Hi. I've been trying to run a FTP server on my computer, but besides the fact that it works perfect connecting as localhost, my friends couldn't connect to my server so far.

After talking to a friend, he told me that my DSL provider (I have someone that I'm calling DSL provider that offers me a physical connection, and what I'll call account provider that offers me a Login and Password) is setting some of my ports as STEALTH!!! I really can't believe that!!! I thought that all port status would depend only of my firewall configurations... IS THAT REALLY POSSIBLE? I turned my firewall OFF, and made a test, and my port 21 and 80 were really appearing as STEALTH!!! I can't understand it.

If it's possile, like it seems, please, someone explain to me how a port status, that for me means a port in my PC, my computer, can have a status that doesn't depend on my computer, meaning that it depends on my DSL provider????

Secound, if it's really possible, HOW can I change it? How can I make the DSL provider doesn't have any control of my connection status? How can I change my FTP port status to make it possible to run a FTP server that people CAN connect??

That's it.. I really hope that my friend was wrong otherwise it'll be one more trouble in my computer/life to fix...

Thanks.

Have you checked the settings on you dsl router? From the isps ive had, cable modems are usually transparent, meaning that your pc is actually given the external ip address and the modem doesnt even appear to be there as far as the network is concerned. The dsl isp ive used are different. The "modem" they give you is actually a router that can usually be accessed by putting in a certain local ip address. The router keeps the external ip and gives your pc a local one. When in that configuration you router would actually be what is affecting the status of you ports bc when an external pc attempts to connect to your external ip it is the router it hits and not your pc. The way around that is either to enable port forwarding for those ports on your router or to enable dmz for the particular local ip address for your pc with the server daemons running.

Ok. I think you are right. So, who is blocking or changing the PORTS status isn't my DSL provider, but the MODEM i'm using. It's just like you said.. I have a MODEM, and this modem is accessed by a IP address 10.0.0.138. I didn't configure it as a ROUTER, but instead I configured it as a BRIDGE. I'll try to access again the MODEM configuration page and see if there is any available configuration otion about PORTS. If there is, then I'll be able to revert it, and set it as a free conection, or maybe just change the port 21 configuration. But I think the best option is to set it free and make the restrictions in my firewall, don't you think? Or it would become much unsecure? What do you think? Having a modem port free or not changes anything? Like, the real connection will occur only in my PC (there is no router, SWiTCH, HUB), so the restrictions being in the modem or in the PC, I think makes no difference.
Thank you A LOT.

Please, take a look at some of the options I found accessing my MODEM DSL. It seems that there ISN'T any special parameter about ports 21 and 80 (the ones I tested).


IP Routing Table
Destination Label Gateway Intf Metric
169.254.141.11/32 - 169.254.141.11 eth0 0
255.255.255.255/32 - 10.0.0.138 eth0 0
10.0.0.138/32 - 10.0.0.138 eth0 0
127.0.0.1/32 - 127.0.0.1 loop 0
10.0.0.0/24 - 10.0.0.138 eth0 0
169.254.0.0/16 - 10.0.0.138 eth0 0
224.0.0.0/4 - 10.0.0.138* eth0 0


Network Address Port Translation (NAPT)
There are no NAPT entries defined!


DHCP
AUTO DHCP


Configuration
Item Description
Region World
Provider Basic
Service Name Bridged Ethernet
Service Description User specified Bridged Ethernet configuration ---------------------using a fixed IP address for the host PC(s).
Last Configured Configuration set by Embedded Wizard


IP address table
Intf Address/Netmask Type Translation
eth0 169.254.141.11/16 Auto none
eth0 10.0.0.138/24 User none
loop 127.0.0.1/8 Auto none



Product Name = SpeedTouch 510
Vendor Name = THOMSON
Software Version = 4.2.7.16.0
Serial Number = 0403HG6TA
CLI Version = 1.2.0
Bootloader Version = Not retrievable
ASIC Version = 1b01
Board Name = ADNT-Q
Modem Label Version = 2.11.36

Interface name = eth0
Physical address = 00:90:d0:bd:f7:1c
Physical Interface
Mode = forwarding
Auto Negotiation = Yes
Type = 100BaseTFD
kBytes Tx/Rx = 3998887 / 663801
Frames Tx/Rx = 5446126 / 5171624
Discarded frames = 19006

DSL Flavour = ADSL over POTS
Reserved Bandwidth (kbit/s) up/down = 128 / 1184
Uptime = 15d 00:43
kBytes Tx/Rx = 945255 / 4707407
Properties
Statistics


I TRIED TO POST SOME PICTURES HERE... BUT THE CONTROL PASTE DIDN'T WORK. ISN'T IT POSSIBLE TO POST IMAGES?

Does your computer have a public IP address? If yes, and other services are working normally, it is quite possible that either your DSL provider or login provider (depending on their network setup) is blocking inbound traffic to port 21 and 80. Blocked ports often show as STEALTH from the outside. Have you tried reconfiguring your ftp server to listen on a port above 2000?

My DSL provider recently started blocking inbound traffic to port 443 (and others below 1024) without announcement, blocking various remote access features I had set up for my family. Port 443 now shows as STEALTH to the outside. We are complaining loudly to get this block lifted. Meanwhile I have reconfigured Apache to listen on a port above 2000 which is unblocked.

Yes. It's just like you're saying. I've just got the confirmation that my DSL provider, here in Brazil, is blocking the ports 21, 23, 80, and a few others. They are allowing access to this ports only in the business service... So, I did change my ftp port to 8888. Now it's working (I've tested it under windows only so far). I'll see if it will work under linux later, because I'm getting a file right now (500MB left). I think that I just need to add the line: "listen_port=8888" to my vsftpd configuration file to make it work using a different port.
As I told you guys before my ftp server was working perfectly a few years ago. They must have blocked these ports recently.

Answering your question, my IP address is dynamic, so it changes itself everytime I restart my connection. I believe this is what you're calling public IP.

At least, this discussion was good to two thing:
1) Now I know that my DSL provider is blocking stuff here in my connection, and that my connection has a few limitations.
2) I learned that ports can have a different status/configuration of the ones that were set in my firewall. It's new to me that any DSL provider has such a power. I thought ports were related only to someone's ethernet configuration board.

Thank you.