Addresses starting with 192.168, 10.0, or 172.16 are known as private addresses, exclusively used for local LAN traffic, and remain unseen by users outside your local network.
For external users to access your server over the Internet, your router must be configured to forward FTP traffic to the machine hosting Cerberus FTP Server, a process known as Port Forwarding. Although the specific steps for enabling port forwarding depend on your router, there are typically three essential steps to connect to Cerberus from the Internet:
- Forward the FTP, SFTP, and FTPS ports (defaulted to 21, 22, and 990) from the router to the machine hosting Cerberus.
- Forward the passive FTP port range, configurable on the 'Protocols' tab of the Server Manager, from the router to the machine running Cerberus FTP Server.
The Protocols tab in the Server Manager allows you to choose the ports Cerberus will use for passive FTP connections. The default range is 11000 to 13000, but administrators can modify this range as needed. It's advisable to use a large range (at least several hundred ports) to accommodate the creation of new ports for each directory listing or file transfer FTP command received from a client. Keep in mind that ports cannot be reused for several minutes due to inherent restrictions in the TCP protocol.
Below is an example of port forwarding using a popular router. The same passive ports specified in the Protocols tab of the server manager need to be specified here.
The router mentioned above is set up to direct requests on port 21 (for FTP) and ports 11000 through 13000 (FTP PASV port range) from outside the local network—typically from the Internet in a home network—to the local machine with the IP address 192.168.1.100. Any incoming requests on these specified ports from the Internet will be forwarded to the machine at 192.168.1.100.
Please note that for FTPS, you need to forward port 990, SFTP port 22, and HTTPS port 443.
To enable the "Detect WAN IP at Startup" feature, go to the 'General' tab of the server manager. After enabling this option, ensure you restart Cerberus FTP Server. By selecting this option, Cerberus can identify your public IP address and provide it to FTP clients when responding to a passive connection request.
That should be all you need to do to allow passive FTP connections to your server. NOTE: Some routers inspect FTP traffic and do not allow the public IP address to be passed as a response for the PASV command. Those routers expect the internal IP address to be used. See this FAQ entry if you still have problems with FTP directory listings or file transfers after following the above steps.
Comments
0 comments
Please sign in to leave a comment.