Hi,

I have setup ftp server on my xp desktop. I am using cable internet and have
DI 614+ router. Now how do I access ftp server from anywhere? What ip
address I should use to access. when I test with ftp://localhost it works
fine. Where do I find my own ftp address? What setup required on router? I
guess I have tons of questions... can anybody help me with step by step
instructions?

Thanks for reading!

1) Unless you have a static IP address w/ your ISP, then you need to use an
IP poster (utility or service) to publish the IP address (e.g.,
http://www.dyndns.org/ ). DynDNS is a free service that publishes your
dynamic IP address to a well-known domain name, one YOU (partially) define,
such as sunny.dnsalias.com. Of course, if you already have a domain name of
your own you prefer to use, you can use it as well, for a fee

2) Establish an FTP virtual server on the router (Advanced->Virtual Server),
which is trivial, since it's already defined (Virtual Server FTP), you just
need to specify the local IP address where the FTP server is running, then
enable it.

3) Finally, open the FTP port on the firewall (Advanced->Firewall):

Enabled: Yes
Name: FTP Server
Action: Allow
Source: WAN,*,*
Destination: LAN, <ip-address of your ftp server>, 21, 21
Schedule: Always

Of course, you can make this firewall specification more restrictive (and
thus more secure) if, for example, you will be accessing the service from a
limited range of IP source addresses (e.g., your office network). I
provided an example of a completely wide-open specification, anyone from any
IP address can access the FTP server given a valid username/password. You
may also wish to CHANGE the default FTP port to something less obvious and
private (e.g., 6066), to add a little more security. Of course, a port
scanner can still locate it given enough time and determination, but it will
discourage the casual snooper.

That's it!

IMPORTANT: FTP has many known vulnerabilities, so use caution when
configuring. For example, FTP uses two connections, a command channel (port
21) and another for data transfer (port ?). The data transfer channel works
(by default) by having the client send a PORT specification to the FTP
server, which then creates a connection from INSIDE the firewall to OUTSIDE
the firewall using that port, and back to the client. This makes
configuration of your firewall trivial since most outbound ports are ALLOWED
by default (as illustrated above, we merely opened port 21 for the command
channel). However, this same "feature" has been used by hackers as an
indirect means to gain access to LAN resources! As a result, some people
configure their FTP server to REQUIRE passive mode, which requires the
*client* to create a connection for file transfer from OUTSIDE the firewall
to INSIDE the firewall (just like the command channel). While this does
prevents some hacking problems, you now have an issue of opening additional
ports for entry INTO your network from outside the firewall (i.e., merely
opening port 21 will be insufficient). Depending on your ability to control
what ports your FTP client might use, determining and managing these
additional ports may be problematic.

HTH

Jim


"Sunny" > wrote in message
...
> Hi,
>
> I have setup ftp server on my xp desktop. I am using cable internet and
have
> DI 614+ router. Now how do I access ftp server from anywhere? What ip
> address I should use to access. when I test with ftp://localhost it works
> fine. Where do I find my own ftp address? What setup required on router? I
> guess I have tons of questions... can anybody help me with step by step
> instructions?
>
> Thanks for reading!
>
>

Hi Jim,

I have setup everything as you said but although in step 3 you mentioned
Destination: LAN, <ip-address of your ftp server>, 21, 21. is that means ip
address of my computer (which is 192.168.0.101) or ip address from cable?

Another question is
I dont know how to access ftp from internet say from my office. What ip
address I should use and how to find the ip address?

