Q:How to setup my IP correctly

A:There are many combinations and you should check the section which matches your configuration

Legal IP means a real IP in the internet , which everyone can connect to

Private IP means an IP which is only valid in your local area network , only users from the same network can connect to it

Static IP means your IP is always the same , not assigned by DHCP server

note : Server IP is SERVER_IP under [FTPD] , Auto choose IP is AUTO_CHOOSE_IP under [FTPD] , Extra IP is XTRA_IPS under [FTPD] , Exclude IP is XCLU_IPS under [FTPD] , Use multi IP to offer data connections automatically is PASV_IP_ROLLING under [FTPD] . in your *.ftpd file

Combination 0 : Super easy way no matter what

Server IP : Put your domain name here

You need to apply for a domain name no matter you are using dynamic IP or not , try

miniDNS : http://www.minidns.net/index.php free

TZO.com : http://www.tzo.com/MainPageDownload/index.html

ADSLDNS.org : http://www.adsldns.org/ free

Combination 1 : 1 Legal IP (Static IP)

Server IP : Set to your Legal IP (do not set domain name)

Auto choose IP : On or Off (but you have to set the correct IP in server IP)

Extra IP : do not add anything

Exclude IP : do not add anything

Use multi IP to offer data connections automatically : Off

Combination 2 : 1 Legal IP (Dynamic IP)

Server IP : Leave empty

Auto choose IP : On

Extra IP : do not add anything

Exclude IP : do not add anything

Use multi IP to offer data connections automatically : On

Combination 3 : 1 Legal IP (Static IP) + 1 Private IP

Server IP : Set to your Legal IP (do not set domain name)

Auto choose IP : Off

Extra IP : do not add anything

Exclude IP : do not add anything

Use multi IP to offer data connections automatically : Off

Combination 4 : 1 Legal IP (Dynamic IP) + 1 Private IP (supported from 2.1 build 935)

Server IP : Leave empty

Auto choose IP : On

Extra IP : do not add anything

Exclude IP : Your Private IP (can be multiple , xxxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy)

Use multi IP to offer data connections automatically : On

Combination 5 : Multiple Legal IP (Static IP)

Server IP : Set one of the Legal IP as SERVER IP

Auto choose IP : Off

Extra IP : add the ALL IPs to extra IP (including SERVER IP) , eg : xxx.xxx.xxx.xxx,yyy.yyy.yyy.yyy,zzz.zzz.zzz.zzz

Exclude IP : do not add anything

Use multi IP to offer data connections automatically : On

Combination 6 : Multiple Legal IP (Static IP) + 1 Private IP

Server IP : Set one of the Legal IP as SERVER IP

Auto choose IP : Off

Extra IP : add ALL Legal IP except this Private IP

Exclude IP : Your Private IP

Use multi IP to offer data connections automatically : On

Combination 8 : 1 Private IP

You can not run a site to server the ineternet users

Ok now you have the correct setup for your IP why the client still can not do a LIST/RETR/STOR/FXP ?

Possibility 1: Your site is behide a firewall , there must be a firewall rule which allow only certain port ranges , you must contact your local firewall administrator to get the port ranges and then set your server's DATA PORT RANGE to match the rule

Possibility 2: This client is behide a firewall (usually you would see a PORT failed in your server log) , you should ask this user to set its FTP client to use PASV (passive) mode , otherwise it will not work .

Possibility 3: This client is behide a NAT (Network address translator) , usually you would see a PORT failed in your server log , however the PORT connection IP is usually different from this client's REAL IP , you should ask this user to set its FTP client to use PASV (passive) mode , otherwise it will not work .

Possibility 4: When users try to FXP with some FTP servers . ex: MS-IIS , or SERV-U with AntiBounce attack turned on , the FXP with you will not work , unless you set your DATA PORT RANGE to anything higher than 1024 , ex: 1050-2000

Possibility 5: The client software is no good , yes , many FTP clients simply don't obey the rule , the FTP client should first establish a DATA connection with server and then it can send out the further commands , ex: LIST , RETR , however some clients simply send out PORT/PASV and then directly send out LIST/RETR without waiting the connection to be established .The RaidenFTPD is not going to support this kind of operation , please ask the user to change or upgrade his FTP client , usually you will see a "LIST W/O DATA connection" error in your server side log

Possibility 6: The client is using an incompatible client , the currently incompatible clients are StarFTP , LeapFTP 2.6x (newer version works) , LapLink FTP v1 , FlashGET old versions (newer version works)

Possibility 7:You have Check IP of data connections turn on in server editor , please turn it off , or add the authrized host's IP to global allowed IP list otherwise the server will not accept DATA connection from other server .

Ok now you still don't get it to work , then you must understand more about it .

Q01. ok, i got a question... i am trying to program a firewall for 100% security.. but if i tell RaidenFTPD to use ports, lets say 1400-1500.. on xfers it uses those ports.. but when the user logs in and does a list it uses like port 90-???...

A01. well , you can not 100% enforce the port range , the port range is only used when the client use "PASV" mode , not "PORT" mode , and when the client decide to use PORT command , he decides the port range , when the client uses PASV mode , the server decides the port range , there might be an option in the ftp client for itself to enforce some kind of port ranges also , but it is absolutely not appearing in every ftp client we'v seen , and this is not RaidenFTPD's fault because the clients are the one who decide to use whatever they like

Q02. why do I get this when someone try to FXP to my RaidenFTPD server ?

(CLIENT) PASV

(RAIDEN) 227 Entering Passive Mode (140,89,228,21,0,214)

(RAIDEN) PORT 140,89,228,21,0,214

(OTHER?) 500 Illegal PORT range rejected.

