I noticed that since I got internet service over ADSL from Swisscom, I've not been able to do anything with FTP. I can't download knoppix (linux), I can't connect to an FTP server hosted by a friend, and I can't send pictures/videos to family and friends over FTP. I've tried the standard port 21 as well as some ports in the 50xxx range. Has anyone had similar experiences? I've also noticed an awful lot of tcp resets when viewing connection data over wireshark (protocol analyser/packet sniffer). Did I miss something in the terms of service? Does anyone with Cablecom or another provider have issues with ports, resets, or blocked services?

I have a feeling that it could be the ADSL modem they provided me. It seems to want to blow out my settings as soon as it trains up to make a connection with the upstream server, but I'd rather not buy another ADSL modem if that's not the problem.

Any thoughts/experiences would be much appreciated.

I should probably also mention that I'm an IT guy and I've probably taken care of the basic firewall/router issues, but it's always possible that I overlooked something.

Thanks!

Weird coincidence, I downloaded Knoppix last night via ftp on a Swisscom connection. A lot of the mirrors are a bit flaky though, try speedline.de (i think that's what it was called)

I just tried a few different mirrors and none came up.

But then I tried a proxy to the US on my friend's computer and it came up just fine. The knoppix linux mirror site was:
ftp://ftp.gwdg.de/pub/linux/knoppix/

I find it rather strange that I can get it through the proxy but not with a direct connection. I'll have to think about why that could be... but if anyone want's to help please try that ftp mirror from a Swisscom connection.

Somehow I still think something is wierd with my DSL modem. They gave me an SMC model #SMCA1T-A modem when I signed up for the service. What type of modem are you using?

I'm using my own linksys one, will try the link when I get home, currently stuck in mega delay at HB

For a min I thought it was an ad blocking program of mine called "Ad Muncher", but it turned out not to be (I forgot I was still using the proxy).

that mirror works for me:
ftp://ftp.gwdg.de/pub/linux/knoppix/...7-01-04-EN.iso

The SMC is a new modem Swisscom is offering. I've seen it offered only with their "low end" ADSL subscriptions ("DSL Start", "DSL Mini"). Some ideas could be:

1-Maybe they block FTP for low-end subscribers? (I doubt it, but just a thought)

2-Maybe since the modem is a new device in their inventory, there are some problems with it?

3- You say when it connects it wants to "blow out your settings". What do you mean? Actually, on my Swisscom Netopia/Motorola router the firmware is automatically updated by Swisscom, along with other settings. It seems they are taking more control of the router. Maybe Swisscom detects some different setting you made in your modem and resets it to their settings?

Having said all that, my Netopia router allows FTP and all other connections with no problems. Maybe try another computer on your modem to see if it's something on your PC or if it's actually a problem with the modem.

I also have ADSL from Swisscom and have no problems downloading Knoppix from any of the following mirrors:

http://knopper.net/knoppix-mirrors/index-en.html

Have you tried just to reset it? I had so many issues with my old ADSL netopia modem/router that were only solved by resetting it once in a while.

Yeah, after poking around in it for a while and completely hosing my connection I did a factory reset and it started working again, this time with knoppix download support

Connections are still rather strange on it though. I somehow managed to get to an ftp site of a friend, but only after setting it to pasv even though both sides had multiple ports open. I also noticed that canyouseeme.org can't connect to my ftp server on any port (tried hosting ftp server on various well known ports).

I guess that's what I get for accepting a "complementary" modem...

Anybody have any experience with the digital phone line version of the ADSL package? It's supposed to be 8-20mbps down and 1000kbps up. Cablecom sounds better with 25mbps down and 2500kbps up, but then again, cable is shared bandwidth.

Anybody compare the two?

My experience of Swisscom is generally better than Cablecom, support aside my Swisscom connection has much lower latency.

Good to know about the latency thing. It wouldn't surprise me if further down the line cablecom is just connecting to swisscom's infrastructure anyway.

One thing is still bothering me though. I can't get any incomming connections to work. For example, if I host an FTP server, I can't log in from a remote computer. It seems to be that way on any port (tried 21, 23, 59, 81, 1025, 4001, 52333). Can anyone else get an FTP server or another service to be seen from the outside world? Go to canyouseeme.org for an easy way to test.

If you don't have any sort of a server program, try the TFTP program from Solarwinds, or an open source FTP Server called "Filezilla". If anyone wants, I can email them a copy to spare them the download time. Just PM me with your email address and which program you want. Both are Free to use (not shareware or trialware).

I'll be getting a new apartment soon and it'll be good to know if I should make sure that Cablecom is available due to avoid incomming ports being blocked.

I think my next step is to buy a better DSL modem though... Any suggestions on what modems are better than the rest?

Sure, I can get an FTP server to work, even SSH, remote access, video streaming for security cameras also. But you need to setup the NAT in the SwissCom modem/router, since the UPnP function does not work that well. Then you also need to take into account, that your IP changes ever so often, which means you need to have a system of tracking this change and reporting it to you, or use DynDNS to get it working.

/Peter

It is quite possible that the "features" of FTP are the issue here, active versus passive port allocation. The server based verification of client, reverse IP lookup's, etc.