Thanks for detailed information.
"Jim" > wrote in message
news:qglKa.71887$Dr3.49542@fed1read02...
>
> 1) Unless you have a static IP address w/ your ISP, then you need to use
an
> IP poster (utility or service) to publish the IP address (e.g.,
> http://www.dyndns.org/ ). DynDNS is a free service that publishes your
> dynamic IP address to a well-known domain name, one YOU (partially)
define,
> such as sunny.dnsalias.com. Of course, if you already have a domain name
of
> your own you prefer to use, you can use it as well, for a fee
>
> 2) Establish an FTP virtual server on the router (Advanced->Virtual
Server),
> which is trivial, since it's already defined (Virtual Server FTP), you
just
> need to specify the local IP address where the FTP server is running, then
> enable it.
>
> 3) Finally, open the FTP port on the firewall (Advanced->Firewall):
>
> Enabled: Yes
> Name: FTP Server
> Action: Allow
> Source: WAN,*,*
> Destination: LAN, <ip-address of your ftp server>, 21, 21
> Schedule: Always
>
> Of course, you can make this firewall specification more restrictive (and
> thus more secure) if, for example, you will be accessing the service from
a
> limited range of IP source addresses (e.g., your office network). I
> provided an example of a completely wide-open specification, anyone from
any
> IP address can access the FTP server given a valid username/password. You
> may also wish to CHANGE the default FTP port to something less obvious and
> private (e.g., 6066), to add a little more security. Of course, a port
> scanner can still locate it given enough time and determination, but it
will
> discourage the casual snooper.
>
> That's it!
>
> IMPORTANT: FTP has many known vulnerabilities, so use caution when
> configuring. For example, FTP uses two connections, a command channel
(port
> 21) and another for data transfer (port ?). The data transfer channel
works
> (by default) by having the client send a PORT specification to the FTP
> server, which then creates a connection from INSIDE the firewall to
OUTSIDE
> the firewall using that port, and back to the client. This makes
> configuration of your firewall trivial since most outbound ports are
ALLOWED
> by default (as illustrated above, we merely opened port 21 for the command
> channel). However, this same "feature" has been used by hackers as an
> indirect means to gain access to LAN resources! As a result, some people
> configure their FTP server to REQUIRE passive mode, which requires the
> *client* to create a connection for file transfer from OUTSIDE the
firewall
> to INSIDE the firewall (just like the command channel). While this does
> prevents some hacking problems, you now have an issue of opening
additional
> ports for entry INTO your network from outside the firewall (i.e., merely
> opening port 21 will be insufficient). Depending on your ability to
control
> what ports your FTP client might use, determining and managing these
> additional ports may be problematic.
>
> HTH
>
> Jim
>
>
> "Sunny" > wrote in message
> ...
> > Hi,
> >
> > I have setup ftp server on my xp desktop. I am using cable internet and
> have
> > DI 614+ router. Now how do I access ftp server from anywhere? What ip
> > address I should use to access. when I test with ftp://localhost it
works
> > fine. Where do I find my own ftp address? What setup required on router?
I
> > guess I have tons of questions... can anybody help me with step by step
> > instructions?
> >
> > Thanks for reading!
> >
> >
>
>

Answers below.

Jim

"Sunny" > wrote in message
...
> Hi Jim,
>
> I have setup everything as you said but although in step 3 you mentioned
> Destination: LAN, <ip-address of your ftp server>, 21, 21. is that means
ip
> address of my computer (which is 192.168.0.101) or ip address from cable?
>

Your router already knows the IP address from the ISP! That's how the FTP
connection request got there, what the router DOESN'T know is what machine
locally has the FTP server, i.e., where the request should be forwarded. So
you need to specify the local IP address of your FTP server (192.168.0.101),
NOT the IP address assigned to your router by the ISP.

> Another question is
> I dont know how to access ftp from internet say from my office. What ip
> address I should use and how to find the ip address?
>

That's why you use the DynDNS service!

http://www.dyndns.org/services/dyndns/howto.html

You create a free account w/ DynDNS and specify a domain name you would like
to use (e.g., sunny.dnsalias.com ). They have LOTS of other domain names as
well, your choice( http://www.dyndns.org/services/dyndns/domains.html ).
You could use sunny.homeftp.org, or sunny.homeftp.net, etc. They allow up
to five for the free account. You then use a third-party "updater" program
( http://www.dyndns.org/services/dyndns/clients.html ) which takes your
dynamic IP address as assigned by the ISP and updates their DNS server, so
anyone (including yourself) who then references sunny.dnsalias.com will be
resolved to the correct IP addrees!

So create an account on DynDNS and add sunny.dnsalias.com (assuming someone
else hasn't already grabbed than name) as a hostname. Choose an updater
program, config it, and whenever your ISP IP assignment is updated, the
update program will also update the DNS server at DynDNS.org w/ that same
information.

