possible problems with Virtual Server

Hi, im looking to set up a FTP service so that my girlfriend (who has just got broadband in) can access music off my computer.

I have used IIS to FTP my music folder so, if i go on any computer on my LAN and enter: ftp://10.0.0.4/ the music appears asif i was looking on my computer.

Given that i can access this ftp across all comps on my LAN (both XP pro and 2k pro) i can assume that there is nothing preventing my ADSL router seing this ftp address.

Also from this i assume i have IIS confugured properly.



So i have set up my router (Netgear DG834) firewall as follows:

Security>Firewall Rules>Outbound Services
Service: FTP (TCP:20/21)
Acton: ALLOW always
LAN Users: Single Address
start: 10.0.0.4
finish: -.-.-.-
WAN Users: ANY
start: -.-.-.-
finish: -.-.-.-
Log: Never
<Apply>

Security>Firewall Rules>Inbound Services
Service: FTP (TCP:20/21)
Acton: ALLOW always
Send to LAN Server: 10.0.0.4
WAN Users: ANY
start: -.-.-.-
finish: -.-.-.-
Log: Never
<Apply>

Security>Firewall Rules>
<Apply>

<Logout>



Having done that i now assume that if i go to access my internet IP address (found from whatsmyip.com, my ISP website and router info) which is say 123.123.123.123 (which its not) by ftp://123.123.123.123

i get the message:

FTP Folder Error
Windows cannot access this folder. Make sure you typed the file name correctly and that you have permission to access the folder.
Detials:
A connection with the server could not be established
<OK>


I have tried things like:
ftp://123.123.123.123/21
ftp://123.123.123.123:21
(which on hitting <enter key> changes to ftp://123.123.123.123)
ftp://123.123.123.123/10.0.0.4
(The page cannot be displayed)





If anybody has any info i would appreciate it.

Thanks,
Stuart

 

IT might just be safer and simpler to set up a Virtual Network with one of the free VNC clients. This would allow you to network the two computers over the internet as if they were side by side in the same room,.

http://www.realvnc.com/


http://www.tightvnc.com/


http://ultravnc.sourceforge.net/

http://www.redstonesoftware.com/vnc.html

You can use one of these to give her remote assistance on her computer as well as to transfer or access files on each others computers.

 

Thanks for the advice

How do thoes things work? Ive tried VPN before and found my internet traffic going out that way too.

Ive got 2Mbit connection, she 512k. I dont want my connection to tunnel and get out through hers cos ill end-up only getting less than 30k.

Vice-versa - i dont want her connection coming through mine.

Will any of thoes programs work just to "share" a folder?

Thanks.
Stuart.

 

Also, ment to say, i already have full www.logmein.com on my computer.

That and the things you suggested all apear that you have to copy the file from remote to local before use.

I was wanting ftp (or something) that would allow the remote person (or people) to stream the music off my comp to hers. I wdnt want her copying things as files would end up everywhere and go missing.

I could just get another HDD but was wanting to avoid this.

Stuart.

 

Simpleserver shout

Will that do?

 

Oh no.... fraid that wont do

That only lets me stream what im playing (i think)

________________

What i want to do is:
You know how when ur on your LAN and you open a file on your local computer (PC1) which is stored on another PC (PC2) on your LAN.....

And when you do this, your PC(1) just opens it (doesent copy the file from 2 to 1). If its music or video or something it plays it off the other PC(2) over the LAN and your PC(1) does the playing.

I want to do the same over the internet.

If the remote user thinks "oh i want to listen to that song" she just browses the folder and opens....
-OR-
opens it from some media library.

______________________


Is there anything avaliable which will allow that?


Thanks - sorry for being a pain!
Stuart

 

FTP Folder Error
Windows cannot access this folder. Make sure you typed the file name correctly and that you have permission to access the folder.

Try this:
- turn off Simple File Sharing on XP. It was probably set to use that by default when the OS was loaded.
- make sure she is logging on to her PC with a username and NON-BLANK password.
- add that username/password (case sensitive BTW) to your local users and give it rights to the folder in question.

 

If i turn this off will my LAN file sharing still be possible? (im assuming it just Right Click>Sharing and Security>uncheck Share this folder.... )

It confuses me that with the ftp i can get full acess of the ftp folder on the LAN (on flatmates w2kp machine, and xp pro laptop)..... but the router wont forward it to the internet.

_________________________

On the router forwarding.....
Just so i know ive got it correct....(or wrong, or otherwise)

If i carry out the Port Forwarding/Virtual Server/Firewall set-up on my router (Netgear DG834) i should be able to do:

ftp://my.external.ip.address

Just like i CAN do

ftp://my.internal.ip.address

to access the folder which i can ftp-ize. (Sucessfully on LAN with IIS or BulletProff FTP {not together tho})
_________________________

Also, her connection isnt set-up and im just trying the "ftp://my.external.ip.address" thing on my laptop and at work when i get there.
_________________________

If i [do a bad thing(?)] and put my external IP address on here could somebody check it to see if ftp ports 20 and 21 are visible just incase im doing something odd when i check them online.

Thanks for your patience ppl!

Stuart.

 

File sharing on your LAN will still be possible although you may have to tweak a thing or two. The whole 'simple file sharing' thing is a recent invention that first showed up with XP where it is the only option with XP-home and an option with XP-pro. It was designed to allow home users to share files with less setup (and less security and fewer options).

