1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BEFSR41 v1 & 2 PASV FTP resolution.

Discussion in 'Cisco/Linksys Wireless Routers' started by schale01, Sep 28, 2006.

  1. schale01

    schale01 Guest

    I set up a windows 2000 Server on a spare machine and loaded IIS and created a simple FTP. This is behind my A BEFSR41 - EtherFast Cable/DSL Router with 4-Port Switch.

    Alright here's what I've got so far:
    Quick Background info on FTP protocol
    FTP mode is determined by the client.
    FTP Active mode - commands are sent to the server through port 21 then the server makes a connection through port 20 (only incoming connections through port 21 need to be unblocked by router)
    FTP Passive mode - connection is made initially through port 21 command port. Client sends a Passive command, Server responds with it's address and a port to use for data. CLIENT then initiates the connection through IP and port provided by server.
    Active - server makes connection
    Passive - Client makes connection

    I've tested the FTP from inside the LAN connection, to it's LAN address of
    Works with CuteFTP(active), Internet explorer 7(passive) and FireFox(passive)

    Tested from over the WAN with the external WAN IP
    Works with CuteFTP(active)
    Does NOT work with Internet Explorer 7 or FireFox (Passive)
    Not Good

    So I know the problem is somewhere in the NAT address translation or something it's blocking.

    Here's where things go wrong:
    Error Message: 227 Entering Passive Mode (192,168,1,95,4,202)
    followed by a: 425 Can't open data connection
    I think the 227 error is the key, notice the IP (192,168,1,95,4,202)
    This is the LAN internal IP. I believe what is happening is the client is requesting a connection in passive mode and the server is responding with the LAN IP this is not being translated by the router. The client then tries to connect through a passive port (range 1024-whatever) but it is trying to connect @ WAN address.
    This explains why even if I place the server on the DMZ (allowing access to all ports) that it still fails in passive mode. The ports are exposed but the IP is not translated correctly.

    I may be missing a setting or something not quite configured correctly? Any ideas? Anyone else get this to work?

    Things I've tried:

    ==I updated the firmware of the linksys box to the latest version ( 1.46.2) thinking it might help. Could be a setting I'm not aware of.
    ==This helped me figure out how to define the Passive Port Range in IIS for FTP:
    (did not fix passive connectivity problem)
    ==Forwarding passive ports (had no effect)
    ==Placing the Server on the DMZ side of the firewall (had no effect)

    Some more info on this problem:

    Thank you,

Share This Page