# pure-ftp

## cf25

well, i am running pure ftp and it works fine within my lan.  in fact people can even connect to it from outside my lan.  the problem is they cant get the directory listing.  any ideas?

the address is 65.218.56.80:42 if you wanna try it

----------

## delta407

Are you behind a firewall or something that is doing NAT? If so, people on the other end of the pipe have to go into "passive" mode.

----------

## cf25

so what is NAT and how do i know if my router is doing it?

----------

## delta407

Did you have to do anything to open port 42? Also, if your FTP server isn't residing on 65.218.56.80 (like it has a different IP), you have to specify that in your configuration file.

----------

## cf25

yeah i had to rout port 42 to my local ip on the lan

----------

## Zu`

 *cf25 wrote:*   

> so what is NAT and how do i know if my router is doing it?

 

http://linas.org/linux/load.html

It's fairly brief and worth the read.

For more specific information, like setting it up with iptables: http://www.tldp.org/

----------

## klieber

 *cf25 wrote:*   

> well, i am running pure ftp and it works fine within my lan.  in fact people can even connect to it from outside my lan.  the problem is they cant get the directory listing.  any ideas?

 

FTP requires the use of two TCP ports.  One is for control information (21, by default) and the other is for actual data (20, by default).  From what you're describing, you've correctly routed the port for control information to your FTP server, but you have not done the same for the actual data port.  (or its blocked at your firewall, etc.)

You might also try establishing a passive FTP connection instead of an active one -- if a firewall on the client side is causing a problem, this will often work around that issue.  (passive FTP allows the client to establish the secondary data connection, rather than having the server establish it)

And, if all of this sounds like gibberish to you, then I suggest you do a little googling.  :Smile:   There's lots and lots of information out there about this stuff.

--kurt

----------

## delta407

 *klieber wrote:*   

> FTP requires the use of two TCP ports.  One is for control information (21, by default) and the other is for actual data (20, by default).

 

Actually, in most modern FTP servers I've used, random ports are assigned. Not one of them used port 20. Fortunately, man pure-ftpd says:

```
       -N     NAT mode. Force active mode. If your FTP server is behind  a  NAT  box  that

              doesn't  support  applicative  FTP  proxying, or if you use port redirection

              without a transparent FTP proxy, use this.  Well...  the  previous  sentence

              isn't very clear. Okay: if your network looks like this:

              FTP--NAT.gateway/router--Internet

              and  if  you want people coming from the internet to have access to your FTP

              server, please try without this option first. If Netscape clients  can  con-

              nect  without  any problem, your NAT gateway rulez. If Netscape doesn't dis-

              play directory listings, your NAT gateway sucks. Use -N as a workaround.
```

----------

## klieber

 *delta407 wrote:*   

> Actually, in most modern FTP servers I've used, random ports are assigned. Not one of them used port 20.

 

Hmmm...sure that wasn't for passive FTP connections?  Every FTP server I've used as always initiated data connections from port 20 on the server.  Otherwise, it makes setting up FTP on the firewall a challenge since you have to figure out what port your FTP server expects to use for data connections.

In passive FTP, OTOH, the server does use random, unprivileged (> 1024) ports, though the client, and not the server, does the connecting in that case.

--kurt

----------

## delta407

 *klieber wrote:*   

> Every FTP server I've used as always initiated data connections from port 20 on the server.

 

Most clients use passive mode by default nowadays, since a lot of people are NATed at home. And since he's not being firewalled, just NATed, it doesn't much matter what port connections originate from, so...

----------

