Port triggering for FTP

[Cryoman196]

Please indulge a noob. Apologies in advance for any howlers may make...
I amy trying to set up an FTP server on my home network and I really don't understand how to set up a static ip for port forwarding, my isp obtains the ip automatically.
I saw an article on port triggering which seems to do the same thing as port forwarding but removes the need for a static ip. This looks to be an easier option for dummies like me..
Can I set up port 21 for port triggering to allow ftp traffic and what is the ip address I should use.
Do I use 21 for the end limit?
Router is DG834G
Thanks in advance

[sagada2008]

Hi Cryoman196,

You can follow the step by step instructions on the link below:

http://www.portforward.com/english/r...DG834G/FTP.htm

[Cryoman196]

Hi Sagada, thanks for taking the time to reply. I had seen this web page but I was:
1. Unsure what static IP I wanted to forward to
2. I was a bit suspicious - why would I need to put that in the box labelled "don't skip this step" if not to open my machine to attack via port 20
3. It looks as if the DG834G has preset ports to use for given common tasks (eg ftp = port 20) so setting up a custom one seemed unnecessary
4. It says "Go ahead and enter the values above into the virtual server menu" - that got me beat straight away. What "Virtual server"?

So I figured port triggering would be an easier option if it would be suitable.

[alre90210]

First you should assing a static IP to your designated FTP server. It needs to be from the same subnet your router is on AND it should not be in the range of adresses the router sets automatically via DHCP

Example:

Router 192.168.123.1 / Mask 255.255.0.0
Router DHCP Range 192.168.123.2 - 192.168.123.99
FTP Server 192.168.123.100 / Mask 255.255.0.0

Then follow the instructions at portforward.com to forward port 20 requests to that machine. This is usually achieved by adding an inbound rule in your router. If your network is not set to allow every outgoing communication, you need to add some outbound rules too.

Now systems from the outside should be able to access your FTP server. You can't test that from behind your router, you have to do this from another internet connection.

To find your network by name (your ISP assigns a new IP every time you reconnect) you need to create a free account with a dynamic dns service like dyndns.com (check what services your router supports) and create a hostname you like. As a final step enable the dynamic dns service in your router.

And yes, you are correct in that you create a security risk in opening up ports in your router and allowing access to services inside your network. You need to understand the security risks and secure your server. The other option is not to do so at all.

Sincerely...

[alre90210]

Sorry, I have entered the wrong port for FTP:

Quote:

Originally Posted by alre90210

Then follow the instructions at portforward.com to forward port 21 requests to that machine.

[Cryoman196]

Those of us of a certain age will doubtless remember Haynes' car workshop manuals.
You'd get a one liner like
"Remove engine"

alre90210 - did you work for Haynes by any chance?

I really do honestly appreciate you taking the time but that might as well have been in Greek to me.
I'm a complete novice to all this and whilst I'm sure what you have written is factually correct, but with respect, it was such descriptions that led me to consider Port Triggering as an alternative, because I could understand more that one word in six.
Or giving up altogether.
This stuff is obviouly bread & butter to you guys but its waaaay outside my comfort zone.
Thanks for trying to help, but perhaps I'll just not bother.

[Cryoman196]

alre90210 - reading my response back this morning I realised this might be misconstrued as sarcastic and ungrateful. I just wanted to clarify that that was absolutely not the intention. I do really appreciate people who give of their experience freely. It was just my poor attempt at humour and self deprecation. This is why you guys are Senior and Advanced Members and dummys like me are just that, Dummies.
In case an apology was warrented, please consider this as one, and thanks again to you both for your input

[alre90210]

I did not take an offense, I hope you will do neither after reading my post...

Port triggering is a way of opening ports by accessing a machine on the internet from a machine in your local network. Your router would automatically assign incoming packets to the machine on your LAN who has triggered the communication.

That is far more error prone than using a single static IP on your FTP server. Additionally you need to start the communication from your server.

http://www.portforward.com/help/porttriggering.htm

To do what you like to do you need to get at least a bit more knowledge about setting IP adresses, port ranges and securing a machine.

You consider to open a machine/service to the whole world, it will be accessible by anyone who can find it and it will be open to anyone who knows how to crack it. And those people are out there in significant numbers, scanning the net for open ports, vulnerable machines and mules to host illegal material.

To stay with your example you have to learn how to drive, know the signs and signals and rules before entering the streets with your car or your trip won't last long.

We are not at the point where we would open the hood and tamper with the engine. We may be changing the light bulbs.

Sincerely...