Running the server on a nonstandard port?

Message

clemon79 · #1 Post by **clemon79** » 2006-06-02 17:21

I know I'm missing something obvious here.

So I have FileZilla Server running on a machine behind a Linksys WRT54G router and my cable modem. I also have ZoneAlarm running on this box, but the following behavior seems to exist whether I have that running or not, and I have the appropriate IP addresses cleared for access anyhow, so I don't think that is an issue here.

Now, when I have it set to listen on Port 21, and I have Port 21 set on the router to forward to this machine, everything works just fine, whether I connect from my internal network or outside of it.

All fine and good, but running an FTP server on Port 21 is just an invitation for hackers to try to mess with you, so I'd like to move it to 3733. So I change the port that FZ Server listens on in Settings > General Settings > "Listen on these ports", and I change the port my router is forwarding, and now, if I try to connect from my internal network, it works, but if I try to connect outside of it (for example, I'm testing this right now on my computer at work), I get the "infamous" Error 425 when it comes time to do the LIST, as follows:

Code: Select all

(000057) 6/2/2006 10:17:39 AM - (not logged in) (216.190.208.66)> Connected, sending welcome message...
(000057) 6/2/2006 10:17:39 AM - (not logged in) (216.190.208.66)> 220-FileZilla Server version 0.9.18 beta
(000057) 6/2/2006 10:17:39 AM - (not logged in) (216.190.208.66)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000057) 6/2/2006 10:17:39 AM - (not logged in) (216.190.208.66)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000057) 6/2/2006 10:17:40 AM - (not logged in) (216.190.208.66)> USER anonymous
(000057) 6/2/2006 10:17:40 AM - (not logged in) (216.190.208.66)> 331 Password required for anonymous
(000057) 6/2/2006 10:17:40 AM - (not logged in) (216.190.208.66)> PASS *******************
(000057) 6/2/2006 10:17:40 AM - (not logged in) (216.190.208.66)> 530 Login or password incorrect!
(000057) 6/2/2006 10:17:44 AM - (not logged in) (216.190.208.66)> USER clemon79
(000057) 6/2/2006 10:17:44 AM - (not logged in) (216.190.208.66)> 331 Password required for clemon79
(000057) 6/2/2006 10:17:44 AM - (not logged in) (216.190.208.66)> PASS ********
(000057) 6/2/2006 10:17:44 AM - clemon79 (216.190.208.66)> 230 Logged on
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> SYST
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> 215 UNIX emulated by FileZilla
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> PWD
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> 257 "/" is current directory.
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> TYPE I
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> 200 Type set to I
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> PASV
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> 227 Entering Passive Mode (192,168,1,101,7,35)
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> SIZE /
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> 550 File not found
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> MDTM /
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> 550 File not found
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> RETR /
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> 550 File not found
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> PASV
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> 227 Entering Passive Mode (192,168,1,101,7,36)
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> CWD /
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> 250 CWD successful. "/" is current directory.
(000057) 6/2/2006 10:17:45 AM - clemon79 (216.190.208.66)> LIST
(000057) 6/2/2006 10:17:55 AM - clemon79 (216.190.208.66)> 425 Can't open data connection.
(000057) 6/2/2006 10:17:57 AM - clemon79 (216.190.208.66)> disconnected.

Passive settings are left at Default, since they seem to work fine when I'm working from Port 21.

So I'm sure I'm missing something really easy. Anyone have an idea, based on this, what that might be? If I need to furnish other information, let me know, and thanks![/list]

#2 Post by **botg** » 2006-06-02 19:15

They work fine on port 21 because you have a malicious router that snoops your traffic and transparently opens ports without being asked for. Proper router and FZS configuration will fix this issue.

clemon79 · #3 Post by **clemon79** » 2006-06-02 20:35

botg wrote:They work fine on port 21 because you have a malicious router that snoops your traffic and transparently opens ports without being asked for. Proper router and FZS configuration will fix this issue.

Um, the Linksys isn't exactly an uncommon router. Yes, I do have UPnP activated, does this have anything to do with it?

As for FZS configuration....that's pretty much what I'm asking for help with, isn't it?

Do you have any idea what I have misconfigured? I ask this, because I was previously using Serv-U prior to trying FileZilla out, and it worked fine for me. So I'm a little skeptical at the router being blamed, but I'm willing to be open minded about the possibility.

(It also doesn't explain to me why it works internally no matter what port I choose, even though I am referring to my machine by domain name and therefore intentionally trying to get it to access outside of the router.)

clemon79 · #4 Post by **clemon79** » 2006-06-02 21:24

Okay, I got it. You're probably right in that it's forwarding some traffic without telling me (and I could probably stand to learn how to turn that off if possible), but it appears that if I forward 3732 and 3733 (instead of just 3733) and configure the server to use those ports, everything works. So I'm good. (Unless someone has some ideas as to how to turn the aforementioned router functionality off.

)