Addresses that begin with 192.168, or 10.0, or 172.16 are called private addresses. These addresses are only used for traffic on your local LAN and are invisible to users outside of your local network.
External users to your network can usually only see your router's IP address. To allow people to connect to your server from the Internet, your router has to be configured to forward FTP traffic to the machine running Cerberus FTP Server. This process is called Port Forwarding. While the exact procedure to enable port forwarding depends upon your router, there are generally three steps that need to be completed to connect to Cerberus from the Internet.
- Forward the FTP, SFTP, and FTPS ports Cerberus FTP Server is listening on from the router to the machine running Cerberus (the default ports are 21, 22 and 990).
- Forward the passive FTP port range from the router to the machine Cerberus FTP Server is listening on. The range is configurable and can be found on the 'Protocols' tab of the Server Manager.
Below is the Protocols tab of the Server Manager. From here you can select the ports that Cerberus will use for passive FTP connections. The range displayed below is Cerberus FTP Server's default port range of 11000 to 13000.
This is just a suggested default and the administrator can change the range to anything desired. However, a large range is recommended (at least several hundred ports) as a new port is used for each directory listing or file transfer FTP command received from a client and ports cannot be reused for several minutes because of restrictions inherent in the TCP protocol.
Below is an example of port forwarding using a popular router. The same passive ports specified in the Protocols tab of the server manager need to be specified here.
The above router is configured to forward requests on port 21 (for FTP) and from ports 11000 through 13000 (FTP PASV port range) from outside the local network (usually from the Internet for a home network) to the local machine at IP address 192.168.1.100. Any requests on those ports from the Internet will be forwarded to machine 192.168.1.100.
NOTE: For FTPS you will need to forward port 990, for SFTP you will need to forward port 22, and for HTTPS you will need to forward port 443.
- Enable "Detect WAN IP at Startup" from the 'General' tab of the server manager. Make sure your restart Cerberus FTP Server after enabling this option. Selecting this option will allow Cerberus to detect your public IP address and give that address out to FTP clients in response to a passive connection request.
Selecting detect WAN IP
That should be all you need to do to allow passive FTP connections to your server. NOTE: Some routers inspect FTP traffic and do not allow the public IP address to be passed as a response for the PASV command. Those routers expect the internal IP address to be used. See this FAQ entry if you still have problems with FTP directory listings or file transfers after following the above steps.
Comments
0 comments
Please sign in to leave a comment.