Page 1 of 1

Using a different IP for PASV command does not keep IP addy

Posted: Tue May 20, 2008 11:36 pm
by jayjaya29
Using the nicely written FAQ, I determined I needed to change some PASV options to get the FTP to work from the outside. I went to Server Manager>Interfaces>Hit the interface created (192.168.1.101) then I hit the tick box for "Use different IP for PASV command (Usually a router address)". A text box appeared and by following the FAQ I entered the server's local address in the box which in my case is 192.168.1.101. I hit ok and exited back out to the main window.

Upon some tinkering I accidentally reset the FTP server, I went back to the same options area and the text box was now filled with my external address. Is this supposed to happen? I was under the impression the text box created from my ticking that box should be the server's local IP address and not my external IP address.

Let me know if something is up or if I am not understanding how interfaces work. Thanks!

This is with FTP version 2.47.

I am following this instructions from the FAQ:
To resolve the issue, you have to change Cerberus' PASV IP to be your internal LAN IP and not the external IP you get from your Internet Service Provider (ISP).

Steps to resolve:

1. Go to Configuration -> Server Manager -> Interfaces
2. Click on the interface that matches your internal IP
3. In the PASV Options section click the "Use different IP for PASV command" radio button and in the textbox that appears put in the same IP as the interface (your local IP address).
4. Click the "Ok" button
It is changing my input of the local IP address to my external IP address.

Posted: Wed May 21, 2008 2:58 am
by mdj
I can't say, how it figured out to change the ip address, but it was probably a smart move! :-) The FAQ you refer to (http://www.cerberusftp.com/faq/troubleshooting.html#Q3) is addressing a specific router problem (intelligent routers changing the external ip on their own). The FAQ also shows log excerpts showing how to identify this problem. If you don't have this particular problem, you should indeed enter your external ip address in the textbox. If you don't have a fixed ip address, you would want to "use a dns service" to determine the correct ip address.

I seem to recall a problem with Cerberus not saving the configuration change probably, which could cause it to "fall back" to and earlier configured external ip. I believe it should be fixed by now, but if I were you I would exit and restart Cerberus and verify that the setting is indeed remembered.

Posted: Wed May 21, 2008 9:25 am
by jayjaya29
I restart and the box reverts back to my external IP address. I've done it multiple times. I wouldn't mind it changing if thats the correct address, but it conflicts with the FAQ thats all.

I mean the FTP works fine right now (sans my firewall problems), just want to make sure all the PASV settings are correct.

Posted: Wed May 21, 2008 1:58 pm
by mdj
You *should* use your external ip, unless you are seeing exactly the problem described in the FAQ, so it is not in conflict with the FAQ.

- but you should definitely test that you can indeed get in using passive connections, before relying on it.

(Do you exit Cerberus "nicely" before rebooting/restarting it, to give it a fair chance to save the configuration changes? is Cerberus running as a service or from your user account?)

Posted: Thu May 22, 2008 9:43 pm
by jayjaya29
mdj wrote:You *should* use your external ip, unless you are seeing exactly the problem described in the FAQ, so it is not in conflict with the FAQ.

- but you should definitely test that you can indeed get in using passive connections, before relying on it.

(Do you exit Cerberus "nicely" before rebooting/restarting it, to give it a fair chance to save the configuration changes? is Cerberus running as a service or from your user account?)
Yeah, I'm not hasty with these things. Working in IT for a few years now has taught me that server based things takes time to update and refresh.

Right now the FTP works fine locally and when I disable my router firewall (thats a whole another can of worms) I can hit it from the outside too. I'm sure the PASV settings work fine because both these things work. I just wanted to make sure that this isn't a bug in the software, but it seems like its just doing what it should be.

I think I'm going to (in that PASV settings box with the three options), going to tick the 3rd one and put in my DynDNS credentials and hopefully be done with it. What do you think?

Posted: Fri May 23, 2008 2:46 am
by mdj
I agree. Dyndns is probably the right choice, unless you are *sure* you have the same external ip every time - and even then Dyndns is not a wrong choice. If PASV doesn't work with your firewall on, then the pasv port range isn't properly opened/forwarded.

Posted: Sat May 24, 2008 7:56 pm
by jayjaya29
mdj wrote: If PASV doesn't work with your firewall on, then the pasv port range isn't properly opened/forwarded.
Hehe thats the problem I'm having on my end. My router doesn't port forward (at all!) correctly and the DMZ doesn't work either. But these are my problems. Like I said if I turn the router's firewall off the FTP works like it should when getting hits from an outside computer.

Posted: Sun May 25, 2008 5:30 am
by mdj
Get a new router... :-)

Posted: Tue May 27, 2008 6:06 pm
by jayjaya29
mdj wrote:Get a new router... :-)
Haha saving my pennies for a gigabit router. 8)

Gonna make sure the port forwarding works on it before I buy one.