D-Link DSL-504 Ethernet Router – Support Forum

cant FTP [D-Link DSL-504 Ethernet Router - 105317]

  • Jamesw
  • Posts: 6
  • Join Date: 23 九月 2004
  • Location: London, UK
I cannot FTP to the ISP hosting my website when connected to the internet via my DSL-504. My ftp software (WS_FTP) returns an error message of "connection timeout" However, the same PC does connect when using a dial-up modem - and all PC settings were identical (i.e., my Sygate Personal Firewall remained on) I have read numerous web forums to find the solution have tried the following advice: 1. router: enabled port redirect for 20/21 to my PC local ip address 2. router: configured my PC as DMZ 3. WS_FTP: enabled passive mode 4. WinXP home ed: enabled passive mode in Control Panel/Internet Options/Advanced 5. tried logging into FTP via IE6 using command ftp://username:password@ftpserverurl but this also returns an error of "connection timeout..." The symptoms (especially that it works with a dial-up) and the web forums all seem to indicate that the problem is with the router?
  • rperkin
  • Posts: 2535
  • Join Date: 12 八月 2003
  • Location: UK
I answered a similar question in the DSL-604+ forum on this site recently. OK, so it was a different FTP server product, and the router is slightly different - it's the wireless cousin of the DSL-504, but the config is the same and the principles are the same. Have a look here. Specific info on WS_FTP can be found here. Although this mentions SSL, it does show the setup screen for the PASV port range and router's IP address. When you've set things up, you can check: - on the router's Summary | Port Redirection Summary screen that the port forwarding is set correctly - with the FTP server running, that Shields UP! shows ports open - that you can FTP to the PC running the server from another local PC behind the router by specifying the local IP address of the FTP server. This can be either from a command line, or from IE. Note that for PASV connection from behind the router you will need to (temporarily) set the IP address on the WS_FTP Firewall Settings screen to the *local* IP address of the PC Check the server logs to show that the connection is recognised and handled correctly. Remember also that you need to test your FTP server by connecting from the public side of the router. It is not possible to connect from behind the router using the public IP address of the router [the DSL-504 does not implement NAT loopback]. Hope this helps - let us know how you get on
  • Jamesw
  • Posts: 6
  • Join Date: 23 九月 2004
  • Location: London, UK
Thank you for this advice. I think I have poorly explained my problem but your solution still seems relevant - as I think my issue is with the router redirect of the PASV port range, which as not currently set up, and seems to explain why I can FTP via a dial-up modem but not via my router. I am now awaiting a callback from Tesco.Net for their PASV port range. I didn't explain that the FTP server belongs to Tesco.Net and I have no access to this, so I can't modify the servers PASV port range. Nor can I "test your FTP server by connecting from the public side of the router.", or have I misunderstood this?
  • rperkin
  • Posts: 2535
  • Join Date: 12 八月 2003
  • Location: UK
"I have poorly explained my problem" No, your explanation was good - I should have read it more carefully. You're right. I answered a different question! Apologies :) "have I misunderstood this?" I gave a (good?) answer to the wrong question. If you are using an FTP client program behind a NAT router, the router will only allow incoming communication if there is a matching outgoing connection. In PORT mode, the client communicates on TCP port 21 - but the remote server will send back data on port 20. So you must forward TCP port 20 to your PC. [you say you have done this] In PASV mode, all communications are initiated by the client. So you should not need to forward any ports - that's the whole reason for PASV mode. Nor should there be any reason to have your PC in the DMZ - this will allow all incoming traffic arriving at the router to reach your PC. You say you are running Sygate. Look in Logs | Traffic Log and check if traffic is being blocked and what traffic is being sent/received on what ports. Run it in Allow All mode and see what happens (Security | Allow All). Can you connect to the server in PORT mode? Or is the problem just in PASV mode? For PORT mode from IE, deselect 'Use Passive FTP (for firewall and DSL modem compatibility)' in Tools | Internet Options | Advanced For PASV mode, you should have this option selected but also you *must* deselect 'Enable folder view for FTP files'. For info on configuring IE to use PASV mode see this link. Hope this helps
  • Jamesw
  • Posts: 6
  • Join Date: 23 九月 2004
  • Location: London, UK
Okay, I think we're getting somewhere - though I'm not sure what 'where' means. Oh, and thank you for your help and patience so far. It still doesn't work but I have carried out the following tests and recorded some interesting results:- Test 1a. firstly I tried to FTP using IE6 and my dial-up modem. I found that the only successful setup was using PORT mode ('enable folder view' - yes; 'use passive ftp' - no) and used command line ftp://username:password@ftpserverurl/. My Sygate showed my outgoing packet on port 21 and an immediate reply on port 20. 1b. When I tried this test (FTPing using IE6) but using my router instead of my dial-up modem, it timed out. My Sygate showed my outgoing packet on port 21 but there was no reply whatsoever. 2a. I then tried to FTP using WS_FTP and my dial-up modem. I found that WS_FTP works in PORT and PASV modes. In PORT mode, my Sygate showed my outgoing packet on port 21 and an immediate reply on port 20. In PASV mode, my Sygate showed my outgoing packet on port 21 and then more outgoing packets on ports 57093, 57094, 57096, etc. (more OUTGOING packets?) 2b. When I tried this test (FTPing using WS_FTP) but using my router instead of the dial-up modem, it timed out. In both modes, my Sygate showed my outgoing packet on port 21 but there was no reply or other traffic whatsoever. So, I conclude that my PC does not recieve a reply or connection from the FTP server when passing through my router. If this conclusion is okay, how do I determine whether the reply is being halted by my router? or by my ISP???? Note1: The ISP for my dial-up is Tesco. For my broadband it is BT. Note2: I've read on Ipswich web site that WS_FTP_LE does not support SSL; is this relevant? or does this only become relevant after I make a successful connection?
