Not a huge fan of Apple right now. After a recent data loss I went out and picked up a Time Capsule for effortless, automatic backups of the Macs in my house. The backup part works great, but as a router it's a piece of crap. Every configuration change, even if it's just changing a forwarded port, requires the a restart. No Airport owner should ever joke about the restarts required by Windows ever again.
"Hey, I'd like to change my logging level!"
RESTART
"This base station needs a Contact and Location!"
RESTART
It's super convenient since all open connections are closed, disconnecting you from VPN, IM, SSH, etc.
It also made troubleshooting this a real joy. I'm using FileZilla for my FTP server on Windows, listening on the standard port, 21. Since I'm using NAT I restricted the passive mode ports to a fixed range, eg. 56000-56050. Now whenever a client connects to my FTP server using passive mode they'll be given a port between 56000 and 56050 for the transfer.
The server sets the passive mode ports, and the client, passively, uses them. The FileZilla log showed that the correct ports were being used:
(xx.xx.xx.xx)> PASV
(xx.xx.xx.xx)> 227 Entering Passive Mode (xx,xx,xx,xx,218,215)
(xx.xx.xx.xx)> disconnected.
But on my client (in this case ncftp) I saw totally different ports:
Cmd: PASV
227: Entering Passive Mode (xx,xx,xx,xx,227,181)
Cmd: MLSD
Remote host has closed the connection.
Passive and Active mode requests send the command information in the same format – ip1,ip2,ip3,ip4,port1,port2 – where ip1-4 are four octets of an IPv4 IP address, and the port number is calculated using port = port1*256+port2.
In the example above the server is telling the client to use port 56023 (218*256+215), but the client is being told to use port 58293 (227*256+181). I fired up my trusty sniffer (Wireshark) to verify, and the packets leaving my computer contained the correct port (56023).
I set FileZilla up to listen on a random port, 1541 and tried connecting to the server on that port, and was only remotely surprised when it worked.
Obviously something, something expensive, white and overly simplified, was mucking with the requests and modifying the port numbers.
Another setting in FileZilla's Passive mode settings allowed it to use the external IP address (instead of the internal one) for the PASV commands. I'd enabled this, assuming a normal, non-intrusive SOHO router.
I set it back to "Default" and reconnected to the server from an external site – SUCCESS.
My next purchase is going to be a nice new DD-WRT compatible 802.11n router. Suggestions are welcome.
May 3rd, 2009 at 3:51 pm
Same here, Extreme N.
Are we supposed to throw them out of the window or what?
May 12th, 2009 at 2:56 pm
@flapane – Just let the Airport handle the Passive port translation. Configure your FTP server to NOT try and determine the external IP, and just listen on the internal IP. The Airport will (should) handle the rest.
May 13th, 2009 at 3:50 am
I can't as my server is a web hosting service and I can't act on their settings.
I can only set filezilla in PSV, but it losts the connection every time and the first time it needs several times in order to connect to the ftp server (at least 7 8 times).