NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Basic FTPs and Share access permissions
Hi I was hoping you could possibly help me out here. I have read so many posts and still cannot find a way to solve my issue/s that fit within my scope of network knowledge. I have noticed/read po...
Here's what I do with FileZilla.
(a) set up NAS with masquerading off
(b) set up FTP in NAS to port 50000 as control port, 50001-50004 as passive port range. (other ports can be substituted of course).
(c) forward ports 50000-50004 to the NAS in the router
(d) get a ddns name - imagine shedz.mynetgear.com
(e) In filezilla create a site in the sitemanager for host shedz.mynetgear.com,
(f) sitemanager port is 50000
(g) sitemanager protocol is ftp
(h) sitemanager encryption is "require explicit ftp over tls"
(i) sitemanager logon is "normal", fill in the NAS user/password you want to use.
(j) Check Filezilla "edit"->settings for FTP->passive mode. Make sure "use the server's external IP address" is checked.
on port 50000 on the control port... I prefer to use non-standard ports for this stuff, as it does make it a bit harder for folks doing port scans to sort out what the port is for. The official range of "private ports" is 49152–65535, so ports in that range shouldn't conflict with anything your ISP might be using.
Certificates give you encryption and authentication - the latter meaning that the certificate certifies that the server belongs to whom it claims to belong to.
Normally the NAS uses a self-signed certificate using the IP address. This can't provide authentication, because it is not being handed out from a trusted certificate authority (like verisign, etc).
For personal use, I don't think you need that authentication. But if you do want it, you need to get a certificate for your ddns name. But I haven't done that.
There are actually two errors you can get - one occurs if the IP address of the NAS is not the same as the one in the self-signed certificate. The other one is because the certificate is self-signed. Preventing both of these is a nuisance. My advice is not to bother.
Personally I use Firefox to access the NAS, and just store a permanent security exception. Firefox makes that particularly easy to do. If I use other browsers (chrome or safari), I just click through the warning. When you do that, you should still get encryption - just not authentication. It is possible to set up the NAS to be trusted in other browsers, but it is more difficult, and I didn't think it was worth the trouble. There are a couple of posts in the forum on it.
(a) set up NAS with masquerading off
(b) set up FTP in NAS to port 50000 as control port, 50001-50004 as passive port range. (other ports can be substituted of course).
(c) forward ports 50000-50004 to the NAS in the router
(d) get a ddns name - imagine shedz.mynetgear.com
(e) In filezilla create a site in the sitemanager for host shedz.mynetgear.com,
(f) sitemanager port is 50000
(g) sitemanager protocol is ftp
(h) sitemanager encryption is "require explicit ftp over tls"
(i) sitemanager logon is "normal", fill in the NAS user/password you want to use.
(j) Check Filezilla "edit"->settings for FTP->passive mode. Make sure "use the server's external IP address" is checked.
on port 50000 on the control port... I prefer to use non-standard ports for this stuff, as it does make it a bit harder for folks doing port scans to sort out what the port is for. The official range of "private ports" is 49152–65535, so ports in that range shouldn't conflict with anything your ISP might be using.
shedz wrote: do I need to register and pay for my server IP to be registered
Certificates give you encryption and authentication - the latter meaning that the certificate certifies that the server belongs to whom it claims to belong to.
Normally the NAS uses a self-signed certificate using the IP address. This can't provide authentication, because it is not being handed out from a trusted certificate authority (like verisign, etc).
For personal use, I don't think you need that authentication. But if you do want it, you need to get a certificate for your ddns name. But I haven't done that.
There are actually two errors you can get - one occurs if the IP address of the NAS is not the same as the one in the self-signed certificate. The other one is because the certificate is self-signed. Preventing both of these is a nuisance. My advice is not to bother.
Personally I use Firefox to access the NAS, and just store a permanent security exception. Firefox makes that particularly easy to do. If I use other browsers (chrome or safari), I just click through the warning. When you do that, you should still get encryption - just not authentication. It is possible to set up the NAS to be trusted in other browsers, but it is more difficult, and I didn't think it was worth the trouble. There are a couple of posts in the forum on it.
I am not using a front end, just the built-in NAS web interface. For file transfer I generally just use filezilla. I'm not saying that the front ends are a bad idea - just that I don't use them myself. So you'd probably need advice on the various front ends from other folks who use them.
shedz wrote: 2. And eventually have a front end like AJAXPLORER or now PYDIO.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
