NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Is there an actual FTP server built in?
Strangely, I can access FTP://NAS IP internally. Port forwarding port 21 I'm not able to do so externally. I look high and on the interface and saw nothing about FTP server. I ran into another p...
dannieboiz wrote:
Strangely, I can access FTP://NAS IP internally. Port forwarding port 21 I'm not able to do so externally. I look high and on the interface and saw nothing about FTP server.
There is a built-in FTP server, and that is what you are already using when you access the NAS internally.
Forwarding port 21 isn't enough to let you access the NAS remotely. You also need to set up a passive port range (I suggest 4 ports per simultaneous connection) and forward those ports as well. Of course you'd also need ddns.
In addition, you might need to set up masquerading. Though my advice there is to use FileZilla, which doesn't need masquerading.
If you are accessing the NAS remotely I suggest using ftps (which encrypts the connection).
I'm already using filezilla server but figured why couldn't I just use the NAS as an ftp server. Seems more effort than it's worth.
dannieboiz wrote:
I'm already using filezilla server but figured why couldn't I just use the NAS as an ftp server. Seems more effort than it's worth.It's pretty much the same as accessing a filezilla FTP over the internet. FTP passive is the mode you'd need for that too, so you'd need to forward the passive ports in your router. DDNS is needed so you can access by name instead of by your router's IP address.
- I'm a little confused.. with filezilla forward port 21 to my server and be done.. why do we need to forward the range as u said above?
dannieboiz wrote:
I'm a little confused.. with filezilla forward port 21 to my server and be done.. why do we need to forward the range as u said above?First of all, FTP always uses at least two connections. Port 21 is the command connection. The second one is called the data connection. If you are transfering more than one file at a time, you use one data connection per file transfer.
There are two modes for FTP - active and passive.
Active only requires that you forward the command port. But it won't work if the FTP client is behind a NAT - the data connection won't be established. So it might be ok if you are using a mobile data plan to test it, but normally it won't work if you are using wifi in a hotel or hotspot. In this mode the data connection is opened from the server->client. Your home router will allow that connection, but the far end NAT will block it.
Passive requires that you also forward ports for the data connection. In this mode the FTP server tells the client the IP address and port to use for the data connection, and the client opens the data connection (in the client->server direction). A remote NAT will allow that connection, but your router normally won't (unless you forward the passive ports). Masquerading comes into play here, as the server needs to give the correct IP address (which is the WAN port on your router).
There is more info on these modes here: https://www.jscape.com/blog/bid/80512/active-v-s-passive-ftp-simplified
There are three possible reasons why your FileZilla Server works
- You might be using active mode, but not running the client behind a NAT.
- You might have put the FileZilla host in the DMZ of the router (which would open it to all internet connections).
- The FileZilla server might be asking your home router to automatically (and dynamically) forward the data connections using upnp
Possibilities 2 and 3 are probably more likely than 1, as most servers will default to passive mode. Possibility (2) is a bad idea btw - it allows hackers to scan your server and either install malware or silently steal your data. So if you happen to be doing that, you should stop.
Most routers will show you the connections that were opened via UPNP, so you can confirm possibility 3 by doing a transfer over the internet, and looking at that connection list. BTW, in this third case, the FileZilla server would either be figuring out the correct masquerade addess, or (if you are using the FileZilla client), the client is figuring it out.
The NAS FTP server doesn't use upnp, so you need to forward the data ports manually. It also won't attempt to figure out the correct masquerade address for the connection, so that also needs to be manually configured.
FWIW, the FileZilla server (and the FileZilla clients) support two secure FTP protocols (FTPS and SFTP). You really should be using one of those, and not the much older insecure FTP. The NAS server can be set to require FTPS, but it can't be configured to use SFTP.
Also, if you have multiple FTP servers you can use non-standard ports for the command connection, so you can reach them all over the internet.
In any event, you could switch your server over from FileZilla to the NAS if you want to. The main benefits are
- Not needing to keep two servers running
- Consolidating authentication (using the NAS user accounts/passwords for both SMB access and FTP).
The main drawbacks are that
- the initial setup might be somewhat more complicated.
- the manual masquerading might interfere with local FTP use (depending on your router).
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
