FTP Server cannot be connected to - port 21 forwarded
NotGood
Enthusiast - Level 1

All of a sudden nothing is working. I forwarded port 21. I also tried Accept/Accept routers firewall and disabled my comps firewall and DMZ'd the comps IP address and STILL my Webhosts computer can't backup the server to my computer! This is an URGENT matter!

0 Likes
1 Solution

Correct answers
Re: FTP Server cannot be connected to - port 21 forwarded
NotGood
Enthusiast - Level 1

I've kept it on PASV, which I didn't need before, but I realize its easier on bandwidth and sometimes multiple hits gets blocked. I used to have it FTPS but tried as open as I can just to get the files over. I even tried changing the port. Don't know what else to do. The host is too small to backup to and download from, I've tried DMZing my comp. I've tried PASV and no SSL, I've tried disabling my firewall, and I've tried changing ports. To me it looks more like another SPI filter Verizon is using to blackmail users into another "service". Could someone try to host a FTP Server and see if you have the same issue?

These are the options on the webhosts client:

1. Use FTP over SSL (FTPS)

2. Use passive mode

I used to -like a month ago- have just #1 checked and it worked fine. I've had Verizon for about a year.

This is HORRIFIC! I'm scheduled to do a backup today!

EDIT: These are my Port Forward settings:

Local Host = 192.168.1.8

Local Address= 192.168.1.8

Network Address=Any

Public IP Address=Any

Protocols=FTP - TCP Any -> 21

I must have restored the router to default 100 times. Still can't see it with canyouseeme.org. This sucks.

EDIT: And YES I did try and specify the Network Address to 192.168.1.8...

EDIT3: Opened port 20 as said in another post, no dice. Still trying...

EDIT4: ITS WORKING NOW! Crap now I know why those datacenter dudes kill themselves. I was getting **bleep**. For sure I'm gonna go back to my old ISP I can't take this BS. Nothing is changed from the settings. Same as above original. I think these Verizon morons are using some Cisco DoS sensing garbage and blocked everyones ports for a long time. Now it's loose. Ugh aweful. I had Cox for over 10 years and the worst that happened was one day the internet was off, but at least they told everyone it could happen. Verizon is horrible. Always something doesn't work because of ports being blocked. I'm gonna copy/paste this to my blog for everyones information, I'm still **bleep**. It's just unacceptable. I'm also gonna look into that law that was SUPPOSED to not enable ISP's to block any services or throttle bandwidth. Anyway, Thanks to the guy who tried to help out.

View solution in original post

0 Likes
Re: FTP Server cannot be connected to - port 21 forwarded
ravioli
Enthusiast - Level 3

If the client supports it, try placing your FTP server in your "DMZ" and on the client switch into "PASV" mode before attempting any transfers (your hosting server could be blocking the port 20 data channel return).

Really you shouldn'y be using FTP if you can absolutely avoid it -- insecure protocol with everything passed in the clear.  I would suggest you install SSHD on your server and use SCP or SFTP to move the data -- this does everything over port 22 so no additional ports to worry about -- and the data transfer is encrypted.

-- ravioli (aka "lasagna" who is presently having an "out of userid" experience thanks to a Verizon "upgrade")

Re: FTP Server cannot be connected to - port 21 forwarded
NotGood
Enthusiast - Level 1

I've kept it on PASV, which I didn't need before, but I realize its easier on bandwidth and sometimes multiple hits gets blocked. I used to have it FTPS but tried as open as I can just to get the files over. I even tried changing the port. Don't know what else to do. The host is too small to backup to and download from, I've tried DMZing my comp. I've tried PASV and no SSL, I've tried disabling my firewall, and I've tried changing ports. To me it looks more like another SPI filter Verizon is using to blackmail users into another "service". Could someone try to host a FTP Server and see if you have the same issue?

These are the options on the webhosts client:

1. Use FTP over SSL (FTPS)

2. Use passive mode

I used to -like a month ago- have just #1 checked and it worked fine. I've had Verizon for about a year.

This is HORRIFIC! I'm scheduled to do a backup today!

EDIT: These are my Port Forward settings:

Local Host = 192.168.1.8

Local Address= 192.168.1.8

Network Address=Any

Public IP Address=Any

Protocols=FTP - TCP Any -> 21

I must have restored the router to default 100 times. Still can't see it with canyouseeme.org. This sucks.

EDIT: And YES I did try and specify the Network Address to 192.168.1.8...

EDIT3: Opened port 20 as said in another post, no dice. Still trying...