A02. well , this is because the other FTP server has "anti bounce attack" option enabled , you can not change it since it's not on your side , if you really want your server to work with it , you must specify your DATA PORT RANGE , for different purpose there is different suggested port range , and if you are making a site for web downloads try to use 26-79 if you are making a site for FXP , try to use 1400-1500 there is "NO" perfect port range that will work for every purpose due to the fact that some clients/servers thought that they are smart enough to reject some of the port numbers , and this is not RaidenFTPD's fault because the other FTP servers are the one who decide to reject the port or not

Q03. what is the "PASV accept failed , no one connects to me" message ? is it generated by the server or the client? like is it coming from RaidenFTPD , or the person who has connected to me?

A03. well , this message is generated by the RaidenFTPD , and this happens when the RaidenFTPD receives the PASV command from the ftp client , and then it starts to listen on one of the local IP+port , and return the IP+PORT to the client , however after 15 seconds , no one (ftp client) connects to this IP+PORT , and then the server tells you this error , this has various reasons and is possbile to be fault of client and server or both , so you need to verify the ftp client's command log window , first you need to find the string PASV , and then you will see something like

(CLIENT) PASV

(RAIDEN) 227 Entering Passive Mode (140,89,228,21,0,214)

Now , it is the important part , verify this 140,89,228,21 , it should be your SERVER IP , and 0*256 + 214 should be your listen PORT , if this 140,89,228,21 is NOT your SERVER IP , or if it's an internal IP that no one from outside can connect to , then you have your IP setup incorrectly , check the above sections to find out your best combination , if the IP part is correct , now verify the PORT part , if your environment has a firewall , and if the PORT is outside of the allowed port ranges , no one will be able to connect to you , because all connections are rejected , now you must ask your local network administrators about the acceptable port ranges and apply it to use DATA PORT RANGES , otherwise it will not work. can't this be simpler ? probably not , no one knows what will your network administrator allow or deny , and no one knows what is your internal IP or internet IP , you must verify it by yourself

Q04. I have one dynamic legal IP and one internal fixed IP , can I run only one site (*.ftpd) to server both internal and external users ?

A04. no , this is basically your legal IP is dynamic , you will need to run 2 sites (*.ftpd) , one for internal and one for external users.

Q05. I'm having problem FXP'ing from a G6 ftp server 2.0, is anything wrong ?

A05. Yes , if we don't mention this problem out people may think It's our fault FXP'ing with G6 2.0 Final well in G6 2.0 Final it will return "200 PORT command successful." no matter this command is successful or not , how do we know that , well it's simple , we TURNED OFF our server's PASV listening mode (yes that means we will return correct Entering passive mode string while RaidenFTPD is not actually listen at all) , so how can G6 2.0 Final connect to RaidenFTPD successfully since we are not listening at all . it is a bug of G6 , and the following text is a little log

(flashfxp ->RaidenFTPD) PASV

(RaidenFTPD) 227 Entering Passive Mode (MY_IP,0,201) <- We don't listen at all actually

(flashfxp ->G6) PORT MY_IP,0,201

(G6) 200 Port command successful. <- G6 returns FALSE string

(flashfxp ->G6) STOR f-xxxxxx.zip <- flashfxp is cheated

(G6) 150 Opening data connection for f-xxxxxx.zip. (flashfxp ->RaidenFTPD) RETR f-xxxxxx.zip 150 Sending /OOOOOO/f-xxxxxx.zip (2555741 bytes). Mode STREAM Type BINARY

(RaidenFTPD) 426 Connection closed , transfer aborted (transfer failed).(exception)

Yes , it is that simple . G6 returns FALSE status , and flashfxp is cheated . so You know who should fix something , and this is not RaidenFTPD's fault because it's the G6 who returns false status to the FlashFXP , we don't know if it's fixed or not in the newer versions but if you have this problem it's not our fault.

Q06. Why can't my RaidenFTPD fxp with Microsoft IIS ?

A06. Yes , it can , but you must set your DATA PORT RANGE from 1400 ~ 1500 , we don't know what else ports will work but this works , and if you don't set to this range you may not be able to FXP with Microsoft IIS , RaidenFTPD has *NO* error , ftp does not force a server to use which port to do data transfer , it's site administrator's duty to decide which port to use .

Q07. Why do I get "port connect failed (123.123.123.123 1234)" error message in server log?

A07. Yes , it maybe your fault , but most of time , it's client side error , you can easily know if it's your fault or his fault by observing the IP 123.123.123.123 , by clicking this client's icon in server monitor , you will see the client's origin , let's say it's 140.123.123.123 , and if you see the port connect failed (123.123.123.123 1234) , obviously the IPs 140.123.123.123 and 123.123.123.123 are different , then it's client's fault , because he might be after an NAT , and his ftp client doesn't know that his IP is even a virtual IP ! , and if the IPs are the same , then it has possibility that it's your fault , there are 2 things you need to check , one is make sure the PORT client requests (1234 here) does apply to your local firewall rule , make sure it's not blocked , the other thing is even more tricky , you might have multiple NIC interfaces , make sure you do not add your internal NIC's IP to EXTRA_IPS , you should even add it to XCLU_IPS (excluded) , no connection can be made if you are trying to connect to the ftp client from a internal NIC .There is still another possibility , the client is not downloading from the same origin , he is trying a FXP , then you should only need to make sure that all your IP setup are correct , then if it still fails , it is not your fault anyway .

Note : This page contains important information , please read carefully , setting up RaidenFTPD incorrectly will cause problems when Ftp clients connect to your site.

Copyright © RaidenFTPD TEAM , ALL RIGHT RESERVED

REVISION 2.4 , 2002/10/16