Hardware Ftp server

[HipHoper]

Hmmm... Hello again :O)

I'm trying to build an ftp server. Tried several software based, But non of them work well (On some user can't access computer, And on others user can't download files).
Anyway - Thought about buying this router which costs around 60$,And which supposed to have a built in ftp feature through usb connection :

http://www.edimax.com/images/Image/d...BR-6215SRg.pdf

Has anyone of you had good experiences with ftp behind firewalls, Or with this specific product ?

I already have an 500gb maxtor external drive, So it will be cheaper to buy this router than buying another HD with NAS enclosure.

[Ferrit]

Sounds like more of a configuration problem then anything.
That likely will work if you forward the right port to the right internal IP but again you will need to configure it.
IS this ftp for external access?
like from the internet inside to an internal network?

[HipHoper]

Yes Ferrit, It is for external access. I've managed to open proper ports and have no problem accesing it via internal or internet address, but one of my test-friends having this problems downloading files. I've installed online armor which is very light and efficient firewall software, And now just removed it for the test. I'll continue to try and test the software based ftp and see how it goes.
Thanks for the feedback

[Ferrit]

Ok first off all ftp servers are run by some software whether its out of a router a NAS box or IIS.
1 thing. Be prepared that once you open the ftp on port 21, shortly thereafter your ftp system is gonna get hammered by them trying to get into it.
Chine and brazil will be the most heh

[HipHoper]

Wow....That bad.....I'll take that into account and after it'll work in basic mode, I'll try to incorperate some SSL or some complicated password/encryption....
Thanks for the tip, And I guess it's time to learn new curses in chinese or Portuguese

[CeeBee]

If someone can't get into several FTP servers while others can then there is a problem on his end... PERIOD. This is like trying to replace the garage because you have a flat tire...
Also with the hammering issue - FIlezilla is great, will automagically block a user after a number of failed attempts. Just make sure you don't have users like "anonymous", "administrator", "admin", "root"... those are the target of most attempts. And as usual, the least permissions needed for any given user....
(000054) 8/21/2008 8:41:52 AM - (not logged in) (82.77.20.77)> USER Administrator
(000054) 8/21/2008 8:41:52 AM - (not logged in) (82.77.20.77)> 331 Password required for administrator
(000054) 8/21/2008 8:41:58 AM - (not logged in) (82.77.20.77)> PASS $3RV(CE
(000054) 8/21/2008 8:41:58 AM - (not logged in) (82.77.20.77)> 530 Login or password incorrect!
(000054) 8/21/2008 8:42:12 AM - (not logged in) (82.77.20.77)> USER Administrator
(000054) 8/21/2008 8:42:12 AM - (not logged in) (82.77.20.77)> 331 Password required for administrator
(000054) 8/21/2008 8:42:22 AM - (not logged in) (82.77.20.77)> PASS $99RADI
(000054) 8/21/2008 8:42:22 AM - (not logged in) (82.77.20.77)> 421 Temporarily banned for too many failed login attempts
(000054) 8/21/2008 8:42:22 AM - (not logged in) (82.77.20.77)> disconnected.

[HipHoper]

Thanks CB. The thing is that this test-friend is the only "outsider" (Out of my local network) I can test it with. When I access ftp from local network via internet ip or local ip then all is well.
Will try to ask some other friends to become lab-mices :O)

[Niclo Iste]

I am curious about this too. I was recently toying with the idea of a FTP to link files I want to share. One for private access for specific files and the other for public linking so to help those who want to get files from the website we host for our gaming group. What are the preferred options for doing this should I have my own host or should I rent one? If I have my own what is better to use Linux or Windows? This is just a side project I was toying with and HipHopers post reminded me of that task.

[Ferrit]

If someone can't get into several FTP servers while others can then there is a problem on his end... PERIOD. This is like trying to replace the garage because you have a flat tire...
Also with the hammering issue - FIlezilla is great, will automagically block a user after a number of failed attempts. Just make sure you don't have users like "anonymous", "administrator", "admin", "root"... those are the target of most attempts. And as usual, the least permissions needed for any given user....
(000054) 8/21/2008 8:41:52 AM - (not logged in) (82.77.20.77)> USER Administrator
(000054) 8/21/2008 8:41:52 AM - (not logged in) (82.77.20.77)> 331 Password required for administrator
(000054) 8/21/2008 8:41:58 AM - (not logged in) (82.77.20.77)> PASS $3RV(CE
(000054) 8/21/2008 8:41:58 AM - (not logged in) (82.77.20.77)> 530 Login or password incorrect!
(000054) 8/21/2008 8:42:12 AM - (not logged in) (82.77.20.77)> USER Administrator
(000054) 8/21/2008 8:42:12 AM - (not logged in) (82.77.20.77)> 331 Password required for administrator
(000054) 8/21/2008 8:42:22 AM - (not logged in) (82.77.20.77)> PASS $99RADI
(000054) 8/21/2008 8:42:22 AM - (not logged in) (82.77.20.77)> 421 Temporarily banned for too many failed login attempts
(000054) 8/21/2008 8:42:22 AM - (not logged in) (82.77.20.77)> disconnected.

I am sure they get banned but as fast as they get banned others are port scanning.
Now i dont know but if enough hammer is this gonna cause a bandwidth issue?
And what if you forget something?
And they get in?
I have seen a website after they were done,granted he left an executable in a folder or some such but it was a mess.
Just some things to think about.

[CeeBee]

I am sure they get banned but as fast as they get banned others are port scanning.

Not so many though, after 1 year of having the same IP I would see at most 15-20 IP's a day.

Now i dont know but if enough hammer is this gonna cause a bandwidth issue?

Not with Filezilla from what it seems... looks like the connection is also throttled down in case of "attacks".

And what if you forget something?
And they get in?
I have seen a website after they were done,granted he left an executable in a folder or some such but it was a mess.

Back to Security-101: Only allow specific users, use strong passwords, do not share logins unless there is a good reason for it and set the least amount of permissions needed.
Ex. If you need to distribute ONE DIRECTORY then don't allow write access from the root and propagate permissions to all subdirs. I've been running FTP for 10 years on my home server and haven't had any issue. Most issues with FTP come from poor setup. I have even seen a mobo manufacturer that allowed write access to the FTP files - yes, that included the files they were distributing