- This topic is empty.
March 9, 2004 at 12:53 am #28076
Grant… Or someone else who can point me in the right direction:
During the weekend past, I had forwarded the ports 1025 – 3500 on my router to the server in which my FTP (Cerberus) resides.
In doing so, this morning our staff arrived at the office and quickly alerted me to the fact that all systems on our internal network had lost internet connectivity. It was vey odd that all of the servers were available to the public from the outside, yet no-one from the inside could get out. In any way.
After considering the steps I had taken to migrate my FTP server to Cerberus over the weekend, I realized that the PASV port range in which I had forwarded had been the cause of the problem. These ports were in conflict with the ports necessary for many Microsoft system services, as well as commony know applications, in my case MS SQL 2000.
My question is this. Given that these ports are conflicting, Is it possible to set the PASV Port Range in the Avanced Server Configuration to accept PASV data connections on ports which may not commonly be allocated to known applications (ex. 20000+) and subsequently forward these ports on our firewall / router to the FTP server address? If this is the case, how many ports (range of ports) should exist to ensure that all connections to the FTP server can use the PASV transfer option?
I have noticed in using this server with no PASV ports forwarded, that when transferring multiple files (more than 50) through a GUI, that the connection stalls after 15 – 20 files. I was able to correct this problem by forwarding the PASV ports, but unfortunately took my entire internal network’s internet connectivity down in the process.
I hope you can offer some suggestions.
Owen (otsoroke)March 14, 2004 at 12:16 am #31351
There should be no problem selecting higher port to use for PASV transfers. Depending upon file transfer frequency, I would recommend around 500 -1000 ports. Go higher if people are having connection issues.March 25, 2004 at 6:05 pm #31352
What port range could be reserved that likely wont conflict with other applications?
otsorokeMarch 27, 2004 at 5:48 am #31353
This document shows current port assignments. However, it does not make any reference to reserved port assignments for PASV FTP connections.
Judging… I would say that the port assignments should be configured in the Private / Dynamic port range 49152 through 65535.
Can anyone offer me suggestions?
(last updated 2004-03-25)
The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535
April 1, 2004 at 7:41 pm #31354
bounce…April 1, 2004 at 7:41 pm #31355 bounce…April 7, 2004 at 12:05 am #31356imported_SerinParticipant Hello,
The ports you suggested earlier (49152 through 65535) should be fine. Actually, I’m usually ok with anything over 2000.April 26, 2004 at 9:47 am #31357Twowheeler53Participant
Ok… I’m going to ask a silly question. How do you forward ports to the server?April 27, 2004 at 4:05 am #31358 In your router configuration Twowheeler…
No question is a silly question.
Owen (otsoroke)April 29, 2004 at 8:20 pm #31359
quick green question.. have a linksys router setup with zone alarm PFW
for PASV connections, does it suffice for me to just forward 1024 – 3500 on the router config and open those same ports in the firewall?
for the router, i assume i can forward the range of ports to the destination pc’s ip?
also, is there anyway to authenticate the users (aside from a logon verification) before opening the ports.. i.e. lockdown all ports except 21 until user authenticates, then open ports 1024-3500.
thanks a million,
- You must be logged in to reply to this topic.