Rumpus: Get Connected

Allowing Remote Users To Access Your Rumpus Server

Topics:

Our "Getting Connected" videos demonstrate how to configure your server's TCP/IP settings and network, with specific details for an Apple Airport router, or general instructions for typical routers featuring Web-based setup.
Apple Airport Router Setup	Web Interface Router Setup

Step-By-Step Setup

Most modern local networks with Internet access are bridged to the Internet via a router using a single, ISP-assigned IP address. This Web page describes the network setup required to allow external users to connect to your Rumpus server on this type of network.

If your Rumpus server has a direct Internet connection, with a permanently assigned, routable IP address, then users should be able to connect to your server immediately, without the additional network setup described here (assuming there are no firewall conflicts).

Step 1: Start Rumpus
Start Rumpus, complete the Setup Assistant, and click "Start Server". Be sure to read the brief instructions displayed when the Setup Assistant completes the server setup. The help information displayed by the Setup Assistant after the server setup has been completed explains exactly what you need to do to connect to the server from other clients on the network. Be sure to make a note of the server IP address and the URL shown. Also, when Rumpus is started via the "Start Server" button, it first performs a few basic checks to confirm that there are no conflicts with other servers or the local firewall. If a warning dialog is presented after you click "Start Server", be sure to read the warning text carefully.

Step 2: Confirm Local Access
Confirm that the server is functioning by connecting with a Web browser or FTP client running on another computer on the same LAN, and/or running on the Rumpus server itself. When you connect, be sure to specify the local address of the server. Checking local access to the server is very important, as it confirms that the server is working as expected, and lets you know that remote users will be able to connect as soon as the network is correctly configured. Again, be sure to connect using the local IP address of the server, as inidicated on the Setup Assistant help window. Many networks won't allow local users to connect to the server via the public IP address at all. To make sure you are testing the server, not the network, it is important that you connect directly, using the local address of the server.

Step 3: Check Your Address
Most modern Internet connections are assigned only one IP address for the entire network, and on some networks this address is dynamic (it changes each time your router connects to the ISP). In either case, determine the current address of your LAN. The best way to confirm your IP address is to check the paperwork/instructions that you received when your Internet connection was installed or set up. You can also contact your ISP for this information. Rumpus is capable of looking up your network address, though if you use a proxy server or certain other types of network connections, this lookup will be incorrect. The same type of address lookup is available using a Web browser, by accessing the URL: http://www.maxum.com/MyIP.nclk Again, because this test doesn't directly look up the address (instead, it reports the address your browser connection appears to originate from), it may not always be accurate. Confirming your network address with your ISP is always a good idea. If your network address is dynamic, look up the current address and use it for testing. Rumpus can be used in dynamic IP environments with proper setup, so for initial testing, don't worry that the address will change in the future.

Step 4: Configure The Router
Configure your router to accept and forward incoming connections to the Rumpus server. Because the Rumpus computer is on a private network, people outside your LAN can't connect directly to the server. Instead, users will connect to the router, which will forward connections to the internal IP address of the Rumpus server. See the "Network Setup" window in Rumpus for an overview of the setup needed, and the "Port Forwarding" topic on this page for an explanation of how forwarding works and why it is needed. Specific setup procedures will vary depending on the router, so the following instructions are fairly general. If you have detailed questions about configuring port forwarding on your router, contact the router manufacturer. Open the router setup software, or setup URL if your router is configured by Web browser. Go to the "Port Forwarding" setup area. This is also sometimes called "Virtual Servers", "Pinholes", "Port Mapping", "Inbound Port Mapping" or "Relays". Add an entry to the setup so that port 21 is forwarded to port 21 on the local IP address of the Rumpus server. Next, add an entry so that ports 3000 through 3XXX are also forwarded to the Rumpus server, again making sure that each port is forwarded to the same port on the internal address. The upper bound of this port range ("3XXX") is based on the number of maximum simultaneous connections you have set in Rumpus. The value is 3000 + Max Simultaneous Connections. For example, to support the default maximum number of simultaneous connections (which is 8), the port range to be forwarded is 3000 through 3008. Note that this range is the Rumpus default passive mode port range, but can be changed if needed. See the "Advanced Options" section of the "FTP Settings" help page in the Rumpus control application for details. If you are using the Rumpus Web File Manager (WFM), you will also need to set up a port forwarding entry for the defined Web Services port. The WFM default port is 8000, but we recommend changing this to the HTTP default of 80 unless another Web server on your network is already using that port. In any case, be sure to set up a forwarding entry on your router so that the WFM port specified on the "Web Server" tab of the "Web Settings" window is forwarded to the local IP address of the Rumpus server. If your router is configured via Web browser, and the router defaults to using for administration that Rumpus is set to use for the Web File Manager (probably port 80), you may need to change the router admin port. In the router setup, find the "Admin Port", "Web Administration Port", or similar setting and select some unused port ("8080" is a good choice) for router administration. When you log in to the router to perform administration, don't forget to add the non-standard port to the router address when connecting, as in "192.168.1.254:8080". Of course, any security restrictions on these ports put in place on the router or on an external firewall need to be lifted as well. In addition, you must allow outbound connections on port 20, which is the FTP Active Mode connection port. For more details, see the "FTP Overview" article in this package.

