (which should be your BBS's [[#public IP]] address) in passive responses. ​ If you have a dynamically-assigned IP address (via DHCP), then your IP address may change at some point, so setting the ''​PasvIpAddress''​ to a specific IP address may not be a long term solution for your FTP Server. In Synchronet v3.14a and later, you can enable the new //Lookup Passive IP// feature by checking the //Lookup// checkbox on the //Passive// tab of the FTP Server Configuration Dialog in [[monitor:​SBBSCTRL]]-Win32,​ or by adding ''​LOOKUP_PASV_IP''​ to the Options value in the ''​[FTP]''​ section of your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file. This option instructs the Synchronet FTP Server to perform a DNS hostname lookup on your BBS's public hostname and use the resulting IP address (which should be your BBS's [[#public IP]] address) in passive responses. ​
  
-If your firewall cannot dynamically open/​forward FTP PASV data ports for incoming passive FTP data connections,​ you can specifiy ​a limited range of TCP port numbers to use for passive transfers by modifying the PasvPortLow and PasvPortHigh values in the ''​[FTP]''​ section of your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file. You will of course need to configure your firewall device to open/​forward these ports to your FTP server. ​+If your firewall cannot dynamically open/​forward FTP PASV data ports for incoming passive FTP data connections,​ you can specify ​a limited range of TCP port numbers to use for passive transfers by modifying the PasvPortLow and PasvPortHigh values in the ''​[FTP]''​ section of your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file. You will of course need to configure your firewall device to open/​forward these ports to your FTP server. ​
  
 ===== Bind ===== ===== Bind =====

In Other Languages