Our "Getting Connected" videos demonstrate how to configure your server's TCP/IP settings and network, with specific details for an Apple Airport router, or general instructions for typical routers featuring Web-based setup.
Most modern local networks with Internet access are bridged to the Internet via a router using a single, ISP-assigned IP address. This page describes the network setup required to allow external users to connect to your Rumpus server on this type of network.
If your Rumpus server has a direct Internet connection, with a permanently assigned, routable IP address, then users should be able to connect to your server immediately, without the additional network setup described here (assuming there are no firewall conflicts).
Step 1: Start Rumpus
Start Rumpus, complete the Setup Assistant, and click "Start Server". Be sure to read the brief instructions displayed when the Setup Assistant completes the server setup.
The help information displayed by the Setup Assistant after the server setup has been completed explains exactly what you need to do to connect to the server from other clients on the network. Be sure to make a note of the server IP address and the URL shown. Also, when Rumpus is started via the "Start Server" button, it first performs a few basic checks to confirm that there are no conflicts with other servers or the local firewall. If a warning dialog is presented after you click "Start Server", be sure to read the warning text carefully.
Step 2: Confirm Local Access
Confirm that the server is functioning by connecting with a Web browser or FTP client running on another computer on the same LAN, and/or running on the Rumpus server itself. When you connect, be sure to specify the local address of the server.
Checking local access to the server is very important, as it confirms that the server is working as expected, and lets you know that remote users will be able to connect as soon as the network is correctly configured. Again, be sure to connect using the local IP address of the server, as inidicated on the Setup Assistant help window. Many networks won't allow local users to connect to the server via the public IP address at all. To make sure you are testing the server, not the network, it is important that you connect directly, using the local address of the server.
Step 3: Check Your Address
Most modern Internet connections are assigned only one IP address for the entire network, and on some networks this address is dynamic (it changes each time your router connects to the ISP). In either case, determine the current address of your LAN.
The best way to confirm your IP address is to check the paperwork/instructions that you received when your Internet connection was installed or set up. You can also contact your ISP for this information. Right now, your IP address appears to be "50.16.108.167".
Again, because this test doesn't directly look up the address (instead, it reports the address your browser connection appears to originate from), it may not always be accurate. Confirming your network address with your ISP is always a good idea.
If your network address is dynamic, look up the current address and use it for testing. Rumpus can be used in dynamic IP environments with proper setup, so for initial testing, don't worry that the address will change in the future.
Step 4: Configure The Router
Configure your router to accept and forward incoming connections to the Rumpus server. Because the Rumpus computer is on a private network, people outside your LAN can't connect directly to the server. Instead, users will connect to the router, which will forward connections to the internal IP address of the Rumpus server. See the "Network Setup" window in Rumpus for an overview of the setup needed, and the "Port Forwarding" topic on this page for an explanation of how forwarding works and why it is needed.
Specific setup procedures will vary depending on the router, so the following instructions are fairly general. If you have detailed questions about configuring port forwarding on your router, contact the router manufacturer.
Open the router setup software, or setup URL if your router is configured by Web browser. Go to the "Port Forwarding" setup area. This is also sometimes called "Virtual Servers", "Pinholes", "Port Mapping", "Inbound Port Mapping", or "Relays". Add an entry to the setup so that port 21 is forwarded to port 21 on the local IP address of the Rumpus server. Next, add an entry so that ports 3000 through 3XXX are also forwarded to the Rumpus server, again making sure that each port is forwarded to the same port on the internal address. The upper bound of this port range ("3XXX") is based on the number of maximum simultaneous connections you have set in Rumpus. The value is 3000 + Max Simultaneous Connections. For example, to support the default maximum number of simultaneous connections (which is 8), the port range to be forwarded is 3000 through 3008. Note that this range is the Rumpus default passive mode port range, but can be changed if needed. See the "Advanced Options" section of the "FTP Settings" help page in the Rumpus control application for details.
If you are using the Rumpus Web File Manager (WFM), you will also need to set up a port forwarding entry for the defined Web Services port. The WFM default port is 80. Be sure to set up a forwarding entry on your router so that the WFM port specified on the "Options" tab of the "Web Settings" window is forwarded to the local IP address of the Rumpus server.