Step 5: Test Your Connection
Have an external user attempt to connect. If you would like a technical support person from Maxum to attempt the connection, click the "Technical Support" button in Rumpus, and ask our support staff to check your server. People connecting from outside your network will need to connect using the external address of your network. No one from outside your LAN will ever be able to connect to the private address (usually, any address that begins "192.168.") of your server. If you would like someone from Maxum to attempt to connect, click the "Technical Support" button on the "Management" tab of the main Rumpus control window, and complete the form. Using this function pre-enters information about your Rumpus server that will help our technical support person identify any problems. Please also be sure to supply a test username and password, so that we can complete the login.

Step 6: Check Passive Connections
If external users can connect and retrieve a directory listing, you are done, and your server is now functional. If external FTP clients can connect but can't retrieve a directory listing, enter the "Network Address" field on the "Network Setup" window and try again. It is very important to make sure that your network will support passive mode data connections, because most clients will default to using passive mode and many client networks will only permit clients to use passive data connections. Supporting passive connections can be tricky, though, as different routers handle passive FTP in different ways. The "Network Address" field on the Rumpus "Network Setup" window may need to be left blank, or you may need to supply the external IP address of your network, depending on the router type. The easiest way to tell is simply to try both. Don't forget that you also need to have the router forward ports 3000-3008, by default. This range can be changed in Rumpus, so bbe sure to check the help text on the Network Setup window, which is customized for your Rumpus settings.

Troubleshooting

If remote users aren't able to connect, this section will help figure out why. We'll start by attempting to get users connected via the Web File Manager, since Web browsers are almost always installed on any given computer, and HTTP is a bit simpler than FTP from a networking perspective. It is assumed that you have launched Rumpus on the server, completed the Setup Assistant, and clicked "Start Server".

When testing the ability to connect, be sure to specify the IP address as described in each test below. If the Web server port has been set to any value other than 80, include the port number, separated from the IP address by a colon. For example, to attempt internal connections on port 8000, you might use "192.168.1.100:8000", while the external connection request might be "67.38.123.181:8000". The port (and the colon) can be left off if the Web server port is set to 80.


Test 1:	If you launch a Web browser on the same computer as Rumpus itself, and attempt to connect to the local address of the server, are you presented with the WFM login page?

Many FTP clients don't clearly indicate the difference between a failure in opening a connection, logging in, and accessing the user's home directory. Each of these conditions is caused by a different problem, so to determine what is really going on, look at the FTP session transcript. In Fetch, for example, open the transcript window using the "Windows" menu. In Transmit, the Transcript is shown in a drawer by selecting "Show Transcript" from the "View" menu.

Connection Failure

If the transcript ends almost as soon as it begins, without the "welcome" message from the server or a request for password shown, then the FTP client has failed to raise a connection. In this case, make sure that you have entered the correct network address in the FTP client. Also confirm that you have configured your firewall to correctly forward the FTP port, which is usually 21. As with the Web server port settings, the router should be configured so that the external port 21 is mapped to the same port on the internal address of the Rumpus server. If trouble persists, contact your ISP and ask them to connect to your FTP server. When your ISP is able to connect, so should external users on the outside Internet.

Login Failure

If the transcript shows a successful connection, with the server displaying the welcome message and the client attempting to send the name and password, then the problem is most likely with the user account settings. Make sure the username and password have been entered correctly, with both the username and password entered using the correct capitalization. In Rumpus, make sure that the "Permit Login" privilege is enabled for the user account on the Define Users window, and that the user's Home Folder exists and specifies the correct folder.

Passive Mode Failure

If the session transcript shows that the user is confirmed, and additional FTP commands are issued by the client, then the problem is almost certainly a "passive mode" data connection failure. Usually, the FTP command "PASV" will be the last command shown in the log before the error. Passive mode connection problems are almost always caused by one of two things: either the passive mode ports haven't been correctly forwarded at the router, or the Rumpus "Network Address" is set incorrectly for your router.