Outbound, NAT and statefull firewall (SPI) will cause problems on "cheaper" firewalls as they may not track the port allocations correctly.

Inbound, it depends as port 21 is only used to initiate the connection, port 20 is used for data in passive and active will dynamically allocate a random port.

Anyway FTP is in clear text for all parts, username, password and contents.

I would suggest using an SFTP server (from Putty or Openssh) and then you only need one port opening (port 22) and everything is encrypted.

Links using HTTP will use port 80 and will not use FTP protocol, hence it is the same as a web page only quite a bit larger ... 8-)

I'd steer clear of FTP unless you are happy to work out the issues which are many and random. It's an old and quirky protocol, it was designed long before firewalls were ever thought of ...

agree.. FTP is an old protocol and has not evolved much since its inception, but it has not really needed to, since it serves it purpose quite well and efficiently also. Okay, often there are minor issues to be worked out to get your firewall setup and your modem/routers NAT configured correctly. Even issues with dynamic IP (solved using a DynDNS service). But, you will have similar issues using other services also. Take the latest generation of file sharing protocol WebDAV, far more complex to setup, yet you don't get that many more extra, when you are just looking for simple file sharing/transfer features.

/Peter

Good point about FTP being old and not initially intended for firewalls. I hadn't really dug into the inner workings of FTP (at least not for a long time). As far as ports and NATs go, here is my setup: the internet connection is ADSL over a phone line that hooks to the modem swisscom provided me for free. THe modem should be in bridging mode and the ACLs on it are "any, any" or allow everything. Next I've alternated between testing with my linksys router and port forwarding, the router with my computer in the DMZ, or my computer directly hooked to the ethernet port of the modem. In all cases, no incomming connections can be properly established.

In the end, I'm just trying to transfer a file, but I figured FTP would also work for port testing. I also did a few tests with a TFTP server, but got strange results and need to test that a little further.

I'll probably try another factory reset on the modem and hook my pc directly to it, bypassing the router to see if I get any further. The FTP program I use allows you to set what ports it will use for connection creation and what range for data transfer. I've tried some well known ports under 1024, random ones around 4000 and some others around 50000.

The other strange thing with the modem is that from the web interface I can only view and change settings until the modem trains up and gets the firmware image from Swisscom. After that, if I want to change settings I have to telnet into the modem. I've confirmed that by issuing a "write mem" command to the modem, it will save my changes even after reboot and receiving the Swisscom firmware.

Unfortunately, I don't have another PC here handy to test with (could be something stupid), but I should shortly.

Can anyone think of what else other than my modem or Swisscom themselves that could be blocking incomming connections?

Can anybody recommend a better modem?

I have a pile of devices (PCs, Macs, SlingBox, various servers, etc.) connected to Swisscom ADSL via Netgear DG834G router/modems and have never had any problems.

I use both Ipswitch WS_FTP Professional and the Windows XP command line FTP client without problems. I also have half a dozen other Netgear DG834G router/modems spread around various relatives and ISPs in CH, UK and BE and they all operate without problem. I have run VPN and point to point connections using custom ports and have not experienced any port blocking on Swisscom.

You can pick up a DG834G in Interdiscount or Office World for under CHF 100. Product details on amazon: http://www.amazon.co.uk/Netgear-DG83.../dp/B0000TZ8Z8

General tips for router/modem nivarna based on painful experience:
- Change the default administrator and wireless passwords before you connect it to the ADSL network
- Write these new passwords on a label on top of the router so if you need to change something in 6 months time you know what they are
- Check if there is a new firmware version once a quarter and install it if there is
- If you don't ever want to have to manually reset the router/modem due to random power/ADSL/firmware glitches (particularly if it is a plane ride away), put the router/modem on a mechanical (not battery powered) timer set up to reset it once a day at 0100 or some other (in)convenient ungodly hour (e.g. http://www.amazon.co.uk/Skytronic-MS...1940932&sr=8-5)

your Router has a firewall, this gives you more security by refusing connections from the outside world, unless you decide other wise.

to open certain Ports, you need to open those ports through some options in the expert mode.

look for something called NAT , loop holes or IP-pass-through , it really depends on the router vendor.

Swisscom don't block incoming ports but the ADSL service *can be* flaky sometimes, and there are strange thinks going on in their network that even they can't explain sometimes (trust me on this one )

Personally I always used cablecom for hispeed internet and apart from resetting the cable modem every few weeks it only let me down once or twice in 2 years. I would say it is more reliable but that is only my opinion. The modem that comes with cablecom is OK. For ADSL/VDSL the one you get with the package (Netopia or Motorola) is pretty good these days.

__________________
Life's what you make it, so let's make it better

Agree with the Swisscom network being flaky at times.

Does anyone know if Swisscom block outbound ports, specifically port 25 for smtp?

Anyone got a mail exchange to work with having to resort to outbound or relay services?

There is also the issue of reverse dns.

I cannot get fixed IP as I have bluewin TV so that is a no go!

Also the mail relay and mail outbound supplied by dyndns seems to be a bit limited.