Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 11-04-2003, 02:33 AM   #1
Registered: Sep 2003
Location: Belgium
Distribution: SUSE10.1
Posts: 40

Rep: Reputation: 15
Unhappy FTP ports


I have set up a FTP server on my Linux machine (RH 7.3) But now I have a problem.

I have a router before entering my domain. So this is easy for me to change routing of the ports. Because my ISP is blocking every port from1 -> 1024 I needed to change the router port for the ISP on 2121 and then route it to 21 internally.

This is probably no problem. I'm able to connect internally and externally to my FTP server (ext. port 2121, int port 21). I have only a problem with coming from external. The FTP program is prompting for a password (so that means I'm connected) but then I cannot do a list.

My question is now: Do I need to configure something on my router, ... to make sure I'm able to do a list. Is that on a other port that this list is send.

Regards peter-Jan
Old 11-04-2003, 05:12 AM   #2
Registered: Oct 2003
Distribution: Slackware
Posts: 388

Rep: Reputation: 30
Read the old threads in this forum about ftp problems.

The FTP protocol was designed in the 1970's before anyone used firewalls or NAT connection sharing.

By default, to transfer a diretory listing or a file the ftp server opens a connection back to the computer running the FTP client. This dosn't work when the client is firewalled or behind a connection sharing system. A few of the better hardware NAT routers such as zxyel will sniff ftp connections and automatically forward incoming data connections.

The alternative is to set the FTP client to use passive mode. In this case
the client opens another connection to get the listing/data. Passive mode to your server won't work because it will use a different port number (not port 21).

Forwarding port 20 sometimes allows ftp servers behind NAT to support passive mode. It depends on the exact behaviour of the ftp server.

In you case since your isp will block a connection to port 20 you will have to figure out how to get your ftp server to accept data connections on a high port number and forward that port as well.

This reminds me. Using a linux box as a connection sharing machine, an old ipchains based distro could let ftp clients use active mode with a module.
How can you make that work when doing NAT with iptables?
Slackware 8.1 in my case.

Edit: As Hw-tph says, the ftp data port is usually port 20.

Last edited by zaphodiv; 11-04-2003 at 09:27 PM.
Old 11-04-2003, 07:58 AM   #3
Senior Member
Registered: Sep 2003
Location: Sweden
Distribution: Debian
Posts: 3,032

Rep: Reputation: 58
tcp/22 is used by SSH, not FTP. The port for ftp-data (classic, non-PASV mode) is 20 while the FTP command channel is on 21.

Set a range of ports to be used for passive mode transfers in your FTP server configuration. If you would like to use a range of 100 ports between 34201 and 34300 with ProFTPd you would use the PassivePorts directive in the global config:
PassivePorts 34201 34300
Every time a passive mode transfer - be it a directory listing (which is a data transfer, not a command) or a regular file transfer - is executed, one of the ports in that range will be randomly selected as the server-side port. You will have to forward these ports to the computer on which the FTP server runs in the router configuration. If you have a Linksys router you will probably find what you want in Advanced >> Port Forwarding >> View Port Range Forwarding in the web administration thingy.

If you don't set up the port range to be forwarded in the router you will suffer a timeout whenever you try to retrieve a directory listing or a file from the FTP server.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT forwarding FTP ports Ossar Linux - Networking 4 03-14-2005 12:07 PM
FTP ports ayie Linux - Software 3 02-17-2005 05:28 AM
Ftp service on non-standard ports kasnol Linux - Networking 5 06-19-2003 10:48 PM
FTP Server..... opening of ports and all that Daniel Linux - Networking 2 12-12-2002 09:43 AM
ipchains, ftp from client to non-ftp ports atari303 Linux - Networking 2 11-08-2002 02:43 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:59 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration