Port forwarded for a remote access to my ftp server but It only works on my phone

2

I have an ftp server which I wanted to access from outside of my local network. It is located on the IP 192.168.0.23 port 21. I port forwarded port 21 and tried to connect with my phone while I wasn't connected to my wifi and it worked. The problem is I can't connect with any other device. Today I tried connecting with my phone again while I was away from home (so you don't think I was connected to wifi by acident) and it worked, but when my friend tried it didn't work. My network set up is: main ZTE router that is connected to the internet, TP-Link archer C7 which is connected to my ZTE router and I use it as an access point. My ftp server is also set up on Archer C7. I'm really confused with this problem because for some unknown reason it works for my phone but doesn't for everything else. Has anyone encountered anything like this?

P.S I contacted my ISP to ask them if they block my ports and they said they don't.

Nenad

Posted 2018-04-13T17:09:26.077

Reputation: 161

O)ne thing we can be sure: If it works for one device connecting from outside the network, it works. But what are you using from the phone? Just in case it's an app with some sort of "black magic" going on. – None – 2018-04-13T20:04:39.737

I just open my regular chrome browser and go to the ip address and it works. – Nenad – 2018-04-13T20:13:21.107

When you try to access the FTP server in your browser, are you entering the IP address "192.168.0.23?" Because that should not work anywhere outside of your house. The whole 192.168.x.x block is reserved for private networks. So to access from outside your house you would have to enter the public IP address of your home router. And unless you pay your ISP extra money each month for a static IP address (usually very expensive and only used by businesses), your router's public IP address will change randomly at your ISP's discretion. So you probably want to use a hosting service or AWS... – A. Kendall – 2018-04-13T23:45:30.633

I am using my Public IP (10.215..) when I'm connecting to it – Nenad – 2018-04-14T05:14:42.887

10.x.x.x is not a public IP Address. – Tetsujin – 2018-04-14T07:14:15.240

It says on my router that that address is my wan address. And how is it possible for me to connect to it from outside? I know it is in private ip range but why is it displayed as my public IP? – Nenad – 2018-04-14T08:40:28.673

Tests: 1. switch off phone wifi completely & try again. 2. From your server computer, Google "What's my IP address?" – Tetsujin – 2018-04-14T11:55:09.597

Your WAN address suggests that your provider is using https://en.wikipedia.org/wiki/Carrier-grade_NAT ?

– Douglas Leeder – 2018-04-14T14:08:59.080

Is your phone on the same carrier? Maybe it's inside the carrier grade NAT as your home connection? – Douglas Leeder – 2018-04-14T14:09:33.590

@DouglasLeeder yes my phone is on the same carrier. Is there a way to go around that? – Nenad – 2018-04-14T14:13:56.097

Answers

1

Judging from comments, both your home connection and phone are on the Carrier-grade NAT system.

This is evident because your 'WAN' address is in the 10.* IPv4 range, which is private use (i.e. for NATs or isolated networks), so can't be reached by other machines on the internet.

Your phone can reach your home router because it is on the same NAT, in the same way that two machines on your home network can reach each other.

Solutions:

  1. Ask your ISP for a proper externally routable IPv4 address, but that may not be possible, or require extra money. Also ask for a static IP address so that you can reach your machine.
  2. Ask your ISP for an IPv6 address (range) - this is the correct long term solution since IPv6 has plenty of addresses available, but your ISP might not support it, and any clients will also need to have IPv6 addresses to reach you (or a gateway of some sort).
  3. Host your service on AWS or similar cloud providers.
  4. Ask for a tunnel in the Carrier grade NAT, but your ISP is unlikely to offer that.

Also ftp is probably not the best sort of server to set, they tend to have port problems, and ftp is unencrypted, it might be best to setup a sftp or http server instead?

Douglas Leeder

Posted 2018-04-13T17:09:26.077

Reputation: 1 375

Asked: 2018-04-13T17:09:26.077

Viewed: 360 times

Active: 2018-04-14T14:26:06.750