To access your FTP server, you would use:

ftp://sunny.dnsalias.com

If you decided to use another FTP port (not the default 21 port), it would
be:

ftp://sunny.dnsalias.com:6066 (or whatever port if appropriate).

You just need to try it, sign up and give it a whirl. There are other ways
as well, such as IP posters that don't use a dynamic DNS service, but merely
publish your cable ISP assignment to a web page, perhaps the web space
provided by your ISP ( http://www.tucows.com/preview/194772.html ). I just
think using a dynamic DNS service is easier, especially if you intend to
give access to others.

Here are a couple of other dynamic DNS services as well:

http://www.dns4me.com/ ($10 / YR)
http://dns2go.deerfield.com ($20 / YR), used this myself when it was still
free, works well.

They're all basically the same idea, so in most cases it makes sense to go
w/ the cheapest.

HTH

Jim


> Thanks for detailed information.
> "Jim" > wrote in message
> news:qglKa.71887$Dr3.49542@fed1read02...
> >
> > 1) Unless you have a static IP address w/ your ISP, then you need to use
> an
> > IP poster (utility or service) to publish the IP address (e.g.,
> > http://www.dyndns.org/ ). DynDNS is a free service that publishes your
> > dynamic IP address to a well-known domain name, one YOU (partially)
> define,
> > such as sunny.dnsalias.com. Of course, if you already have a domain
name
> of
> > your own you prefer to use, you can use it as well, for a fee
> >
> > 2) Establish an FTP virtual server on the router (Advanced->Virtual
> Server),
> > which is trivial, since it's already defined (Virtual Server FTP), you
> just
> > need to specify the local IP address where the FTP server is running,
then
> > enable it.
> >
> > 3) Finally, open the FTP port on the firewall (Advanced->Firewall):
> >
> > Enabled: Yes
> > Name: FTP Server
> > Action: Allow
> > Source: WAN,*,*
> > Destination: LAN, <ip-address of your ftp server>, 21, 21
> > Schedule: Always
> >
> > Of course, you can make this firewall specification more restrictive
(and
> > thus more secure) if, for example, you will be accessing the service
from
> a
> > limited range of IP source addresses (e.g., your office network). I
> > provided an example of a completely wide-open specification, anyone from
> any
> > IP address can access the FTP server given a valid username/password.
You
> > may also wish to CHANGE the default FTP port to something less obvious
and
> > private (e.g., 6066), to add a little more security. Of course, a port
> > scanner can still locate it given enough time and determination, but it
> will
> > discourage the casual snooper.
> >
> > That's it!
> >
> > IMPORTANT: FTP has many known vulnerabilities, so use caution when
> > configuring. For example, FTP uses two connections, a command channel
> (port
> > 21) and another for data transfer (port ?). The data transfer channel
> works
> > (by default) by having the client send a PORT specification to the FTP
> > server, which then creates a connection from INSIDE the firewall to
> OUTSIDE
> > the firewall using that port, and back to the client. This makes
> > configuration of your firewall trivial since most outbound ports are
> ALLOWED
> > by default (as illustrated above, we merely opened port 21 for the
command
> > channel). However, this same "feature" has been used by hackers as an
> > indirect means to gain access to LAN resources! As a result, some
people
> > configure their FTP server to REQUIRE passive mode, which requires the
> > *client* to create a connection for file transfer from OUTSIDE the
> firewall
> > to INSIDE the firewall (just like the command channel). While this does
> > prevents some hacking problems, you now have an issue of opening
> additional
> > ports for entry INTO your network from outside the firewall (i.e.,
merely
> > opening port 21 will be insufficient). Depending on your ability to
> control
> > what ports your FTP client might use, determining and managing these
> > additional ports may be problematic.
> >
> > HTH
> >
> > Jim
> >
> >
> > "Sunny" > wrote in message
> > ...
> > > Hi,
> > >
> > > I have setup ftp server on my xp desktop. I am using cable internet
and
> > have
> > > DI 614+ router. Now how do I access ftp server from anywhere? What ip
> > > address I should use to access. when I test with ftp://localhost it
> works
> > > fine. Where do I find my own ftp address? What setup required on
router?
> I
> > > guess I have tons of questions... can anybody help me with step by
step
> > > instructions?
> > >
> > > Thanks for reading!
> > >
> > >
> >
> >
>
>