Topic: Esmith FTP server behind a Linksys Router

[Franco Lee]

Hello,

I would like to get E-Smith's FTP server running behind a Linksys Router/Firewall.  I have configured a RedHat Linux machine running Proftpd behind a firewall okay.  It required port forwarding 21 and a small range of passive ports to use on the Router/Firewall to the RedHat Linux machine.

I also had to edit the proftpd.conf file to include the IP masquerade command and a same small range of passive ports.

However, I'm unable to get this working with E-Smith. Help would be greatly appreciated.

Franco

[Phil Irwin]

Franco,

I have / had the same problem with my Linksys. I have now only very occassional problems. Make sure you do the following;

1. Download the latest firmware from LinkSys web site
2. Restore default settings
3. Disable DHCP on the router
4. Configure port frowarding generally enabling TCP and UDP 0~255 to the IP of your server does the trick.
5. In DMZ host enter the IP of your server.

Disabling DHCP means that you will need to allocate a static local IP address on your LAN for each computer, however with Windows ME (yeughhhh !) I find that each computer will automatically assign itself an IP in any case.

In summary, the key is to disable DHCP. Good Luck

[Franco]

Is there anyway to do it without using the DMZ?  I wish to keep the server behind the firewall for better security.  (ie. opening ports and configuring E-Smith FTP server to understand it's behind a firewall - IP masquerading).

Thanks,
Franco

[jrp2]

Have you thought of just junking the Linksys and replacing it with the SME/e-smith box?  Maybe it is not an option for you, but thought I would mention it.  SME makes a far better firewall/gateway than a Linksys.  I don't want to disparage the Linksys (they have done a nice job for a cheap box), but I can't think of anything the Linksys does that SME doesn't.

JP

[flee]

Thanks for the advice JP.  It is something I was thinking about.  The Linksys Router is already in play and had worked quite well.  In your opinion, won't the E-Smith box be that much more hardened to the Internet (Security) if it's behind the Linksys Firewall?

If possible I'd like to keep using the Linksys box, but we'll just have too see...

----------------

In the past I've sent up a RH box to run FTP behind a firewall (Freesco).  It required to forward an ftp port and a range of passive ports to use to the RH machine.  In the proftpd.conf file I had to add the IPMasquerade and PassivePort lines.  However, this did not work with E-Smith.  Any ideas?

[jrp2]

> won't the E-Smith box be that much more hardened
> to the Internet (Security) if it's behind the Linksys Firewall?

Sure, 2 fences are better than one, but E-Smith is pretty hardened as-is, and they are rapid on security oriented fixes.  E-Smith has very few open ports, and will allow you to configure most as to whether they are opened to the outside.

I had a Linksys for a while, but dumped it as soon as E-Smith added  PPPoE support, the only thing that kept me using the Linksys.   I found things started working alot better once I got the Linksys out of the picture.

[Phil]

Franco,

The conversation regarding using the e-smith server as a gateway and doing away with the Linksys box has some credibility. It really depends if your hardware is up to it. I think the firs important thing is to establish the DHCP issue. (You may be able to disregard the DMZ issue if you can pin it down to DHCP). There is another possibility (this happened to me), after weeks of trying to identify the software issue I changed the router and hey presto !, things started to work. The problem is I've noticed the failure mode of these routers can sometimes point to non-existent software issues. I'd go for disbling DHCP and then hardware. Do you have any other PC's on your network ?

Phil

[Franco Lee]

thanks for the help and advice.  i'll have to mess around with the linksys idea a bit further before i decide to dump it.  i do believe e-smith is fine sitting on the internet, but you can never be too careful out there...

[Randall]

Have you installed the most current patch?

I FTP to my e-smith behind a Linksys Firewall and have not made ANY changes  changes to the "conf" files and had not a lick of trouble.  I don't know much about the DHCP issue I saw being talked about. I will have to look at what others are saying.  According to Linksys when you forward port 21 to whatever machine you want access to, it opens the required additional passive ports automatically.  If however you choose another port say 654, it only opens 654 and FTP would fail if you don't calculate what the other passive ports are.  Drop me an email I will send you my conf file.

Perhaps if I should look into things like dhcp problems someone else could drop me an email as well

Good luck Fanco

-R