Jump to content
Not connected, Your IP: 3.227.233.6
Sign in to follow this  
Anontor

FTP server and client on AIR VPN.

Recommended Posts

I am trying to host a ftp server using my home PC using AIR VPN as the encryption layer, but how do i forward ports when 21 and 22 is blocked ?

And how does the port forwarding work if both client and server is using VPN as only one of are open for connections

to random ports.

FTP is infamous for awful port control.

Please advice.

Share this post


Link to post

I am trying to host a ftp server using my home PC using AIR VPN as the encryption layer, but how do i forward ports when 21 and 22 is blocked ?

 

And how does the port forwarding work if both client and server is using VPN as only one of are open for connections

to random ports.

 

FTP is infamous for awful port control.

 

Please advice.

 

Hello!

 

You will need to configure your FTP server in passive mode (PASV) and perform some configuration.

 

This is an example based on a server which listens to port 21 and supports passive mode.

 

First of all, make sure you use an FTP daemon which allows you to specify a range of ports which the FTP server will use. You will need to configure the server to listen to:

 

- port 21 (used to initiate the connection from any FTP client)

- a range of high numbered (>=2048) ports. The range must be large enough to handle different simultaneous passive connections. After connection to port 21, the client initiates TCP data connection to random port specified by server with the command PORT.

 

Let's assume, as an example, that you use ProFTPd and you want a range of 10 ports to handle 10 simultaneous passive connections. In the example, the range is 58120-58129. EDIT: our new port forwarding interface will let you determine immediately a range of contiguous available ports.

 

Configure it with the directive [NOTE: edited from previous mistyping]:

PassivePorts 58120 58129

Now, log in our website, and forward a random port, making sure to remap it to your local port 21. Let's call this port X_Port_Number. Make also sure you select "TCP" as protocol. Now forward all ports from 58120 to 58129, protocol TCP. Do not remap them to any local port.

 

Launch your FTP service. Now it should be reachable from any client supporting passive mode (all modern clients support it) on:

ftp:// server exit-IP address>:

 

If you wish to use sftp as well, proceed to forward an additional port, TCP protocol, and remap it to your local port 22 (or the port you will configure on your server for sftp).

 

The client does not need to forward any port, because in passive mode it's the client the one that initiates the connection according to the PORT command of the server.

 

Using active mode is possible. In this case you will have to ponder different issues. With active mode, the client connects from a random unprivileged port n >= 1024 to the FTP server's command port 21. Then, the client starts listening to port n+1 and sends the command PORT n+1 to the FTP server. The server then connects back to the client's specified data port from its local data port, which is port 20. Active mode basically transfers most of port issues on the client side.

 

Please do not hesitate to contact us for any further information.

 

Kind regards

Share this post


Link to post

The instructions here all work fine, but how do I forward a range of ports in my airvpn account, because it's impossible for me to see which ports have already been taken by other users, how can I find a single consecutive range? Through trial and error I've managed to find a range of 4 ports, which probably isn't going to be enough.

Also, out of interest, what will happen if you get more users and run out of ports?!

Share this post


Link to post

The instructions here all work fine, but how do I forward a range of ports in my airvpn account, because it's impossible for me to see which ports have already been taken by other users, how can I find a single consecutive range? Through trial and error I've managed to find a range of 4 ports, which probably isn't going to be enough.

 

Hello!

 

You're right, if you need contiguous ports the system is annoying. We planned to modify this system actually (for example with the addition of a "map" of free ports) and we'll work on it soon. EDIT: option was added.

In the meantime please contact us and we'll give you a free consecutive 20 ports range.

Also, out of interest, what will happen if you get more users and run out of ports?!

 

We'll have to provide the option to use the same forwarded ports to different accounts and direct those accounts to different exit-IP addresses or invent some other trick. Actually, it is a problem which we would be glad to face, it would mean that Air is used by very many people. :)

 

Kind regards

Share this post


Link to post

I would still use encryption on your FTP server. The tunnel might be encrypted, but the traffic between the air server and the endpoint of the client is not. Even if the client is on another air server, data would still be going unencrypted over the internet between the 2 servers.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...