Thursday, May 29, 2008

Setting up an FTP Server Behind NAT (Network Address Translation)

Before starting, I assume that you have enough knowledge about FTP, active and passive mode in FTP, and NAT (Network Address Translation).

My home LAN (Local Area Connection) is consisted of several computers connected to The Internet via a router with a single IP Address, therefore obviously NAT is required. With NAT, there are two types of IP Address, local and global address(es). The computers in my network use local addresses which are only recognized inside my network. On the other hand, the router uses both address, so that it is possible to reach the router from local network or from the internet. I want to use one of my computer as an FTP server that can be accessed from outside my local network. The problem is that with only local address, the computer I used for FTP server couldn't be accessed from outside the local network.



In active mode, client is the one responsible in opening ports for data transmission. However, in passive mode (which is more popular), this responsibility is taken care by server. This is a similar problem from the previous one. The ports which are opened by the server are only available for those in the local network since it is using a local address.

Solution: Port Forwarding

In order to make the local FTP server available for anyone connected to the internet, a port forwarding must be applied to the router. For active mode, you just simply add port 21 (the default port for FTP) and forward it to the FTP server address. For passive mode, the same thing also have to be applied. In addition, several other ports are also need to be opened for data transmission.

Example:
I'm using the very common router (LinkSys WRT54GL) with local address 192.168.1.1. I want to open the port 21 and another ports from 60000-60050 for data transmission (this is actually up to you, pick anything above 1024). Open the router's interface from browser: http://192.168.1.1. Open the Application & Gaming -> Port Range Forward and fill in as follow (192.168.1.100 is my FTP Server's local address).



FTP Server Application

Another important thing that you need to do when using passive mode is setting up the FTP Server application itself. I think most of the FTP server application supports the usage of FTP server behind NAT. I'm going to use the free FileZilla FTP server as an example. In order to make the FTP Server works, you need to let it know about its global address. If you have a fixed address then you just have to tell the application about it, otherwise you will need another tool to retrieve the global address such as the one provided by FileZilla: http://ip.filezilla-project.org/ip.php.

To set up the FileZilla FTP server, open the Edit -> Settings menu and choose "Passive mode settings". If you have a fixed IP address (like in my example is 202.169.1.1), fill in the "Use the following IP" field, otherwise (or if you're not sure), just tick the "Retrieve external IP address from" and fill it with "http://ip.filezilla-project.org/ip.php". Tick both "Don't use external IP for local connections" and "Use custom port range". Fill the port range with the same range that you have filled in the router settings.

4 comments:

  1. I daily set an FTP server to reset switches 'cause I'm part of the IT team of the university but the thing is that I never hard about to set and FTP server behind nat thanks for posting this.

    ReplyDelete
  2. Perfect ideas for your story and great food for thought.

    ReplyDelete
  3. Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write ups thanks once again.

    ReplyDelete
  4. Anonymous4:57 PM

    savior! thanks man! I applied this in linux firewall too and it works great!

    Thank you again!

    Recommend!

    ReplyDelete