Possible for FTP clients to use a non-default port number without having to specify it? - Windows NT

This is a discussion on Possible for FTP clients to use a non-default port number without having to specify it? - Windows NT ; I'm running an FTP server (FileZilla) on my winXP Pro PC. As with most FTP servers I can set it to use a non-default port, for example port 1234. If someone (just friends and associates in this case) connects to ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Possible for FTP clients to use a non-default port number without having to specify it?

  1. Possible for FTP clients to use a non-default port number without having to specify it?

    I'm running an FTP server (FileZilla) on my winXP Pro PC. As with most
    FTP servers I can set it to use a non-default port, for example port
    1234.

    If someone (just friends and associates in this case) connects to my
    FTP server they must specify this port number in their FTP client, or
    in the URL of their web browser.

    Can anyone tell me if it's possible to use a custom port number (for
    added security) for my home FTP server, but not have everyone who
    connects to it have to specify the port in their FTP client?

    At the moment I've been looking at two possible solutions...

    To use the standard port 21, but only allow access to it from known IP
    numbers. Most, thought not all, have a static IP address, so this is
    almost the ideal solution. This is easily achieved in the free
    Zonealarm firewall.

    The other option is to use a dynamic IP service, such as
    www.dyndns.org. This maps an *easily memorable* URL (such as
    blah.homeftp.org) to my IP address. However, this service doesn't
    allow remapping of port numbers, or even directing of all traffic at
    ftp.blah.homeftp.org to a specific port number. I've looked at about
    ten similar services on the net but no luck -- closest I could find
    was someone that did exactly this but for web traffic, not FTP. If
    someone does do this then this would be fantastic, and the fact that
    "ftp.blah.homeftp.org" itself uses port 21 wouldn't be such an issue
    because only friends would know the address. It's my IP address (which
    is handed out all over the place behind my back) that I want to
    protect.

    Anyone got any ideas?

    To recap. The objective is to run a home FTP server on a custom port
    without friends having to specify the port number in their client.

    Thanks.

  2. Re: Possible for FTP clients to use a non-default port number without having to specify it?

    On 6 Nov 2003 11:31:53 -0800, pawnpacer@yahoo.com (Ant) wrote:

    >I'm running an FTP server (FileZilla) on my winXP Pro PC. As with most
    >FTP servers I can set it to use a non-default port, for example port
    >1234.
    >
    >If someone (just friends and associates in this case) connects to my
    >FTP server they must specify this port number in their FTP client, or
    >in the URL of their web browser.


    This is typical, yuo need to tell the client what port to use if the
    server isn't on the 'proper' port.

    >Can anyone tell me if it's possible to use a custom port number (for
    >added security) for my home FTP server, but not have everyone who
    >connects to it have to specify the port in their FTP client?


    Doesn't that defeat the purpose of running on a non-standard port?

    >At the moment I've been looking at two possible solutions...
    >
    >To use the standard port 21, but only allow access to it from known IP
    >numbers. Most, thought not all, have a static IP address, so this is
    >almost the ideal solution. This is easily achieved in the free
    >Zonealarm firewall.


    A good solution in any case.

    -Chris

  3. Re: Possible for FTP clients to use a non-default port number without having to specify it?

    Would NAT (Network Address Translation) be a possible solution?

    Regards,

    Richard Huelbig



  4. Re: Possible for FTP clients to use a non-default port number without having to specify it?

    > >Can anyone tell me if it's possible to use a custom port number (for
    > >added security) for my home FTP server, but not have everyone who
    > >connects to it have to specify the port in their FTP client?

    >
    > Doesn't that defeat the purpose of running on a non-standard port?


    The benefit of using a dynamic ip service similar to dyndns.org,
    though one that allows port mapping, would be that port 21 would only
    be opened on the subdomain that I pick (eg blah.dyndns.org) instead of
    on my home PC, the IP address of which is easily attainable by others
    on the net.

    And the benefit of not having to mention/specify the non-standard port
    number all the time is just for ease of use after initial setup.

    On the face of it I didn't think it would be possible, but thought I'd
    ask anyway out of curiosity.

    Although not as neat a solution, I'll probably just have to specify
    the port from now on, and open the ftp server up to the whole internet
    instead of just my trusted zone.

    One perfect (and practically fully safe) solution would be to ask
    anyone that has a dynamic IP address to register for a free domain
    name with dyndns.org (or similar service), and then I can list their
    domain names in my firewall's trusted zone. But I can't really expect
    everyone to go through that hassle.

    Ant

  5. Re: Possible for FTP clients to use a non-default port number without having to specify it?

    > Would NAT (Network Address Translation) be a possible solution?

    Thanks Richard. I'm guessing (correct me if I'm wrong) that I would
    have to make port 21 visible on the internet in order to use NAT, and
    I'm essentially trying to keep port 21 cloaked for security reasons.

    But yes, if someone like dyndns.org does a service that integrates
    customisable NAT (well, just the port mapping bit) then that would be
    ideal.

    Ant

  6. Re: Possible for FTP clients to use a non-default port number without having to specify it?

    Ant,

    Using NAT you would configure your router so that on the internet side you
    would have a specific port (usually in the 5000+ range) that is translated
    into the port 21 on the "inside" of the router. In other words, if you set
    up NAT so that port 5002 was translated into port 21, and you blocked port
    21 on the router (firewall), the only way that someone on the outside would
    be able to access you network via TELNET would be if they TELNETed to the
    specific port number that you've assigned. While I've seen several
    variations on how different TELNET terminals allow the use of a specified
    port, some simply let you enter a command at a command line similar to
    TELNET :. For example, using
    the port 5002 example, if your network's IP address is 100.101.102.103,
    then, to TELNET to your network you would use the command TELNET
    100.101.102.103:5002, or, as I've mentioned, some equivalent thereof.

    I hope this helps some. Good luck.

    Regards,

    Richard Huelbig



+ Reply to Thread