router trouble tryin to connect to my ftp server

tryin to run a ftp server on my lan pc Bulletproof ftp server. I set up a virtual server on the router for port 21 and forwarded it to my lan ip and checkd that the port was open through grc.com, and also forwarded some pasive ports 50000:50100 to my lan ip that I enable through bpFTP server, but I am unable to connect to my ftp server and recive a time out request.

any suggestion would be of great assistance.

currently runnin winxp pro

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\niceday>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP niceday-tjry3m7:21 niceday-tjry3m7:0 LISTENING
TCP niceday-tjry3m7:135 niceday-tjry3m7:0 LISTENING
TCP niceday-tjry3m7:445 niceday-tjry3m7:0 LISTENING
TCP niceday-tjry3m7:1025 niceday-tjry3m7:0 LISTENING
TCP niceday-tjry3m7:1027 niceday-tjry3m7:0 LISTENING
TCP niceday-tjry3m7:1035 niceday-tjry3m7:0 LISTENING
TCP niceday-tjry3m7:1039 niceday-tjry3m7:0 LISTENING
TCP niceday-tjry3m7:139 niceday-tjry3m7:0 LISTENING
UDP niceday-tjry3m7:445 *:*
UDP niceday-tjry3m7:500 *:*
UDP niceday-tjry3m7:1026 *:*
UDP niceday-tjry3m7:1033 *:*
UDP niceday-tjry3m7:1036 *:*
UDP niceday-tjry3m7:123 *:*
UDP niceday-tjry3m7:1303 *:*
UDP niceday-tjry3m7:1418 *:*
UDP niceday-tjry3m7:123 *:*
UDP niceday-tjry3m7:137 *:*
UDP niceday-tjry3m7:138 *:*
UDP niceday-tjry3m7:520 *:*
UDP niceday-tjry3m7:2051 *:*

C:\Documents and Settings\niceday>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : niceday-tjry3m7
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth
ernet NIC
Physical Address. . . . . . . . . : 00-C0-DF-0B-8B-C3
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1

C:\Documents and Settings\niceday>

I should also probably note that I am on a dynamic ip that I update through dyndns service

Have you tried accessing your FTP server externally using both a domain name and the IP address? Do both attempts have the same timeout problem?

Is there an option in Bulletproof FTP server to only allow internal access? Perhaps you have to specifically allow external access.

Thanks for your reply, I have tried to connect to the ftp server from the domain anme and my ip but same timeout problem, I can connect to the server from the lan side with out any problems at all, it is most strange.

There is an option in the program for passive mode that says: running this server on a lan requires that it knows your internet ip so that it can correctly deal with passive mode, I then have selected the dynamic ip option and entered my host name. It then goes on to talk about passive ports stating: if you are behind a firewall or NAT/proxy, you can define the ports to use for incomming connections passive port range 50000 - 50100 is the range that I have set and set port triggering on the router to forward these ports.

I've never used BulletProof FTP, so I don't suppose you could post a screenshot of the page with the passive mode so that I could check the settings?

yeah here we go

On the first screenshot, where you enter the IP address (currently 192.168.1.2) I think you may need to enter in your external IP address as well. Although it is dynamic, try entering in your current external IP address and then try checking to see if it works externally. If it does, we'll have to find some way of getting this to work with your dynamic address.

right put in my current ip but still no joy it is most frustrating, to be honest I am at a total loss. Don't know if you have ever used RealVNC, but I have tried to use this aswell but the connection just times out. I am able to host games ok like quake 3 etc, so can't really understand as to why this is not workin.

Thanks for all your help so far

Oh well, we'll get there eventually...

I just looked back at the screenshots and there is a section called "Dynamic IP". Does that contain any useful settings? Perhaps I could see a screenshot of that too?

Another thing to check: you've opened the ports on the router and this appears OK when you check the Shields UP test, but you aren't running an additional firewall on your computer, are you? Disable any firewall you may have installed, and also check the Internet Connection Firewall (built into XP) isn't enabled.

I have no firewall software installed and xp's built in firewall is disabled. This dyanim IP sections seems to contain my lan ip address.

That's interesting. Of course, since you're computer isn't connected directly to the Internet, you won't be able to get the other IP address listed there.

I've done some checking on the BulletProof Website and you should look at these links:

http://www.bpftpserver.com/?page=fa...tion,internet.4

http://www.bpftpserver.com/?page=fa...tion,internet.5

These both link to the same page, but different questions within the page. Check out question 4 and 5 from the "Connection, Internet" section. This gives a few points to check to make external access work.

Just an FYI on FTP it is very complicated for firewalls because the initial request comes in on port 21 however when you issue the GET command the client will open its next available port which is usualy port 1026 and the server will send back on its port 20 for the clients listening port of 1026 for data ( theoreticly you should be able to still send commands on 21 while 20 is downloading) this is in Active-mode. In passive-mode the server will send a reply back to the client to initiate a connection to its specified port (in your case 50000-50100) so the client will initiate the connection to get pass their firewall because most firewalls are not smart enough to allow the ftp server to initiate the connection first.

just the same make sure your firewall allows the server out through 21 and 20, and your client is set for passive mode.

I think that may be the problem because you've only opened ports 21 and the 50000-50100 range. If you check the question 4 link I gave in a previous post, it says that you need port 20 open as well.