Overclock.net banner

1 - 7 of 7 Posts

·
Registered
Joined
·
294 Posts
Discussion Starter #1
hi, i am trying to run 2 FTP servers from my house, one on each computer. i am using filezilla server

my first server works perfectly fine on typical ftp port 21.
for my other server i'm using port 6001, and whenever i try to connect to it, it asks me for my username and password, i type them in and wait about 5 or so seconds and get this error:


before you ask, i have done the following:
-set filezilla to listen on port 6001
-forwarded port 6001 to the correct computer
-allowed filezilla through my firewall
-tried disabling the firewall
-tried disabling antivirus

this one has me stumped, i've tried everything i can think of
 

·
Registered
Joined
·
294 Posts
Discussion Starter #4
Quote:

Originally Posted by GH0 View Post
If you set that FTP server back to it's default port, does the issue still exist?
as said in the original post
a)i have another ftp server that works perfectly fine on port 21
b)i can't use port 21 for this 2nd server, seeing as it is already taken
 

·
Premium Member
Joined
·
4,484 Posts
Quote:

Originally Posted by blatsha92 View Post
as said in the original post
a)i have another ftp server that works perfectly fine on port 21
b)i can't use port 21 for this 2nd server, seeing as it is already taken
So turn off the first server temporarily and then try the second server on port 21 just to verify it works....

----

Alternatively, leave your second server to listen on port 21, and then configure settings on your router to NAT port 6001 to port 21.
 

·
Registered
Joined
·
390 Posts
The FTP port (default 21) it's used only to start the connection. all the data transfer is done using another connection (data connection) opened on another port. If the ftp mode is 'active' (the usual standard) the data connection is started by the server to the client. If the ftp mode is 'passive', the data connection is started by the client to the server on a random port specified by the server on the other connection.

Usually, commercial routers are configured to recognize the data connection to the random port as 'related' to the control connection on the port 21, and to allow it.

If your second ftp server isn't configured on port 21, it's possible that the data connection may be blocked.
 

·
Registered
Joined
·
2 Posts
Pippolo was correct with regard to ACTIVE FTP communication, but most FTP connections are PASSIVE (PASV). For the ACTIVE FTP to work properly, the client side firewall would need to be configured to allow incoming FTP connections (similar to the server side), as the server side is initiating the connection.

The OP is likely doing a PASV FTP connection to the secondary server on the non-standard port and the connection is being NAT'd through a firewall.

PASV FTP communication occurs in the following fashion:

1. Client initiates control connection over specific port (usually 21, but in this case, 6001)

2. Authentication occurs over the specified port, then a PASV response is sent back to the client, telling it how to initiate the data connection (which IP and port to use)

3. This is the critical part that is tricky.. the PASV response packet, by default, consists of the INTERNAL IP of the FTP server and the port that the client needs to make the connection over. This is dynamically done and how we facilitate many users accessing the same FTP site.

4. However, in an FTP connection, the firewall must be "aware" and modify the PASV response packet by changing the internal IP to the external NAT'ed IP that it is being translated to externally. The firewall is also responsible for allowing access over the dynamic port that the FTP server requested in the PASV response packet.

5. The problem is most lower-grade firewalls only perform this FTP packet inspection and modification on the standard default FTP port of 20 or 21

6. When this happens, the client gets the response but is told to initiate the data connection to the INTERNAL IP address of the FTP server over the dynamic port. Obviously, this is going to be an issue, since the client will not be able to hit the internal IP and will fail the connection.

In order to make this type of FTP configuration work to the same external IP, the firewall needs to be configured to inspect and modify the PASV response packet over the non-standard port. In this case, 6001.
 
1 - 7 of 7 Posts
Top