Setting up an FTP server with Xfinity

Joined
Mar 4, 2019
Messages
44
So, I have confirmed with Comcast that they do not necessarily block any ports, specifically the ones related to FTP or HTTP. I have used the Win10 FTP server tool, FileZilla, and one other that I can't recall the name of. None allow access to the server in the basement. I am reasonably certain that my problem lies in getting the router port forwarding settings right. I have an Asus RT-AC3200 behind my own Motorola MB8600 modem. For security purposes, I would LIKE to use a non standard port, FileZilla uses 14147. I am attaching a screenshot of the port forward screen from the router. Where I am confused/unclear is what goes in the FTP Server Port box, and what goes in the Local Port box. What is strange is that the local IP will only accept an IP for the server I have running. Unlike everything else where it picks up on the name for that device, it does not for the server I am running. I would appreciate any assistance y'all may have on this...I am definitely new to this kind of thing! Thanks in advance.

Joe
 

Attachments

scrappymouse

Weaksauce
Joined
Mar 18, 2016
Messages
105
Are you trying to open FTP up internally between your own machines or externally to allow FTP to your machines from the internet?
 
Joined
Mar 4, 2019
Messages
44
So, I finally got it all figure out...mostly. I can get as far as it asks for login info. When entering Passive Mode, it says Server returned unroutable private IP in PASV reply. The fact that it can get to asking for login information says that the server IP is routable, and it is successful in doing so. Why would it give a conflicting error, when it clearly is inaccurate?
 

grim4593

Limp Gawd
Joined
Nov 30, 2014
Messages
276
When you are running in passive mode the server itself has to define which ports it is going to use to speak to the client.
I believe how it works is that the client establishes communication with the server over port 21, the server responds with an available port for file transfers, and the client proceeds to use the port that was assigned.

I cannot speak to configuring Filezilla, but with Proftpd there is a directive in the configuration file labeled: "PassivePorts XXXXX XXXXX".
I don't generally have more than 1-2 clients at a time and I define a range of 10 open ports which I allow through the firewall.
 
Joined
Mar 4, 2019
Messages
44
The trouble I seem to have is that the TLS handshake is the error. It Will connect, but won't retrieve the file listing. I use port 2700, with range of 2600-2701. I know I am missing something simple, but unsure what. Thanks.
 

grim4593

Limp Gawd
Joined
Nov 30, 2014
Messages
276
At that point it sounds beyond a port forwarding issue and looks to be more in line with a certificate or configuration issue with the server. Unfortunately I have little experience with anything besides Proftpd.
 

Brian_B

2[H]4U
Joined
Mar 23, 2012
Messages
3,356
Looks like your trying to connect to Secure FTP (FTPS) with a plain FTP client using Plain Text (or vice versa)

Network looks fine since your getting in. Now you just need to get your server configured appropriately.

If that's the case:
You either need to set up your certificates to keep going Secure route (Ive never done this), shift to SFTP (File transfer over SSH - which is what I recommend because it also gives you secure tunneling for VPN or other services if you wanted it later on), or drop to plain non-encrypted regular old FTP.
 
Joined
Mar 4, 2019
Messages
44
Interesting. I will look at this all after work tomorrow and maybe send screen shots of the configuration. Thanks again!
 
Top