ROUTERS: Inactivity-Timeout and Keep-Alives

Inactivity-Timeout and Keep-Alives

426 Connection closed; transfer aborted. Error #10057

During a data-transfer (directory-listings or file-transfers), the control-connection (tcp/ip default 21, used to login and issue commands) is IDLE.

When this control-connection is IDLE, other pieces of networking-equipment between yourself and the ftp-client could choose to close idle connections with a function called “Inactivity Timeout”. This “Inactivity Timeout” can be found in the ftp-client’s first hop to the internet (their wifi/nat router), it could be found in the upstream routers through their ISPs, it can also be found in your own first-hop to the internet. Basically they are everywhere, but the first place is to set this value in your own hardware that provides routing to the internet (example below).

To combat this, the NOOP command (aka Keep-Alive) was made for ftp-clients in the RFC spec. During lengthy transfers, the ftp-client needs to send a NOOP command across the ftp-control-connection; this will keep the connection active with periodic “chatter”.

NOOP command listed in RFC spec of commands:
http://en.wikipedia.org/wiki/List_of_FTP_commands

Inactivity Timeout: OpenWRT
Inactivity Timeout: OpenWRT
Inactivity Timeout: OpenWRT (CONSOLE)
Inactivity Timeout: OpenWRT (CONSOLE)

HOWTO: Windows Firewall and BPFTP Server 2011

Windows Version: Windows Server 2008 R2, Windows Server 2008, Windows 7/Vista

By default, the latest versions of Windows protects your computer with the Windows Firewall with Advanced Security, effectively blocking access to your computer from the internet and would-be hackers (Getting Started Guide).

However, this also prevents ftp-clients from accessing your installation of BulletProof FTP Server 2011 unless you “open the firewall” to allow access. This means, you must open at least two ports; one for the control-connect and 1 (one) data-port for every concurrent connection to the ftp-server.

NOTE: It’s very common for people to think that only 1 (ONE) port is needed for FTP (default tcp/ip port 21). However, this is NOT the case as you need to define data-ports in order to support Passive-Mode (PASV).


Configuring the Windows Firewall and BPFTP Server 2011 is very simple, but it takes a few steps. Below, we’ve broken down the process:
1) Configure BPFTP Server 2011 for NAT/Firewall and Passive-Mode (PASV)
2) Open the Windows Firewall up for the BPFTP Server 2011
3) Open the Windows Firewall up for the Control-Connection
4) Open the Windows Firewall up for the Data-Ports (Passive-Mode aka PASV)
5) Completed Entries in Windows Firewall

LASTLY: Be sure to run your installation through our Firewall Tester. After providing the IP/Host, Port, User and Password for your installation, this tester will simulate a ftp-user can connect to your BPFTP Server. Please use it!
http://bpftpserver.com/products/bpftpserver/windows/test/firewall

NOTE: If you are running any Anti-Virus or Internet-Security software on your computer (McAfee, Norton, etc) you may also be protected by yet-another-software-based-firewall. Please consult the documentation that came with your software for opening up firewall-ports.

NOTE: Almost everyone has a hardware-based NAT/Firewall router in their network topology. For Home Users, this is usually your WiFi-Router. Please look into the documentation that came with your hard-based NAT/Firewall router for information on opening firewall-ports.

Step-by-Step Directions


BPFTP Server - NAT/Firewall Configuration
Step #1.1: BPFTP Server - NAT/Firewall Configuration

BPFTP Server - Use DNS for PASV
Step #1.2: BPFTP Server - Use DNS for PASV

BPFTP Server - Use Static IP for PASV
Step #1.3: BPFTP Server - Use Static IP for PASV

BPFTP Server - Configure Data-Ports
Step #1.4: BPFTP Server - Configure Data-Ports

Back to Top

2) Open the Windows Firewall up for the BPFTP Server 2011

Open Windows Firewall
Step 2.0: Open Windows Firewall

Create New Firewall-Rule
Step 2.1 Create New Firewall-Rule

Choose Firewall-Rule Type
Step 2.2: Choose Firewall-Rule Type

Browse for Program
Step 2.3: Browse for Program

Choose Program-Path
Step 2.4: Choose Program-Path

Confirm Program-Path
Step 2.5: Confirm Program-Path

Choose Allow
Step 2.6: Choose Allow

Select Firewall Domain
Step 2.7: Select Firewall Domain

Name Firewall-Rule
Step 2.8: Name Firewall-Rule

Back to Top

3) Open the Windows Firewall up for the Control-Connection

Open Windows Firewall
Step 3.0: Open Windows Firewall

Create New Firewall-Rule
Step 3.1: Create New Firewall-Rule

Choose Firewall-Rule Type
Step 3.2: Choose Firewall-Rule Type

Specify Port for Control-Connection
Step 3.3: Specify Port for Control-Connection

Choose Allow
Step 3.4: Choose Allow

Select Firewall Domains
Step 3.5: Select Firewall Domains

Name Firewall-Rule
Step 3.6: Name Firewall-Rule

Back to Top

4) Open the Windows Firewall up for the Data-Ports (Passive-Mode aka PASV)

Open Windows Firewall
Step 4.0: Open Windows Firewall

Create New Firewall-Rule
Step 4.1: Create New Firewall-Rule

Choose Firewall-Rule Type
Step 4.2: Choose Firewall-Rule Type

Specify Port for Data-Ports
Step 4.3: Specify Port for Data-Ports

Choose Allow
Step 4.4: Choose Allow

Select Firewall Domains
Step 4.5: Select Firewall Domains

Name Firewall-Rule
Step 4.6: Name Firewall-Rule

Back to Top

5) Completed Entries in Windows Firewall

Completed Entries in Windows Firewall
Step 5: Completed Entries in Windows Firewall

Back to Top

FTP Server Firewall Ports and Tester

Using this tool, you can instruct our website to perform a test connection back to your computer running BulletProof FTP Server for Windows.

Starting with Windows XP Service Pack 2, software-based firewalls have become a standard feature to help protect your computer from hackers on the internet.

Going a step further, if your computer is connected to a DSL/Cable modem or Wi-Fi, your computer has been further protected with a more-secure and robust hardware-based firewall. But with this additional protection, comes the need for you to be knowledgable enough to configure these devices to allow BulletProof FTP Server for Windows to be accessible from outside your firewall.

This tool will allow you to test port-forwarding rules setup on your firewall for both the control and data connections and will aid in the determination of your passive (PASV) or port (PORT) mode support.

CLICK TO USE FIREWALL PORT TESTER TOOL