Port Forwarding...?

spiff · March 7, 2012

Anyone able to provide info on port forwarding? It seems to be relatively simple to do as I have a storage unit set up and want to be able to ftp into it. DDNS all set and working, just can't seem to get the port forwarding to cooperate!

backrubman · March 7, 2012

Anyone able to provide info on port forwarding? It seems to be relatively simple to do as I have a storage unit set up and want to be able to ftp into it. DDNS all set and working, just can't seem to get the port forwarding to cooperate!

It's going to depend on your particular brand of broadband router and if your desired FTP client is using PASV mode if you can do this.

FTP has some special considerations because of the nature of the old Internet FTP protocols.

The bottom line is that you might well be better off using a DMZ to facilitate access to an FTP server rather than attempting to open specific ports.

The rest of this message gets very geeky.

FTP modes

FTP typically has two modes of operation:

The original mode, sometimes called "active" these days, looks like this: the client computer opens a connection, called the "Control connection", to the server on port 21. In order to receive data from the server, the client sends a command to the server on this control connection and specifies the data it wants and the port to which should be delivered. Then the server actually initiates a connection back to the client at the ports specified (the server uses port 20 on its own system for this connection, but the port on the destination system is determined by the client. that can be any port in the range of 1024 to 65,535.) When the client uses this mode, the server only needs to receive connections on port 21, so forwarding only port 21 is sufficient for that.

The typical problem that resulted from this mode of operation was that a client would be operating behind a router or a firewall, and so would not be able to receive a return connection properly.

"Passive" (PASV) mode solves this problem for the client: When passive mode is used, the client sends the command on the control connection that was established in port 21 as before; but, now the server sends back the port number (again, anywhere in the range of 1024 to 65,535) on which it will receive a data connection from the client. In this mode, it is the client that opens the data connection, and the server that is responsible for selecting the port to use and making sure that port is open on its local network. So, for a server to work with a client running passive mode, you would need to forward ports 20-21 and 1024-65535.

Some routers, such as the LinkSys, allow you to set up a range of ports to be forwarded; on those is fairly easy to forward all those ports. (In addition the LinkSys offers a very sophisticated feature called "Port triggering" which lets you open selected ports to a specific server based on which server opened a connection on another port, which can be useful if you are trying to run more than one FTP server behind the same LinkSys router.) However, on some routers (including the Airport Base Station) it is not that easy.

Since so many clients use PASV mode FTP these days, the result is if you are running an FTP server for others to use, either forward ports 20-21 and 1024-65535, or use the DMZ facility of the router to forward everything to the server.