  • rperkin
  • Posts: 2535
  • Join Date: 12 八月 2003
  • Location: UK
"more OUTGOING packets?" I assume there was incoming traffic on port 21 first, after which your client will establish the connection to receive data. That's what PASV mode is about - all connections are established from the client end. "PC does not recieve a reply or connection from the FTP server" Try connecting without specifying the username and password, so that you are (should be!) prompted to input them, ie use the URL: ftp://ftpserverurl "how do I determine whether the reply is being halted by my router" This is where it gets more complicated. You could use another PC (or possibly the same one...) and configure its IP address into the DMZ using the router's Configuration | NAT Configuration screen. Run a copy of Ethereal and examine the traffic. The PC in the DMZ should receive a copy of all traffic arriving at the router, unaffected by any port forwarding or firewall filter rules. I can't see why your setup shouldn't be working. Personally, I would be tempted to reset the router and enter your config settings from scratch. I don't know how much configuring you have done/undone in trying to get this to work, but sometimes it's better to start from a known good position... Hope this helps
  • Jamesw
  • Posts: 6
  • Join Date: 23 九月 2004
  • Location: London, UK
What a nightmare... Typing 'ftp://ftpserverurl' gets me a "cannot find server" / "the page cannot be displayed" response. Ran Ethereal with DMZ off and the record shows only the 3 outgoing attempts to connect to the remote ftp server. No reply. Ran Ethereal with DMZ on and the record shows 12 activites, of which 3 were as above (lines 3, 7 & 10) and all others were from apparently unrelated ip's. Definately no response from my ftpserverurl. I've read this ( http://www.stdnet.com/uploads/media/MOVEit_WhitePaper_FTPNAT.PDF ) and it seems to suggest that the ftpserver can wrongly send its reply to my internal ip address 192.168.0.40 rather than my internet ip address. This would explain the lack of a reply. Could it be a NAT problem? is there a test to prove / disprove?
  • rperkin
  • Posts: 2535
  • Join Date: 12 八月 2003
  • Location: UK
Strange. I'm at a loss as to why you're having problems. Have you tried accessing any other FTP server? For example, you could try accessing D-Link UK's server here: ftp://ftp.dlink.co.uk/ Can you access this FTP server using IE in both PORT and PASV modes? If yes, it implies that the router setup is OK, and there is either something wrong with your WS_FTP client setup, or the 'other' FTP server. Can you access this FTP server using WS_FTP? If so, it implies that your client is OK, and the problem lies with the 'other' FTP server. A process of elimination should narrow it down. Hope this helps
  • Jamesw
  • Posts: 6
  • Join Date: 23 九月 2004
  • Location: London, UK
Accessing ftp://ftp.dlink.co.uk/ worked perfectly in PASV and PORT modes from IE. However access failed using WS_FTP but seemed to be due to userid and password issue. Could this be because WS_FTP was asking for upload permission - which I guess would not be permitted. I tried using Bullet Proof FTP and this did access ftp://ftp.dlink.co.uk/ - but it couldn't access ftp://homepages.tesco.net (time out error). Is this stranger still, or does it mean something?
  • rperkin
  • Posts: 2535
  • Join Date: 12 八月 2003
  • Location: UK
Well, I suspect it rules out the router. Have you doublechecked the username / password combination you are using to (try to) access ftp://homepages.tesco.net ? Have you spoken to your ISP?
  • Jamesw
  • Posts: 6
  • Join Date: 23 九月 2004
  • Location: London, UK
Correction to my earlier post. WS_FTP does connect to ftp://ftp.dlink.co.uk/ when I select the 'anonymous' checkbox (too much haste on my part - sorry). So, I think we can conclude that the problem is specific to my the server hosting my web site - ftp://homepages.tesco.net I checked with their helpline previously and they were unable to provide much help. The simplest solution from here is for me to use someone else to host my site. Thanks for all your help, we may not have fixed the original problem but we have found a solution - and I've learned a lot too.
;