If your router is configured via Web browser, and the router defaults to the same port used by Rumpus (usually, port 80), you may need to change the router admin port. In the router setup, find the "Admin Port", "Web Administration Port", or similar setting and select some unused port ("8080" is a good choice) for router administration. When you log in to the router to perform administration, don't forget to add the non-standard port to the router address when connecting, as in "192.168.1.254:8080".
Of course, any security restrictions on these ports put in place on the router or on an external firewall need to be lifted as well. In addition, you must allow outbound connections on port 20, which is the FTP Active Mode connection port. For more details, see the "FTP Overview" article in this package.
Step 5: Test Your Connection
Have an external user attempt to connect. People connecting from outside your network will need to connect using the external address of your network. No one from outside your LAN will ever be able to connect to the private address (usually, any address that begins "192.168.") of your server.
If you would like a technical support person from Maxum to attempt the connection, choose "Rumpus Help" from the "Help" menu in Rumpus, then click the "Contact Support" button. Using this function pre-enters information about your Rumpus server that will help technical support identify any problems. Please also be sure to supply a test username and password, so that we can log in to your server and check for common problems.
Step 6: Check Passive Connections
If external users can connect and retrieve a directory listing, you are done, and your server is now functional. If external FTP clients can connect but can't retrieve a directory listing, open the "Network Settings" window and supply the "External Network IP Address". Next, flip to the "Router" tab and try connections with the "Allow Router To Perform Data Connection Address Mapping" option turned both on and off.
It is very important to make sure that your network will support passive mode data connections, because most clients will default to using passive mode and many client networks will only permit clients to use passive data connections. Supporting passive connections can be tricky, though, as different routers handle passive FTP in different ways.
Troubleshooting
If remote users aren't able to connect, this section will help figure out why. We'll start by attempting to get users connected via the Web File Manager, since Web browsers are almost always installed on any given computer, and HTTP is a bit simpler than FTP from a networking perspective. It is assumed that you have launched Rumpus on the server, completed the Setup Assistant, and clicked "Start Server".
When testing the ability to connect, be sure to specify the IP address as described in each test below. If the Web server port has been set to any value other than 80, include the port number, separated from the IP address by a colon. For example, to attempt internal connections on port 8000, you might use "192.168.1.100:8000", while the external connection request might be "67.38.123.181:8000". The port (and the colon) can be left off if the Web server port is set to 80.
Confirm that you have entered the local IP address of the server, and included the port number if needed. If you have chosen a port number other than 80 for the Web server port in Rumpus, you will need to specify that number when connecting. For example, if the Rumpus Web server address is "192.168.1.100" and the port is set to 8000, the URL to connect to would be:
http://192.168.1.100:8000/
If the correct address is being entered, then, the Rumpus server is probably unable to start. Check the Rumpus error log for information about possible startup problems.
If you can connect to the server, but the login page isn't shown, then the problem is either an internal Rumpus error, or another Web server is already installed on the computer.
If the page that appears is one that you have set up on a Web server previously, or if it references Apache or any other Web server you might have installed, then there is a server conflict which needs to be resolved. Apache comes pre-installed on all Mac OS X Systems. It can be turned off by unchecking the "Personal Web Sharing" option on the "Sharing" panel of the System Preferences window. If you need to continue running the other Web server, change the Rumpus Web server port to avoid the conflict. This option is on the Web Settings window in Rumpus.
If the page being displayed refers to a general server failure, or refers to Rumpus in any way, then the error message is probably being delivered from the Rumpus server. In this case, check your WFM templates folder, if you have selected an alternate folder or changed the WFM template contents. The default folder is "/usr/local/Rumpus/WFMTemplates/", and the folder must contain a "Login.html", "Listing.html" and other basic template pages.
Be sure you have attempted to connect using the local address of the server, and specified the port number if needed. If you have, but can't connect from a local computer, the problem is probably the firewall software on the Rumpus server Mac. OS X includes built-in firewall software that may be conflicting with connection attempts.
For testing, disable the OS X Firewall by clicking the "Stop" button on the "Firewall" tab of the Sharing System Preferences window. Rumpus is compatible with the OS X Firewall, but it is easiest to disable it completely when trying to determine if the firewall is causing problems. To turn the firewall back on and configure it correctly for use on the server, see the "Firewall Setup" article in the Rumpus package.
