Cannot Connect to FTP Server Behind Zyxel Router


Hi everyone,
So I am trying to setup an FTP folder on my Windows server, running Windows Server 2008 r2. I believe I have it setup correctly on the server end, but I'm running into problems with my Zyxel ZyWall USG-100 Plus router.
I can also access it through ftp clients from the Internet as long as I create rules under NAT and Firewall to route *any* service to my server. But as soon as I just make rules for FTP only, it doesn't work. It can connect/login to the server, but it gets stuck on "Retrieving directory listing", and I get an error that says "Failed to retrieve directory listing" when I try to connect with my FTP client.
I also have FTP ALG and FTP Transformations enabled for port 21.
Does anyone have any suggestions to fix this? Thanks
Comments
-
What is port number of FTP Server? It seems the port number of FTP server is not port 21 or 22 ,therefore, remote client cannot access.
I can also access it through ftp clients from the Internet as long as I create rules under NAT and Firewall to route *any* service to my server. I just make rules for FTP only, it doesn't work.
1 -
SoloReaver, Classic issue.
You need to configure the FTP client software to use "passive mode" PASV because otherwise your
connection is a "active mode" FTP session and that does not work, for the most part through
a firewall.
With active mode, you always get stuck at the same line, getting directory listing and nothing happens.
If you have a FTP on a public IP a active session will work just fine, however as most traffic on the Internet often involves some form of firewall, passive mode works much better and almost never fails. Only under rare conditions it could fail but nothing the average Internet users will notice.1 -
Hi,
I use this post for a similar issue.This is my scenario:FTP protocol on port 8881FTP client logged in and connected on FTP server correctlyFTP client tries to upload the zip file on serverThe connection enters in passive mode, but...227 Entering Passive Mode (192,168,45,10,250,56)[Replacing PASV mode reply address 192.168.45.10 with 93....]192.168.45.10 is the FTP server IP (SERVER10)192.168.45.254 is the USG110 LAN IP192.168.1.254 is the USG110 WAN IP (ZYWALL_WAN)192.168.1.1 is the Vodafone router IP93.... is the WAN IP
I think that the problem is the reply with FTP server IP instead of USG110 WAN IP.
How can I show/exit with the USG110 WAN IP (192.168.1.254)?These are the zywall's configurations:
0 -
Hi @pvairo,
In your topology, FTP server is behind two NAT router, the upper layer router(Vodafone) is unable to aware FTP connection.
You must enable FTP alg (tcp 8881) on Vodafone router for ftp data port connection.
0
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 199 Nebula Ideas
- 125 Nebula Status and Incidents
- 6.3K Security
- 491 USG FLEX H Series
- 322 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 47 Wireless Ideas
- 6.8K Consumer Product
- 285 Service & License
- 455 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 95 Security Highlight