The PCs on your LAN if you disable simple file sharing on all of them will need one of the following:
- enable the Guest account (yuck - works but very unsecure)
- require a username/password logon for each PC and have them all identical. Fine if you want your LAN that wide open but nothing I'd be comfortable with even if I trusted each person who used the LAN.
- require a username/password logon for each PC and place a copy of each account on all the PCs. Slightly more setup work but gives you by far the most control over the network since each user can be given full or limited access to each PC according to what they need.

I would be very nervous about allowing FTP from the internet with a basically unsecured network. That was a consideration when I suggested you get rid of the Simple File Sharing piece. Another consideration is that I have never worked with it so am not that familiar with how it behaves and there could be some quirks that would give problems in this instance. Maybe not but XP-home and Simple File Sharing are two things I don't intend to ever play with enough to be comfortable with them.

If you email me your IP address along with a link to this thread so I remember exactly what we are doing I will be happy to do some testing for you. In the morning though since I get home from work around midnight and can't do the testing from here. Are you set to allow anonymous FTP connections?

If you have port forwarding set up properly, any calls to your public IP should certainly be redirected to the PC you picked. I've only messed with HTTP traffic with port forwarding so I need to do some checking to see if ftp packets will behave the same but my guess is that they will.

 

I dont have any XP-home PC's (didnt want things to break).

At the moment my flatmate logs onto Win2kp unpasworded Admin account Automatically. My Xp-Pro and my laptop are XP-pro and are again unpasworded Admin accounts.

We dont have any need for security on the LAN as private folders which get shared when we share the Hard-Drives are called "somthing - private - something" so we know not to look in there.

Are you saying that is possible that using the FTP (This FTP folder which contains only music) people/things from WAN could get onto the LAN shared folders?

If i take your last option - "- require a username/password logon for each PC and place a copy of each account on all the PCs "
Is is just a case of:
Login Name
Password
Priveledges

Setting up these user accounts with the same settings on each LAN pc.... or do i need to do something like create an account and "copy and paste" it to each PC?

Ive never done anything with user accounts - so will take a bit of thinking about. I think its a hasstle on the same PC for just 2-3 people who are perfectly trusted.

Just to try the ftp set-up and check that its working before i muck about with accounts - or do i need to to test the FTP.

_______________________________

Will email my IP address details just shortly.

Thanks,
Stuart.

 

Hi Stuart. Got your emails this morning but was super busy until I left for work so tomorrow for the testing.

Re: security - even with only trusted internal users you are still leaving yourself at risk if someone manages to break into your LAN as can happen as a result of some types of malware. Allowing FTP traffic adds to the risk. I'd suggest the following in your situation (and it is what we do at home with just my wife & I and a pair of PCs):

Put a strong password on the Administrator account. A mix of letters, numbers, and symbols with a total length of at least 12. 36,oops_wazzup* would be near impossible for any brute force password cracker to manage in under a week of making your PC work hard. No problem if you use the same password on all your PCs and write it down.

Create a daily use account for each user with a password you can remember - although a mix of letters and numbers while avoiding words is good - and add that account to the power users group. Then you can do most routine tasks including install new software and only need the administrator account to do major surgery on the PC.

You were correct about just adding the user account & password then putting the account into the proper group. I am stressing passwords since XP-pro and 2K both function better with them than without.

On both XP-pro and 2K, all you will need to do is right-click on My Computer, left-click on Manage, and then go into the users and groups section and add the accounts.

 

stuartsjg

I have nothing technical to add this post .. you are already working with the best (Newt). My limited experience with FTP (Charter cable) was painfully slow (3MB down/256KB up Internet service). I don't fully understand if you would stream this (will hit your upload performance) or copy out to a file(s) (does your ftp service have a maximum space allocation)? It is obvious, Newt is very concerned in keeping your computer secure. It does not appear to be an easy task. Just a suggestion .. have you considered burning some mp3's to a DVD (depending on your bit rate, should fit between 500 to a 1000 songs) and take it over to your girlfriends. Like I said, just a suggestion.

 

I agree with Newts advice about security. You need passwords on your Admin accounts to protect them from automated attacks like trojans and viruses. They won't be after your data, but rather your computing resources to relay spam and launch distributed attacks on target websites.

However, for the set up you are describing, the system I'd recommend using is Virtual Private Networking (VPN). Windows 2000 can be set up as a simple VPN server using PPTP (not the most secure VPN system but much better than opening FTP ports).

On the PC that shares the files (on your network) set up the system using the add new connections wizard, to accept incoming VPN connections. Then on your girlfriends PC use the same wizard to create a connection to the remote pc (using the external IP address of your router). You'll need to forward the VPN ports on your router to the file sharing PC (you'll have to look them up - if memory servers me right they are 50 and 500). The rule should be set for incoming only. You'll be replying to source ports that will be in the normal range (>1024) and therefore don't have to specify a rule for that.

Create a user account for your girlfiend on the file sharing PC. Give it a very secure password (she can set her system to remember the password so she won't have to enter it every time she accesses the VPN), and remote access rights. Also make sure that user has read rights for the folder you are sharing.

Once you get the VPN working, your girlfriend will be able to access your files using normal file sharing (though the connection will be slow).

By the way, the burning of files onto a DVD has merit

 

Thanks all for your input on this.

Will take some time to try all the networking options. I think ill try the VPN but i am worried about my internet connection being tunneled to hers... or vice-versa.

If she VPN's onto my PC will her remote computers web traffic tannel through to mine - onto my OC then out onto the internet through my connection?

I was looking at DVD's but for that she'll have to learn to be patient for when i have something she wants.

I think what im after doesnt easilly exist

Thanks all

Stuart.