If you can connect from a client running on the Rumpus server itself, but can't connect from another computer on the same LAN, and there is no firewall (either the OS X firewall or a third party firewall) blocking connections on the server, then there is a network routing problem. Check with your network administrator to determine where the problem might be.
Based on the fact that local computers can access the server, the Rumpus server is properly accepting connections. The job now is to make sure that connections are properly routed to the server. In other words, if external users can't connect, the problem is almost certainly somewhere in the network.
Remember, when connecting from computers outside your network, people will need to specify the address of your network, not the local address of the server, as well as the port number, if it is set to any number other than 80.
If external users can't connect, and you are sure you have entered the network address and port correctly into the browser, then the problem is usually with your router settings. Open the router setup application or Web interface, and make sure that the Rumpus Web server port is correctly being forwarded from the external Internet connection to the correct internal IP address. The external port and the internal port should be the same, and set to the Web server port in Rumpus. Also, make sure that the router firewall software is disabled, at least for testing, to make sure it isn't interfering with connection attampts.
Contact your ISP and confirm that you are allowed to run Web service within your network, and that it will be available to external users. Ask you ISP to attempt to connect to your server using your external network address. If they can, then the problem is most likely on their network or firewall, since that is an indication that your router is correctly accepting and forwarding connections to the server.
Congratulations! When internal and external users can connect via both Web and FTP connections, your network setup is complete. If you are having some other problem, or have additional questions, please contact Maxum Technical Support by clicking the "Technical Support" button in Rumpus and completing the support request form.
Many FTP clients don't clearly indicate the difference between a failure in opening a connection, logging in, and accessing the user's home directory. Each of these conditions is caused by a different problem, so to determine what is really going on, look at the FTP session transcript. In Fetch, for example, open the transcript window using the "Windows" menu. In Transmit, the Transcript is shown in a drawer by selecting "Show Transcript" from the "View" menu.
Connection Failure
If the transcript ends almost as soon as it begins, without the "welcome" message from the server or a request for password shown, then the FTP client has failed to raise a connection. In this case, make sure that you have entered the correct network address in the FTP client. Also confirm that you have configured your firewall to correctly forward the FTP port, which is usually 21. As with the Web server port settings, the router should be configured so that the external port 21 is mapped to the same port on the internal address of the Rumpus server. If trouble persists, contact your ISP and ask them to connect to your FTP server. When your ISP is able to connect, so should external users on the outside Internet.
Login Failure
If the transcript shows a successful connection, with the server displaying the welcome message and the client attempting to send the name and password, then the problem is most likely with the user account settings. Make sure the username and password have been entered correctly, with both the username and password entered using the correct capitalization. In Rumpus, make sure that the "Permit Login" privilege is enabled for the user account on the Define Users window, and that the user's Home Folder exists and specifies the correct folder.
Passive Mode Failure
If the session transcript shows that the user is confirmed, and additional FTP commands are issued by the client, then the problem is almost certainly a "passive mode" data connection failure. Usually, the FTP command "PASV" will be the last command shown in the log before the error. Passive mode connection problems are almost always caused by one of two things: either the passive mode ports haven't been correctly forwarded at the router, or the Rumpus "Network Address" is set incorrectly for your router.
Make sure that the passive mode port range is set to be correctly forwarded by your router. By default, this range is 3000-3008, but to confirm the range based on your specific Rumpus settings, see the text on the "Configure Your Router" tab of the Rumpus Network Setup window. As with the FTP control port (21, usually), the external ports 3000, 3001, etc. each need to be forwarded to the same port of the internal server.
Some routers require that the FTP server be aware of your network address, while others won't work at all when the server is aware of the network address. On the "Configure Rumpus" tab of the Network Setup window, try entering the external network address in the "Network Address" field. If that fails, try blanking the address. Be sure to click the "Apply Changes" button to save the change between connection attempts. When the router is correctly configured to forward the passive mode port range, one of these two "Network Address" options is compatible with virtually all modern routers.
If none of these suggestions helps to resolve the problem, use the "Technical Support" button in Rumpus to contact Maxum Technical Support. Be sure to mention the tests that you have performed, and the results. Also, please confirm the network address and supply a username and password so that our support person can try logging in to your server directly.
Port Forwarding
Many networks are connected to the Internet using a single IP address, even though the network might link many computers. This is done to reduce connectivity costs and as an effective security measure, but it does present special problems when you are first setting up an FTP server.
