Vat of Knowledge

I’ve been a long time fan of BulletProof FTP server.  I recently ran into some issues with my passive mode configuration, and wanted to share what I had to do in order to get it working both on the internal network, as well as the external.

I left the default port, 21, open on my firewall to my FTP server.  Probably not a recommended practice, as you see all kinds of IP scans, and people trying to get into your FTP server.  Probably best to choose a different port to host your home FTP server with, but 21 makes it easier in a business environment, since it’s the default port.  I personally have a static IP address, so under the general settings/passive mode in BPFTP settings, I chose static.  If you have dynamic, just use dynamic and type in your dyndns.com name you’ve got set up (I hope).  When using passive mode, you also need to define a range of ports to listen on.  Set this range with the maximum number of connections you anticipate.  I chose range 50000 – 50100.  I opened this range on my firewall, but from the outside world, I still had trouble getting a list of the directories.  I had no problem logging in, I just couldn’t get a listing, getting error:

(000001) 12/21/2009 4:27:27 AM – ew (24.251.156.85) > LIST -aL
(000001) 12/21/2009 4:27:33 AM – ew (24.251.156.85) > 426 Cannot retrieve. Failed. Aborting

With port 21 already open, and port range 50000 – 50100 open to my FTP server, I had to do one final thing.  Open port 20.  It’s a control port, so whatever port you choose for FTP, also open one port down on your firewall, and you’re in business.