This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I just got this router today and have it setup through a Xfinity Gateway in bridged mode. Previous to this on the Gateway, I was able to port forward my Raspberry PI FTP server (port 21) and access it outside of my home network. So, I tried to do the same with the RAX20 router and I cannot get it to work, no matter what I do. I'm able to FTP while on my LAN and it defaults to port 22. I have gone through every setting I could think of and nothing lets me open up port 21.
Has anyone been able to open port 21 or is this port permently closed on this router? Even trying to Port forward 22 (Since it works locally) doesn't work. I expected something like an xfinity Gateway to give me this many problems and not a Nighthawk router. Firmware is all updated, and have gone through every setting i could think of. Anyone else have this many problems or know of a solution? thanks
There is only one port 21/TCP ... if the router is configured on ReadyShare to FTP, port 21/TCP is obviously already occupied. Disable the FTP service on the advanced ReadyShare settings.
I would expect that this does free up port 21/TCP on the WAN interface to become available for the port forwarding. Netgear has an old flaw on port 443 (the default https one) - even with the https remote access service and https ReadyShare disabled or relocated to an alternate port, the port 443/TCP isn't becoming available for port forwarding.
Something general ref. ftp: These routers (including your previous one) have an application layer gateway (ALG) listening on the standard ports, e.g. 21/TCP for FTP on the handshake communication for the passive connection, dynamically adding a port forward to that port. If using FTPS (encryption) the ALG can't work so you need to configure the passive port range configured on the ftp server in a port forward range.
This is just an update on trying to get it working. I'm still unable to get it to port forward but if I have the ReadyShare setup (To a USB drive plugged into the Router) I have no problem with logging into that with FTP and port 21. My only guess is that Port forwarding Port 21 Is only optional when ReadyShare is on and has no option to assign it to any other device. I've tried literally everthing I can think of to try and get this working.
There is only one port 21/TCP ... if the router is configured on ReadyShare to FTP, port 21/TCP is obviously already occupied. Disable the FTP service on the advanced ReadyShare settings.
I would expect that this does free up port 21/TCP on the WAN interface to become available for the port forwarding. Netgear has an old flaw on port 443 (the default https one) - even with the https remote access service and https ReadyShare disabled or relocated to an alternate port, the port 443/TCP isn't becoming available for port forwarding.
Something general ref. ftp: These routers (including your previous one) have an application layer gateway (ALG) listening on the standard ports, e.g. 21/TCP for FTP on the handshake communication for the passive connection, dynamically adding a port forward to that port. If using FTPS (encryption) the ALG can't work so you need to configure the passive port range configured on the ftp server in a port forward range.
Thank you.I was able to get it sorted out with what you mentionted.
Disabled the FTP on the ReadyShare was sufficient?
Time permitting, if you have the ability to set-up a test e.g. a https on the RasPi (or any other service operating on 443/TCP like telnet for a test), I would like to learn if if the RAX, e.g. your RAX20 does still reserve 443/TCP internally, or of 443/TCP is freely available (if removed from ReadyShare and the remote access). Following the test, do't forget to disable the test service or it's port forward again.
I had gotten a little ahead of myself thinking I fixed it but was able to sort the rest out and it works now. I do have limited networking knowledge and it just seemed a lot easier to setup with the Xfinity gateway. A lot of it was my fault as I had the port range setup from ’20/21’ instead of the ‘21/22’. (Port 21 still refuses to connect but SFTP Port 22 (FTP over SSH?) works just fine) That and I needed to setup a Static IP on my Raspberry PI. (I didn’t with the Xfinity Gateway and not exactly sure why it worked fine on that) Connecting locally to SFTP first worked and once I fixed the rest of my mistakes, I had no problem connecting remotely.
Yes, I did have to go in the Router settings / Advanced / Ready Share Storage, to disable the ‘FTP’ & ‘FTP (via internet) In order for it to work. I am still unsure of how to connect to port 21/FTP but that is fine as long as it just works with how it's setup now. I will have to read up on how to setup 443/TCP as I don't think I have ever used that before currently with my Raspberry PI. Once I get that figured out, I'll let you know If I'm able to get that working. I do appreciate the help though. It will be nice to know if I ever run into this again. Thanks
Only 21/TCP is required for the FTP control stream - 22/TCP can't be used over NAT for the FTP data stream because we have to use passive FTP. The FTP client is getting a so called passive data port assigned, the FTP ALG does take care of the port forwarding. This is absolutely normal on any NAT router.
Next, don't be confused:
FTP is FTP, it's secured variant is FTPES (where the FTP client can request the FTP server to use TLS).
SFTP is a complete different thing, this is a SSH File Transfer Protocol - handled ove the SSH port 22/TCP.
> [...] I had the port range setup from '20/21' instead of the `21/22'. > (Port 21 still refuses to connect but SFTP Port 22 (FTP over SSH?) works > just fine) [...]
Conventional FTP uses ports 20 (data) and 21 (control). SSH (including its SFTP subsystem) uses port 22. Two different protocols, two different (sets of) ports. Passive mode FTP uses a port other than 20. for data.
