Jump to content


Photo
- - - - -

Ftp Access With 1and1


  • Please log in to reply
14 replies to this topic

#1 Harut

Harut

    Վերնագիր

  • Members
  • PipPipPipPipPip
  • 5,734 posts
  • Gender:Male
  • Location:հորիզոն...
  • Interests:uninterested...

Posted 09 May 2004 - 06:03 PM

i know few of you have account with 1and1.
does anyone have any ftp access problem when connecting through a router?

#2 Sip

Sip

    Buffet Connoisseur

  • Members
  • PipPipPipPipPip
  • 8,365 posts
  • Gender:Male
  • Location:Online

Posted 09 May 2004 - 06:16 PM

If you are having trouble connecting through the router, try using PASSIVE connections. Your FTP client should have an option for that (PASV).

Edit: By the way, as a rule of thumb, FTP is very insecure. I would suggest using SFTP with 1&1 that runs over SSH.

#3 Harut

Harut

    Վերնագիր

  • Members
  • PipPipPipPipPip
  • 5,734 posts
  • Gender:Male
  • Location:հորիզոն...
  • Interests:uninterested...

Posted 09 May 2004 - 07:13 PM

thanks

but the problem wasn't that. it was just that widnows default program (web folder and good old ftp) didn't work, but 3-party programs, such as aceftp, worked fine.

btw, how do we set up sftp?

#4 Sip

Sip

    Buffet Connoisseur

  • Members
  • PipPipPipPipPip
  • 8,365 posts
  • Gender:Male
  • Location:Online

Posted 09 May 2004 - 07:22 PM

SFTP seemed to be available by default on 1&1 after setting up a regular FTP account. You just need an SFTP client. I use SecureFX.

The default windows FTP client is very limited. The folder uses IE and it's also fairly limited. If you temporarily need to get them to work, you can put your PC in the what's usually called the "Demiliterized Zone (DMZ)" in the router which means ALL ports get forwarded to that PC. Otherwise, you might have to experiment with port forwarding in NAT and the router Firewall to get some ftp clients to work right.

#5 Harut

Harut

    Վերնագիր

  • Members
  • PipPipPipPipPip
  • 5,734 posts
  • Gender:Male
  • Location:հորիզոն...
  • Interests:uninterested...

Posted 09 May 2004 - 07:27 PM

oh, yes, sorry, 1and1 has ssh set up.

i opened 20-21 ports on the router but didn't help with win ftp or the web folder.
but i installed acehtml and it works ok so far.

#6 Sip

Sip

    Buffet Connoisseur

  • Members
  • PipPipPipPipPip
  • 8,365 posts
  • Gender:Male
  • Location:Online

Posted 09 May 2004 - 07:30 PM

Port 21 is the default server port for FTP (i.e. incoming connections). It won't effect a client trying to access a remote server as the client might use any random available port to establish the outgoing connection (to port 21 on the server). After a connection is established, the server and client can be using random ports.

So the problem with the router usually happens when the client connects to the server, the server tries to set a connection up back to the client through some port ... but that port doesn't get forwarded from the router to your PC so the connection fails.

#7 Harut

Harut

    Վերնագիր

  • Members
  • PipPipPipPipPip
  • 5,734 posts
  • Gender:Male
  • Location:հորիզոն...
  • Interests:uninterested...

Posted 09 May 2004 - 07:35 PM

why do ftp servers use random port numbers? for security reasons?

#8 Sip

Sip

    Buffet Connoisseur

  • Members
  • PipPipPipPipPip
  • 8,365 posts
  • Gender:Male
  • Location:Online

Posted 09 May 2004 - 07:36 PM

One more thing: In windows, you can use the command "netstat -a" to see all current TCP/UDP connections which might help you debug such problems.

#9 Sip

Sip

    Buffet Connoisseur

  • Members
  • PipPipPipPipPip
  • 8,365 posts
  • Gender:Male
  • Location:Online

Posted 09 May 2004 - 07:40 PM

QUOTE (Harut @ May 9 2004, 07:35 PM)
why do ftp servers use random port numbers? for security reasons?

