Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
ArkTheYO

FTP SERVER(port block)

Recommended Posts

Posted · Original PosterOP

Hey all,

I just had this wild thought sorry if it sounds really silly but i was thinking if i could use a vpn to change my ip address and then  port forward port 21 from the routers page, would that then help me access my ftp server from outside network using the changed ip address. P.S.: My routers page does provide a port forwarding option but doesnt seam to work as i am not able to access my ftp server from outside the network.

Link to post
Share on other sites
Posted · Original PosterOP
2 minutes ago, crashahotrod said:

Port forwarding shouldn't be necessary or helpful. Check if your vpn provider supports ports other than 80.

Hey so does this mean if my vpn provider supports port forwarding then ill be access my ftp serrver outside the network meaning no depending on the ISP?(by the way the routerr is provided to us by the ISP itself even though it has the option of port frwarding it doesnt seem to work so i guess they probably have blocked it)

Link to post
Share on other sites
3 minutes ago, ArkTheYO said:

Hey so does this mean if my vpn provider supports port forwarding then ill be access my ftp serrver outside the network meaning no depending on the ISP?(by the way the routerr is provided to us by the ISP itself even though it has the option of port frwarding it doesnt seem to work so i guess they probably have blocked it)

could be that they have blocked some ports, try translating like port 23000 or whatever to 22 or whatever you need in your router for acces from outside your network


I spent $2500 on building my PC and all i do with it is play no games atm & watch anime at 1080p(finally)...

Builds:

The Toaster Project! Northern Bee!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to post
Share on other sites

Your vpn provider would also have to give you a dedicated IP now that i'm thinking about it. It might be easier to change your ftp server port to something else and forward it. ISPs frequently block common ports 80, 8080, 443, 8443, 21, 22, 23 etc. for "security" reasons. I would change your server's port.

Link to post
Share on other sites
Posted · Original PosterOP
3 minutes ago, crashahotrod said:

Your vpn provider would also have to give you a dedicated IP now that i'm thinking about it. I't my be easier to change your ftp server port to something else and forward it. ISPs frequently block common ports 80, 8080, 443, 8443, 21, 22, 23 etc. for "security" reasons. I would change your server's port.

Ohk so i made my ftp server using IIS, how can i change my servers port. Sorry i m very new to this!

Link to post
Share on other sites
Posted · Original PosterOP
8 minutes ago, crashahotrod said:

You may also need to open it in your windows firewall in addition to your router.

ohk! but the thing is i did as mentioned on windows site but there was no servie type folder and on clicking on the existing registories the input type wasnt the one mentioned. (There was just one folder order in Folder Service provider)

Link to post
Share on other sites

Try the 7.0 instructions

  1. Open Internet Information Services (IIS) Manager.
  2. Select the Web site that you wish to configure.
  3. In the Action pane, click Bindings.
  4. Click Add to add a new site binding, or click Edit to change an existing binding.
  5. Click OK to apply the changes.
Link to post
Share on other sites

So part of your battle is if you configured everything correctly. First log in to your FTP server, open up command prompt and type:

netstat -an | find ":21"

 

This will show you if there's anything listening on 21. You should see a few entries ranging from 0.0.0.0:21 / 127.0.0.1:21 / wergwethweth:21 (ipv6).

If this looks good, then move on to configuring your router.

Since I don't know the make/model of your router, the idea is to configure either a firewall rule + NAT, or if it simply has "port forwarding" then you need to configure that. If you believe you've configured it properly, then go to this site:

https://www.grc.com/x/ne.dll?bh0bkyd2

 

Click Proceed, in the dead center is a white space - enter 21 and click "user specified port.." - you want to see red / failed. If you do see red/failed that is good news, nothing else required and you just need to configure the FTP server properly if it's not accepting connections.

 

I've never used IIS as a FTP server, I've always used filezilla. Very very easy to setup. My only nightmare is PASV ports... shivers.

Link to post
Share on other sites

Oh my I forgot all about PASV ports you will also have to configure a range on the server for those, and forward them through both your firewall and router. I'm not sure how to configure the PASV port range in iis.

Link to post
Share on other sites
Posted · Original PosterOP

@crashahotrod and @Mikensan Thanks a lot guys! a really ! i actually have exams my exams coming up and i am busy with their preparations though still i am putting all my free time into the methods u all have told me and will continue to tell or share with you with the steps you all have told me to follow, though if i post late, please do reply i really want to know more . THANKS AGAIN!

Link to post
Share on other sites
Posted · Original PosterOP
On 9/16/2016 at 0:24 AM, Mikensan said:

So part of your battle is if you configured everything correctly. First log in to your FTP server, open up command prompt and type:

netstat -an | find ":21"

 

This will show you if there's anything listening on 21. You should see a few entries ranging from 0.0.0.0:21 / 127.0.0.1:21 / wergwethweth:21 (ipv6).

If this looks good, then move on to configuring your router.

Since I don't know the make/model of your router, the idea is to configure either a firewall rule + NAT, or if it simply has "port forwarding" then you need to configure that. If you believe you've configured it properly, then go to this site:

https://www.grc.com/x/ne.dll?bh0bkyd2

 

Click Proceed, in the dead center is a white space - enter 21 and click "user specified port.." - you want to see red / failed. If you do see red/failed that is good news, nothing else required and you just need to configure the FTP server properly if it's not accepting connections.

 

I've never used IIS as a FTP server, I've always used filezilla. Very very easy to setup. My only nightmare is PASV ports... shivers.

Hey bad news showed up pass , i guess my ISP has just blocked port 21 even though they provided the funcionallity of port forwarding in the router!

Link to post
Share on other sites

When using vpn you dont have to port forward if your router is the vpn server as its like you're on the same LAN.

You can port forward another port instead like some random port such as port 1337 if its not being used. Ofcourse port scans will find this but on configurable routers like mikrotik i use a firewall configuration that automatically blocks any port scan attempt and prevent communication with supicious hosts which a lot of the time happens to be google and facebook. But this relies on having a good router which can actually keep you secure. Its the same case with using vpn too.

Link to post
Share on other sites
On 9/16/2016 at 7:44 PM, ArkTheYO said:

Hey bad news showed up pass , i guess my ISP has just blocked port 21 even though they provided the funcionallity of port forwarding in the router!

It's not unheard of for ISP's to block 21, I only have experience with 2 consumer ISPs (Comshit and Verizon FiOS) who didn't block it surprisingly. Luckily the easiest workaround is to change the port. 

 

On your port forwarding rule you should be able to change the "incoming" port but leave the forwarding port as 21. So lets say you use 8888 in your rule. Your remote client would user whatever.yourdomainname.is:8888 as your FTP address, and your router would just forward it to your internal IP:21. Because of this fewer ISPs are blocking ports.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×