Make sure that the passive mode port range is set to be correctly forwarded by your router. By default, this range is 3000-3008, but to confirm the range based on your specific Rumpus settings, see the text on the "Configure Your Router" tab of the Rumpus Network Setup window. As with the FTP control port (21, usually), the external ports 3000, 3001, etc. each need to be forwarded to the same port of the internal server.

Some routers require that the FTP server be aware of your network address, while others won't work at all when the server is aware of the network address. On the "Configure Rumpus" tab of the Network Setup window, try entering the external network address in the "Network Address" field. If that fails, try blanking the address. Be sure to click the "Apply Changes" button to save the change between connection attempts. When the router is correctly configured to forward the passive mode port range, one of these two "Network Address" options is compatible with virtually all modern routers.

Port Forwarding

Many networks are connected to the Internet using a single IP address, even though the network might link many computers. This is done to reduce connectivity costs and as an effective security measure, but it does present special problems when you are first setting up an FTP server.

Networks configured this way typically use IP addresses that begin "192.168." on each local computer, although addresses that begin "172.16." or "10." can also be used. Addresses in this range are reserved for private (not directly Internet connected) use, and are not routable across the Internet. In other words, if the computers on your network have TCP/IP addresses that begin "192.168.", then those addresses can be used only for local connections. No one on the Internet will be able to connect directly to any computer on your LAN.

Port forwarding is the solution to the problem of how to connect external users to your internal, private network. Because your router is connected to both the public Internet and your private LAN, it is capable of accepting connections from external users and re-routing those connections to the Rumpus server.

Since your router is the only device on your network with a "real" Internet IP address, you tell your clients to connect to that address to establish FTP connections. Different Internet services run on different ports, numbered 1 through 65536. The Web, for example, usually runs on port 80, while FTP uses port 21 (by default) for its primary connections. When the router receives a connection request, it checks the port number the client is connecting to, and forwards the request to a computer on the local network as needed.

To make all of this work, you will need to configure your router to forward incoming FTP connections to the local IP address assigned to the Macintosh running Rumpus. Since FTP uses multiple connections (each of which runs on a different port) to perform data transfers, there will be several ports you will need to configure for forwarding. Also, Rumpus will sometimes need to tell clients what address to make new connections on, so you may need to specify the "real" Internet address of the router in Rumpus, depending on your router type.

For details on configuring your router, see the "Network Setup" window in Rumpus, as well as the "Steo-By-Step Setup" instructions on this page.

Addresses, Ports And Domain Names

Every computer on the Internet is identified by an "IP Address", which is an indentifier that allows one Internet connected computer to establish a connection to another other. The IP address is similar to a phone number, in that it allows you to select who you are going to connect to.

On a private network, each computer is assigned (either statically or dynamically) a local address, which is "non-routable". In other words, a computer with a local address can be directly accessed only by a computer on the same local network. Local addresses should always begin with "192.168.", "10." or "172.16." through "172.31.".

In the case of private LANs, the entire network is assigned a single (sometimes several) "routable" IP address, and your local router is given this address. The router exists on both the external Internet and the local network, and shuffles requests between them, giving your local users access to remote servers, and remote users access to servers on your LAN, when configured properly.

If an IP address is the equivalent of a phone number, then port numbers can be considered phone system extensions. In the same way that you might call a company and ask for extension 102 to be connected with the sales department or extension 115 to reach customer service, Internet ports allow clients to access different services on your server. One difference is that on the Internet, common services always use the same port, or extension, at least by default. For exapmple, for FTP service, port 21 is used, and for Web service, the port is usually 80.

When you connect to a Web server, for example, you specify that server's address (or domain name, which we'll get to in a moment), and your Web browser automatically connects to the remote server on port 80. You can specify a different port by adding a colon (":") and the port number, as in "67.38.123.181:8000".

To finish our telephone analogy, there is one more element: the domain name. Domain name service is essentially an electronic phone book, allowing you to associate a name, such as "www.maxum.com" with an IP address, "67.38.123.181". When you make a phone call, the person that answers is unaware whether or not you looked up the phone number in the phone book (or which phone book). Similarly, a domain name is completely unrelated to the service provided by the server, and it makes no difference to the server whether the client initiated the connection by specifying the IP address or the domain name. To populate a domain name for your server (add your server to the Internet server phone book), contact your ISP or a domain name registrar.