EDIT4: ITS WORKING NOW! Crap now I know why those datacenter dudes kill themselves. I was getting **bleep**. For sure I'm gonna go back to my old ISP I can't take this BS. Nothing is changed from the settings. Same as above original. I think these Verizon morons are using some Cisco DoS sensing garbage and blocked everyones ports for a long time. Now it's loose. Ugh aweful. I had Cox for over 10 years and the worst that happened was one day the internet was off, but at least they told everyone it could happen. Verizon is horrible. Always something doesn't work because of ports being blocked. I'm gonna copy/paste this to my blog for everyones information, I'm still **bleep**. It's just unacceptable. I'm also gonna look into that law that was SUPPOSED to not enable ISP's to block any services or throttle bandwidth. Anyway, Thanks to the guy who tried to help out.

0 Likes
Re: FTP Server cannot be connected to - port 21 forwarded
ravioli
Enthusiast - Level 3

Actually I both retrieve data via FTP from some servers and have a small FTP server working on my local network.   It's not blocked.  I suspect actually that it may have been something at the provider's end.   FTP is a notoriously bad protocol particularly in the firewall terms because of the way it works -- and with NAT involved, it get's uglier since the firewalls in between need to understand and "fix" the callback information inside the packets to account for the NAT.  

PASV overcomes the callback (it's not a performance thing).  Insteand of a callback being done that the firewall has to accomodate and allow back in, it turns the FTP protocol around so that the data channel creates a dynamically allocated port from client to server over which the transfer takes place.   This is slightly more firewall friendly since it's two "client to server" initiated connections, but the "random port" thing again takes you back to square one with most firewalls -- thus why I suggested you put your server "in the DMZ" which exposes all ports thus allowing the dynamic port thing to work.

Also, don't confuse FTPS with SFTP/SCP.   FTPS is nothing more than traditional FTP (smae challenges as above) but with an extra step that negotiates an SSL channel for encryption of the data packets.   So, it's better from a security perspective and a drop in replacement (as far as the firewalls are concerned) for FTP.

SFTP however is just a modified SCP which emulates FTP commands.   In reality it runs over port 22 (SSH) entirely and the FTP native protocol isn't involved.  Some firewall people won't allow SSH traffic however because of the port forwarding possibiities and that's another reason why some use FTPS/FTP over another method.

I often recommend that people use an SSH tunnel between hosts for all communcation needs.  With port forwarding you can enable any protocol you need with it all going over a single port (typically tcp/22) but also can easily be put onto any "open" port.  In fact, my setup here is that I port forward ports 21, 22 and 23 (ftp, ssh, and telnet) to port 22 on my linux server (which has SSHD running on it -- you can also get open source SSHD for Windows boxes as well).   This lets me use any port which might be open outbound (typically one or all of those three ports is open at a minimum) to make an SSH login.  I then port forward via SSH things like 3389 to my desktop, 5900 to my Linux box for VNC to allow me to  connect to those applications remotely and will also use the SOCKS proxy capability that's built-in to give me a way to "browse the web securely" by allowing me to push all web browser traffic thru the tunnel and back out my internet connection instead of riding in the clear at some local hotspot where I might be sitting). 

Re: FTP Server cannot be connected to - port 21 forwarded
spacedebris
Master - Level 2

Just an FYI, Verizon doesnt block any ports other than port 25 and sometimes port 80 (some areas). They also do not throttle or cap bandwidth. Its one of the things that they do better than other ISP's. They may have their issues but this is not one of them. There may have been some other problem (router (yours or theirs), computer settings, windows updates, etc) that caused the problem but it wasnt because they were blocking you.

Re: FTP Server cannot be connected to - port 21 forwarded
viafax999
Community Leader
Community Leader

@spacedebris wrote:

Just an FYI, Verizon doesnt block any ports other than port 25 and sometimes port 80 (some areas). They also do not throttle or cap bandwidth. Its one of the things that they do better than other ISP's. They may have their issues but this is not one of them. There may have been some other problem (router (yours or theirs), computer settings, windows updates, etc) that caused the problem but it wasnt because they were blocking you.


They don't block port 25 either if you're on their network and the destination SMTP server is outgoing.verizon.net.

Re: FTP Server cannot be connected to - port 21 forwarded
sisbill
Newbie

How do I retrieve my ID and password for FTP connection to my Verizon web pages?  

0 Likes
Re: FTP Server cannot be connected to - port 21 forwarded
somegirl
Champion - Level 3

@sisbill wrote:

How do I retrieve my ID and password for FTP connection to my Verizon web pages?  


These should be the same username and password that you use to log into your verizon.net email and/or to access Verizon's Site Builder.