I cannot connect to my server from the internet

This forum is for anyone experiencing problems related to their firewall settings. More specifically, anyone experiecing connection issues should take a look at this forum.
Post Reply
nickbell
Posts: 1
Joined: Sat Nov 24, 2007 10:48 am

I cannot connect to my server from the internet

Post by nickbell » Sat Nov 24, 2007 11:03 am

I am new to Cerberus FTP Server, in fact, I have never set up any FTP server before. I did not think it would be too hard, and I am quite sure I have most of it set up right, but I cannot seem to connect through the internet.

The way my computer is set up is:
Internet -> Wireless Internet Modem -> Linksys WRT54GC Router -> Wireless Internet to My Laptop (ZoneAlarm Firewall, all connections that came up for Cerberus were accepted)

I went into my router set up page, and forwarded the following ports:
11000-12000 TCP to 192.168.1.101
21-21 TCP to 192.168.1.101
20-20 TCP to 192.168.1.101
I tried to access my FTP server through my WAN address to no avail.
(Error: A connection to the server could not be established.)

So I thought maybe it was ZoneAlarm. So I disabled it, and nothing happened. I still could not connect through: ftp://24.224.135.4/

As this was a security concern I enabled ZoneAlarm again.

Then I went back into my router setup and enabled DMZ to forward ALL ports to 192.168.1.101 (It give me a different WAN address than Cerberus did. I assumed that Cerberus was correct. My router gave me a 192.168.x.x, but this was for private connections between my wireless internet company and my personal router.)

Note that I can connect locally if I type ftp://192.168.1.101/, but I assume this is a local connection through my router.

My FTP server is still not available to the Internet. What else can I do?
Any ideas and suggestions would be really appreciated. Thanks in advance. Like I said I am brand new to FTP servers, and I could be making some silly little mistake.

mdj
Moderator
Posts: 656
Joined: Mon Aug 18, 2003 4:00 am
Location: Denmark
Contact:

Post by mdj » Mon Nov 26, 2007 3:05 am

(You don't need to forward port 20.)
Post a log from Cerberus, it will tell you exactly what is going wrong. From your description it is not clear where it fails.
Morten Due Jørgensen
http://www.mdjnet.dk

gesangbaer
User
Posts: 13
Joined: Wed Dec 19, 2007 3:30 am

Post by gesangbaer » Wed Dec 19, 2007 3:53 am

I had this problem with my installation as well.

If you are CERTAIN that all of your ports are correctly forwarded and you have your firewall permission correct you may want to look at this post.

Some routers are now correcting outgoing data to reflect the WAN IP, which results in incorrect port information being sent out.

http://www.cerberusftp.com/phpBB3/viewt ... =5537#5537

GribIB
New User
Posts: 6
Joined: Fri Dec 14, 2007 4:33 pm

Post by GribIB » Thu Dec 20, 2007 5:01 pm

I have exatly the same problem see :
http://www.cerberusftp.com/phpBB3/viewtopic.php?t=2064

I could't log on thougth my WAN connection, only from my Lan adress. But a friend of mine tryed to logon from he's location and did it with out enny problems. So my ftp server works, but i just cant connect to it thougth my WAN connection. I have the same problem with other FTP programs, so i think its a VISTA thing.....(unless others can convince me otherwise).

GribIB
New User
Posts: 6
Joined: Fri Dec 14, 2007 4:33 pm

Post by GribIB » Thu Dec 27, 2007 3:10 am

ok, it seeams its a router problem or a way thay work, i found this on the web.
The router simply WILL NOT pass the connection attempt through from the Local LAN side OUT to the External WAN side of the router, then BACK IN to the Local LAN side, to the server.

This is called a “loopback” and most of the small routers used for home networks don’t have loopback testing implemented.

Think of it this way- the router is DOING its job. It’s supposed to “route” the connection to its proper destination, and it KNOWS the destination (the server) is on the LOCAL side, so it WON’T route the connection in the wrong direction.

mdj
Moderator
Posts: 656
Joined: Mon Aug 18, 2003 4:00 am
Location: Denmark
Contact:

Post by mdj » Fri Dec 28, 2007 3:35 am

That sounds like nonsense to me... A uni-directional router?!? Nah! I'd say it is a configuration problem in the router then! The router should allow outgoing connections, no matter if they come from a ftp server, a ftp client or whatever - if it is configured to do so. I have a rather "dumb" router myself, and I configured it to allow session to my ftp server - both passive and active - without any problems at all. Of course, I can't do active ftp sessions myself from behind the router to a server on the outside, but then I use passive ftp. That is just how it works. Have you tried a passive connection or only active?
Morten Due Jørgensen
http://www.mdjnet.dk

GribIB
New User
Posts: 6
Joined: Fri Dec 14, 2007 4:33 pm

Post by GribIB » Fri Dec 28, 2007 3:23 pm

it might sound like nonsence to you but never the less was my problem that loopback was off on my router. when i turned it on, did everything work as i wanted. some one did mention it some where in some of the threds.

i think a few off our threeds would be solved if ppl would turn the loopback funktion to on.

on a zyxel its done with a telnet client like 'putty'

when accessed go to menu 24 (System Maintenance) -> menu 8 (Command Interpreter Mode) under the menu there will be a promt (RES>) then type "ip nat loopback on" or you can enter the routers autoexec.net with this command "sys edit autoexec.net" and locate "ip nat loopback off" and change it to on.

fredseeker
Posts: 1
Joined: Fri May 29, 2009 7:34 am

Re: I cannot connect to my server from the internet

Post by fredseeker » Fri May 29, 2009 7:54 am

It sounds like the loopback method Grib is talking about is called "Filter Internet NAT Redirection" option with Linksys routers.
http://forums.linksysbycisco.com/linksy ... ad.id=6629

Re: What's the purpose of Filter Internet NAT Redirection?
Say your public address is 1.1.1.2, and you have a lan of 192.168.1.0/24.
Someone on your lan wants to get to a ftp server at 192.168.1.254 and you have port 21 opened to that ip in your firewall.
With nat redirection enabled, they cannot get to the ftp server from ftp://1.1.1.2, they have to go to ftp://192.168.1.254. From outside you lan they can go to ftp://1.1.1.2.

It basically blocks access to local servers from local pc's using the public address. Doesnt block access to the servers using the lan address though.

If your local systems send packets to the -public- (external) IP
and port of your internal servers, then if the filtering is turned
on then the device will deny those packets; when the filtering is
turned off, the device will re-address those packets and send them
back inwards. In this situation, the source of the connection is local
and the destination ends up being the local server, but the address
used by the local computer was the outside address instead of the
inside address.

Allowing this kind of traffic to go through messes up the security
device's ideas of "source" and "destination" (especially for UDP),
so it cannot be done at the same security level as would be the
case if the source and ultimate destination were on different
interfaces of the security device.
So it is sounds like they are saying you need to turn off the filtering option to enable the loopback, so you can use the external/public/internet IP to test your server as if you were at an address outside the router.
But with it set either way, I still cannot get a connection through the WAN-side address from a local machine to check everything myself. Working on it though and will touch base if I run out of ideas or finally find a clue. (oh, note: I've double checked forwarding and firewalls, etc. Still not sure if I ought to have the server set on Use Diff IP for Passive and give it the internal or external address to use, I am thinking the internal {which is the default for Auto anyway?} because it is an "older" router WRT54Gv4 that I hav been using for like 5 years. Just happy I got the Vista UAC properties and permissions straight.)
BTW the LAN address works fine. I was able to successfully read a test text document I put in the ftproot, and used the ftp url format in Opera to login with a username automajically :D

Post Reply