Setting up an FTP server with Xfinity

Discussion in 'Networking & Security' started by IndyJoe1977, Aug 5, 2019.

  1. IndyJoe1977

    IndyJoe1977 n00b

    Messages:
    35
    Joined:
    Mar 4, 2019
    So, I have confirmed with Comcast that they do not necessarily block any ports, specifically the ones related to FTP or HTTP. I have used the Win10 FTP server tool, FileZilla, and one other that I can't recall the name of. None allow access to the server in the basement. I am reasonably certain that my problem lies in getting the router port forwarding settings right. I have an Asus RT-AC3200 behind my own Motorola MB8600 modem. For security purposes, I would LIKE to use a non standard port, FileZilla uses 14147. I am attaching a screenshot of the port forward screen from the router. Where I am confused/unclear is what goes in the FTP Server Port box, and what goes in the Local Port box. What is strange is that the local IP will only accept an IP for the server I have running. Unlike everything else where it picks up on the name for that device, it does not for the server I am running. I would appreciate any assistance y'all may have on this...I am definitely new to this kind of thing! Thanks in advance.

    Joe
     

    Attached Files:

  2. scrappymouse

    scrappymouse n00b

    Messages:
    40
    Joined:
    Mar 18, 2016
    Are you trying to open FTP up internally between your own machines or externally to allow FTP to your machines from the internet?
     
  3. IndyJoe1977

    IndyJoe1977 n00b

    Messages:
    35
    Joined:
    Mar 4, 2019
    I'm looking to allow external traffic in from the internet.
     
  4. IndyJoe1977

    IndyJoe1977 n00b

    Messages:
    35
    Joined:
    Mar 4, 2019
    So, I finally got it all figure out...mostly. I can get as far as it asks for login info. When entering Passive Mode, it says Server returned unroutable private IP in PASV reply. The fact that it can get to asking for login information says that the server IP is routable, and it is successful in doing so. Why would it give a conflicting error, when it clearly is inaccurate?
     
  5. grim4593

    grim4593 Limp Gawd

    Messages:
    207
    Joined:
    Nov 30, 2014
    When you are running in passive mode the server itself has to define which ports it is going to use to speak to the client.
    I believe how it works is that the client establishes communication with the server over port 21, the server responds with an available port for file transfers, and the client proceeds to use the port that was assigned.

    I cannot speak to configuring Filezilla, but with Proftpd there is a directive in the configuration file labeled: "PassivePorts XXXXX XXXXX".
    I don't generally have more than 1-2 clients at a time and I define a range of 10 open ports which I allow through the firewall.
     
  6. IndyJoe1977

    IndyJoe1977 n00b

    Messages:
    35
    Joined:
    Mar 4, 2019
    The trouble I seem to have is that the TLS handshake is the error. It Will connect, but won't retrieve the file listing. I use port 2700, with range of 2600-2701. I know I am missing something simple, but unsure what. Thanks.
     
  7. IndyJoe1977

    IndyJoe1977 n00b

    Messages:
    35
    Joined:
    Mar 4, 2019
    This is the error I get now.
     

    Attached Files:

  8. grim4593

    grim4593 Limp Gawd

    Messages:
    207
    Joined:
    Nov 30, 2014
    At that point it sounds beyond a port forwarding issue and looks to be more in line with a certificate or configuration issue with the server. Unfortunately I have little experience with anything besides Proftpd.
     
  9. Brian_B

    Brian_B 2[H]4U

    Messages:
    2,965
    Joined:
    Mar 23, 2012
    Looks like your trying to connect to Secure FTP (FTPS) with a plain FTP client using Plain Text (or vice versa)

    Network looks fine since your getting in. Now you just need to get your server configured appropriately.

    If that's the case:
    You either need to set up your certificates to keep going Secure route (Ive never done this), shift to SFTP (File transfer over SSH - which is what I recommend because it also gives you secure tunneling for VPN or other services if you wanted it later on), or drop to plain non-encrypted regular old FTP.
     
  10. IndyJoe1977

    IndyJoe1977 n00b

    Messages:
    35
    Joined:
    Mar 4, 2019
    Interesting. I will look at this all after work tomorrow and maybe send screen shots of the configuration. Thanks again!
     
  11. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    11,291
    Joined:
    Jun 13, 2003
    The Chinese State Botnet says 'thank you'.