Networks configured this way typically use IP addresses that begin "192.168." on each local computer, although addresses that begin "172.16." or "10." can also be used. Addresses in this range are reserved for private (not directly Internet connected) use, and are not routable across the Internet. In other words, if the computers on your network have TCP/IP addresses that begin "192.168.", then those addresses can be used only for local connections. No one on the Internet will be able to connect directly to any computer on your LAN.
Port forwarding is the solution to the problem of how to connect external users to your internal, private network. Because your router is connected to both the public Internet and your private LAN, it is capable of accepting connections from external users and re-routing those connections to the Rumpus server.
Since your router is the only device on your network with a "real" Internet IP address, you tell your clients to connect to that address to establish FTP connections. Different Internet services run on different ports, numbered 1 through 65536. The Web, for example, usually runs on port 80, while FTP uses port 21 (by default) for its primary connections. When the router receives a connection request, it checks the port number the client is connecting to, and forwards the request to a computer on the local network as needed.
To make all of this work, you will need to configure your router to forward incoming FTP connections to the local IP address assigned to the Macintosh running Rumpus. Since FTP uses multiple connections (each of which runs on a different port) to perform data transfers, there will be several ports you will need to configure for forwarding. Also, Rumpus will sometimes need to tell clients what address to make new connections on, so you may need to specify the "real" Internet address of the router in Rumpus, depending on your router type.
For details on configuring your router, see the "Network Setup" window in Rumpus, as well as the "Steo-By-Step Setup" instructions on this page.
Addresses, Ports And Domain Names
Every computer on the Internet is identified by an "IP Address", which is an indentifier that allows one Internet connected computer to establish a connection to another other. The IP address is similar to a phone number, in that it allows you to select who you are going to connect to.
On a private network, each computer is assigned (either statically or dynamically) a local address, which is "non-routable". In other words, a computer with a local address can be directly accessed only by a computer on the same local network. Local addresses should always begin with "192.168.", "10." or "172.16." through "172.31.".
In the case of private LANs, the entire network is assigned a single (sometimes several) "routable" IP address, and your local router is given this address. The router exists on both the external Internet and the local network, and shuffles requests between them, giving your local users access to remote servers, and remote users access to servers on your LAN, when configured properly.
If an IP address is the equivalent of a phone number, then port numbers can be considered phone system extensions. In the same way that you might call a company and ask for extension 102 to be connected with the sales department or extension 115 to reach customer service, Internet ports allow clients to access different services on your server. One difference is that on the Internet, common services always use the same port, or extension, at least by default. For exapmple, for FTP service, port 21 is used, and for Web service, the port is usually 80.
When you connect to a Web server, for example, you specify that server's address (or domain name, which we'll get to in a moment), and your Web browser automatically connects to the remote server on port 80. You can specify a different port by adding a colon (":") and the port number, as in "67.38.123.181:8000".
To finish our telephone analogy, there is one more element: the domain name. Domain name service is essentially an electronic phone book, allowing you to associate a name, such as "www.maxum.com" with an IP address, "67.38.123.181". When you make a phone call, the person that answers is unaware whether or not you looked up the phone number in the phone book (or which phone book). Similarly, a domain name is completely unrelated to the service provided by the server, and it makes no difference to the server whether the client initiated the connection by specifying the IP address or the domain name. To populate a domain name for your server (add your server to the Internet server phone book), contact your ISP or a domain name registrar.
Technical Support
Getting external users connected to your Rumpus server is usually the most difficult part of setting up and managing your server. Maxum technical support is experienced in identifying problems on the server, your network, and at your ISP, and we will be happy to help you make your server available to remote clients. If your question isn't answered in this article, send e-mail to "support@maxum.com", or simply click the "Technical Support" button in Rumpus and complete the support request form.
To speed up the resolution of your problem, please let us know...
What FTP client or Web browser are you using to attempt to connect to the server?
Can you connect using an FTP client or Web browser running on the server Mac itself by connecting to the local IP address of the server?
Can you connect using an FTP client or Web browser running on another computer on the same LAN by connecting to the local IP address of the server?
Finally, we'll want to connect to your server to check for problems, so be sure to include the network IP address, port number (especially if you are attempting to connect via the Web File Manager) and a sample username and password.