In order to set up a TCP or UDP connection between 2 PCs, one needs an IP address and port on one end and and IP address and port on the other end. Once a port is being used on a PC, then no other remote PC or local application can connect to that specific port of that PC.

So if you connect to an FTP server on port 21, then that server can't accept any more incoming connections until you terminate your connection.

To allow the server to service more than 1 connection at a time, the client and server usually negotiate and pick some random ports and start to communicate using that. This way, port 21 is kept free. Why then use Port 21? Because that's how you can get to the ftp server smile.gif

Port 80 is typically HTTP. When you request a website from a server using your browser, the browser connects to the server through port 80 and they setup a TCP socket on some random avialable ports and then the server starts sending the files requested by the client. Port 80 is freed up for the next client that is going to request things from the server.

#10 Harut

Harut

    Վերնագիր

  • Members
  • PipPipPipPipPip
  • 5,734 posts
  • Gender:Male
  • Location:հորիզոն...
  • Interests:uninterested...

Posted 09 May 2004 - 07:47 PM

thanks
but if i'm a client why would i need a port forwarding with my router? shouldn't it take care of the responses i get from the server i connect?
otherwise i would have to open up all my ports to connect to any server from behind a firewall.

#11 Harut

Harut

    Վերնագիր

  • Members
  • PipPipPipPipPip
  • 5,734 posts
  • Gender:Male
  • Location:հորիզոն...
  • Interests:uninterested...

Posted 09 May 2004 - 07:49 PM

btw, just installed core ftp lite and set up sftp to my server and it works fine.

#12 Sip

Sip

    Buffet Connoisseur

  • Members
  • PipPipPipPipPip
  • 8,365 posts
  • Gender:Male
  • Location:Online

Posted 09 May 2004 - 08:13 PM

Your router uses something called "NAT" (network address translation). When you connect to a server, it looks at the negotiated ports and forwards things coming in from the server to the PC that made the request.

But if the connection initiates from the server, the router won't know where to route the packets (i.e. to your PC) so that's why sometimes you have to forward the ports to your PC manually. Well, either that, or you put your PC in the DMZ and ALL ports will get forwarded to it from the router.

Also, keep in mind that the port connecting from your PC to the router may be changed in the router (using NAT) to some other outgoing port from the router to the server. But what the router cannot do is it cannot use the same outgoing port connecting to the same server for 2 different PCs in your LAN ... because when a reply comes back, it won't know which PC it's for. However, if the request is going to two different servers then the router may be able to figure out which one is for which PC by keeping track of which PC made the request to which server in a table.

#13 Harut

Harut

    Վերնագիր

  • Members
  • PipPipPipPipPip
  • 5,734 posts
  • Gender:Male
  • Location:հորիզոն...
  • Interests:uninterested...

Posted 09 May 2004 - 08:44 PM

QUOTE (Sip @ May 9 2004, 06:13 PM)
But if the connection initiates from the server, the router won't know where to route the packets (i.e. to your PC) so that's why sometimes you have to forward the ports to your PC manually.

but i'm the one initiating the connection from my pc to remote server. why would the server respond to a different port (before my pc has given the ok to do so) that my router is unaware of?

#14 Stormig

Stormig

    Still water runs deep...

  • Members
  • PipPipPipPipPip
  • 3,745 posts
  • Location:Je sais pas

Posted 10 May 2004 - 04:49 AM

Hmmmm, I gotta examine this thread sometime... Check.

#15 bellthecat

bellthecat

    A poor kitty, lost in the rain.

  • Banned
  • PipPipPipPipPip
  • 1,643 posts
  • Location:far, far away
  • Interests:mreowing purring snuggling sleeping

Posted 11 May 2004 - 01:28 PM

Hey Sip - would you know if i-net+ and CIW certifications are held in any regard by the IT industry?

Steve




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users