Technology, Support, and News Forum

[marathonman]

Could do with some tips.. hope someone can help?

I have here 2 PC's both running XP Pro, one is SP2, one is SP1.

There's a DSL connection to the SP2 machine via a USB DSL modem, this machine is used for word processing, general browsing etc. This machine has windows firewall 'on' for the net connection, with default settings.

The two machines are connected via 2 10/100 NICs, a 10Mbit powered hub and cat5 cabling.

Can I set up FTP server software on the SP1 machine using Bulletproof FTP http://www.bpftp.com/ and use ICS to allow access to the FTP machine from the outside - & can I use dyndns http://www.dyndns.org/services/dyndns/ with this?

Idea is to allow telecom engineers to upload and download tech documents from a central server using a static, unchanging name like ftp://ftp.what-ever.com/telecom/manuals/ etc. regardless of ip changes.

What do I need to set up security wise?

[OsirisX Profile WebsiteYIM]

It may be difficult to set up an ftp on a DSL connection because they are usually dymanic ip, so the ip changes every few minutes. The are programs that will be able to constantly update your ip to the dns. The other thing is that DSL uploads are very slow so it's will be good for only documents and small files. Security wise, if the documents are very important, I would suggest you setup SSL since it is much more secure than a regular password.

[OrphicFireball Profile]

Yes, I agree it probably would be pretty slow, but I'm pretty sure your IP wouldn't change nearly that fast.

I'm on dynamic dhcp from my isp and I've had the same IP for weeks.

[marathonman]

Thanks for the input peeps. Well the files are mainly pretty small pdfs, and they're sat on a dvd (in a player not a burner) so they should be safe. I've managed to get everything working perfectly with all the software set up on the sp2 machine this evening - using 'Bali updater' to keep dyndns informed of what ip i'm on, and bulletproof running with it's own dynamic dns not enabled.

Downloads are slow yes. It doesn't matter as this is to be used as a failsafe system for a small group of engineers (the ones who ring up from someplace 100 miles from the office, having left the manual at home etc).

The one problem I've hit is that now I've moved bulletproof to the sp1 machine out on the network, I can't connect to it from the internet. How do I get it to work..

How to explain.. hmm.

someone types in ftp://myftp.dyndns.com/ and they come through to my sp2 machine, that's the first thing they hit. But bulletproof is out on my network on it's own internal network ip. They therefore get a hard nosed 'your connection was refused' message, I guess because the sp2 machine hasn't got any server software on it it doesn't know what to do.. How do I get bulletproof to connect to their incoming request ? Do I need to be using network address translation or something here? Some kind of software NAT, as I don't have any hardware of that nature.. just a basic dsl modem, 2 computers, 2 nics, a bit of cat5 and a very basic powered hub.

[OrphicFireball Profile]

I was going to say you need to set up port forwarding on your router... but it's just a hub so that wouldn't apply. However, if that's the case then you wouldn't have internal IPs... I'm confused. Oh, is the computer getting it's internet connection through the other computer? I see, you are using internet connection sharing?

I would recommend just getting a router (the easiest way to give you NAT (network address translation)), that would be the easiest way. I'm not sure there is a way to forward the port to the other computer they way you are doing it, but someone else may know a way. The other option, is could you just switch computers, I mean have the SP1 one connect to the internet so they come to it first?

[marathonman]

Good ideas. I really should get a decent router (keep meaning to!) but it's 1:34 in the AM here & I'm hoping to get it cracked tonight, with what I have kicking around..

Aye that's right - using ICS.

If I switched computers, would the fact that the sp1 machine is a bit decrepit (amd 700 with something silly like 64 meg ram) slow down the internet connection to the sp2 machine? I know if I put sp2 on it, it would curl up and die.. prefer having the better machine as the 'gateway'. Not for any particular reason other than it 'feels' more secure!

It's be lovely if someone knew a way to do this port forwarding thing.. that's be like telling the sp2 machine to let the sp1 machine handle anything smelling like an ftp request right?

Never easy are they

[OrphicFireball Profile]

I knew this could be done but had no idea how. You are exactly correct, port 21 is the ftp port and it can only be directed to one computer on an internal network such as yours, so you must tell your gateway to forward port 21 traffic to your SP1 computer. First, find it's internal IP for example 192.168.0.3, and then follow the instructions below:

1. Double-click Network Connections in Control Panel.
2. Right-click the Internet connection (which is also the connection where ICS is enabled), and then click Properties.
3. On the Advanced tab, click Settings.
4. In the Services box, Click Add.
5. Fill in the Service Settings form as follows:
Description of Service: FTP Services (or any other name)
Name or IP: <IP address of internal FTP server, for example: 192.168.0.12, or enter the name of the FTP server, for example: COMPUTER2> (I would highly recommend using the IP, but using the computers name on the network could work).
Protocol: TCP
External Port number for this service: 21
Internal Port number for this service: 21
Click OK to complete the configuration, and then click OK to exit the Advanced Settings dialog box.

These instructions are an adaptation of microsoft's guide to setting up a PPTP (virual private networking server) using ICS (adapted for setting up an FTP server).

http://support.microsoft.com/default.as ... -US;309524

[marathonman]

Many thanks for that gem

Seems totally logical but it doesn't seem to be working.. tried not bothering going through the dyndns address and just went to ftp://xxx.xxx.xxx.xxx (my current internet ip) directly too - got the 'connection refused' message.

Feels like 99.9% of the way there.. must be missing something somewhere!

I followed the directions above, went smoothy - only thing was it complained at first because there was already an entry listed for FTP - but there was an edit button so I just put the ftp machine's ip in there. seemed to take it ok. Deffo got the right ip for the ftp because bulletproof itself is displaying it, and it marries up with an ipconfig on that machine plus a ping of the hostname from the sp2 machine.

Wonder if I need to send port 20 as well? give it a try..

FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port.

No joy. Bulletproof is actually saying it's listening on port 21 in the gui which is helpful. Just had a look in Bulletproof's logs and it appears not to have heard anything yet - no refused connection messages, nada..

Try a wholesale reboot of the entire network I guess. nothing to lose!

Nope. No joy

Checked if I could access the ftp server directly on the internal network (ftp://int.ern.ali.pxx ...) - worked a dream. It's definitely looks like something in the port forwarding going awry, grrr

[marathonman]

Folks, will it make a difference that I'm trying to test this out from the gateway machine on the network?

[marathonman]

Anyone spare a minute to help us with a test from outside my network, drop us a PM? Thanks

[edit]Nevermind, bed calls[/edit]