Using ShieldsUP! to Verify a Port is Accessible to the Internet - KB Article #1591Related Articles --
In order for Serv-U to be accessible to the Internet, a router must have port forwards configured to route external connection requests on the specified ports to the proper internal LAN IP address. Similarly, a firewall must be configured to allow the incoming connections. Knowledge Base Article #1044 walks you through the details of this setup. However, how do you know that you've configured it properly when you're done? If clients outside of your LAN are still unable to access your FTP server, you may have missed a step.
Gibson Research Corporation has an excellent web-based utility that can verify whether or not a port is accessible to the Internet. To test that a port (e.g. port 21 for FTP use) on your network is accessible:
- Visit http://www.grc.com/default.htm. Scroll down the page until you find the link to "ShieldsUP!" Click on this link.
- The resulting page will identify your reverse DNS entry for your IP address. Click the "Proceed" button. A message box may appear warning you that you are changing from a secure (https) to an unsecure (http) page. Click OK.
- A box will be visible titled "ShieldsUP!! Services". In the center text box, enter "20-21" (without the quotes) if you're using the default port entries. If you're using a non-standard port, replace the 21 with the port you've configured Serv-U to use and the 20 with the port number immediately below that.
- Click the box labeled "User Specified Custom Port Probe". The ShieldsUP! page will now probe the specified ports on your network to determine whether or not they are accessible to the Internet.
If the resulting page reports that the ports are "Open", then you have successfully configured your router/firewall to allow external access to your Serv-U machine. Please note that the GRC.com page will display "Failed" in this case as it is reporting that your network has open ports. Since you are wishing to grant access to your FTP server on the specified ports, this is ok.
If the resulting page reports that the ports are "Filtered", then the utility was unable to open a connection to your network on the specified ports. Your router or firewall may not be correctly configured in this case. It's also a possibility that your ISP is blocking access to port 21 to prevent you from running an FTP server on the standard port. You can try configuring Serv-U to use a different port (e.g. 2121), update your router/firewall settings for the new port, and repeat this test (using ports 2120-2121) to confirm whether or not this is the case.
If the resulting page reports that the ports are "Closed", then something is actively closing the connection created by ShieldsUP. It's a possibility that your router/firewall is still not configured properly. It may also be due to access restrictions in Serv-U that immediately closed the probe's connection since they did not meet the access requirements imposed by your Serv-U settings.