cancel
Showing results for 
Search instead for 
Did you mean: 

CISCO DPC3825, cannot access external FTP sites

s4mcd
I Plan to Stick Around

Using any computer or browser behind my Cisco DPC3825 router, any attempt to access an external FTP site (eg ftp://ftp.cisco.com) fails because the server doesn't respond. When using my iPhone on home WiFi using that router, same behaviour. When using my iPhone on Rogers cellular data network, I can access the site. So, it's the router. (I don't have another router involved in my network.)

 

I have spent much time researching this, going through the available settings on the router. I tried port range triggering and port range forwarding (on ports 20 and 21), but no joy. It shouldn't be forwarding since I'm trying to access an external public FTP server, not trying to set an FTP server on my home network.

 

Under Security/Firewall, I see FTP-S is allowed, but I don't see FTP. I also don't see any way to alter this list. Block Anonymous Internet Requests is off. SPI Firewall Protection is Medium (doesn't seem to matter). IPV6 protection is on (doesn't seem to matter). IP Flood and Block Port Scan Detection are both on.

 

Hopefully there's a setting buried somewhere, but I can't find it.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: CISCO DPC3825, cannot access external FTP sites

s4mcd
I Plan to Stick Around

I used TechXpert and they found the problem. "SPI Firewall Protection" was set to "medium". Changing it to "low" restores FTP access, ping and tracert. (I thought I had tried this setting, but I may have bungled it.)

 

I am running BitDefender on all my Windoze computers so I don't think it's a security issue.

 

Thanks for your help. I appreciated not being treated like a dummy. Smiley Happy

View solution in original post

21 REPLIES 21

Re: CISCO DPC3825, cannot access external FTP sites

RogersPrasana
Retired Moderator
Retired Moderator

Hi @s4mcd

 

Thank you for posting on  the Community Forums!

 

You've come to the right place! This sounds like something one of Resident Experts can provide some insight into, @Datalink or @Gdkitty ?

 

 

@RogersPrasana

Re: CISCO DPC3825, cannot access external FTP sites

Datalink
Resident Expert
Resident Expert

Were you able to access FTP sites thru the DPC-3825 previously and now its a no go, or, was this always a problem?  There have been some very recent problems with accessing network addresses, but that was seen as a problem with Google services and Youtube from what I could see.  I believe that is tied to the enabling of IPV6, but by now it should be resolved. That's why I'm wondering if this is a very recent problem that requires attention from the network staff to resolve?



Re: CISCO DPC3825, cannot access external FTP sites

s4mcd
I Plan to Stick Around

I don't know the answer. This is the first time that I have tried to access this site, where they store a lot of their documents in FTP instead of traditional web server. FTP sites often work seemlessly, so it's something I might not have noticed with another site using it. Second, until a couple of weeks ago, the Cisco router was in bridge mode to a D-Link WiFi router. I had been having a lot of trouble with short network outages and tried removing the D-Link. It will be a pain to switch back and forth again, but it does seem like a logical step for troubleshooting.

 

I probably won't get to it today or tomorrow. I'll check here again before proceeding in case another idea comes along.

 

Hmm. I'm pretty sure that the D-Link was the cause of the outage problem, and the Cisco WiFi coverage is inadequate for the house anyway, so I may just buy another router to use with Cisco in bridge mode. We'll see. I will report back.

Re: CISCO DPC3825, cannot access external FTP sites

Datalink
Resident Expert
Resident Expert

1.  What model of D-Link router are you using?

 

2.  Are you connecting via ethernet or wifi?

 

3.  Can you run a test via ethernet and let me know if that works.  I would say, run the modem in Bridge mode with the D-Link router running in full router mode, then, connect to the D-Link via ethernet.  This is for the purpose of testing FTP connectivity while taking wifi out of the loop. 

 

If you are considering a new router, buy one with external antenna and gigabit WAN and LAN ports.  My personal preference is for Asus and Netgear routers for their firmware updates and for the ability to run third party firmware.  Having said that, Asus just locked down their firmware, you can't load previous versions and third party firmware is temporarily locked out of loading.  That is due to the US FCC deciding to lockdown the router frequency control to prevent interference with services such as Doppler Weather Radar.  This is an issue for all router manufacturers and they are just now getting a grip on that decision.  Asus has indicated it will clear third party firmware for loading, but no timelines are given.

 

Here is some food for thought. Load inSSIDer on your laptop, which is a wifi monitoring application. When loaded on a dual band laptop, inSSIDer will monitor both 2.4 and 5 Ghz networks that can be detected by your laptop. Have a look to see what you're competing with in both bands. In a suburban area, the 2.4 Ghz band is usually pretty crowded and tough to work in.  Usually the 5 Ghz band is less crowded and easier to find a clear channel. After you have a look at the display, you might be able to determine if there is any 2.4 Ghz channel that is clear enough that it might work with the present modem. Never know unless you have a look, using something such as inSSIDer. The program link below is for the last freebie version. A new version is out now that will handle 802.11ac networks in the 5 Ghz band, and which will work on a 802.11n laptop. The new version will read the broadcast management frames and display the 802.11ac networks that are running in the 5 Ghz band. Its worth the $20 U.S. to buy, so that you can see all of the networks that are nearby.

 

http://www.techspot.com/downloads/5936-inssider.html

 

What you want to see on the graphical display is that your network is the highest network shown, which indicates that it has the highest received power of all the received networks. Generally you want somewhere in the neighborhood of 40 to 45 dBmW separation between your network and any other network that is on the same or overlapping channel. So, while your network should be the tallest on the display, everything else should be well below yours. When that power level separation decreases, you end up with interference and possibly with problems maintaining a wifi network. Your only option is to change to a channel with less overlap from the competition. By looking at that display you might conclude that the 2.4 Ghz band is hopeless and that its time to move up to the 5 Ghz band, if you can. If you have devices already running in the 5 Ghz band, look at channels 149 and higher. If you can switch to any of those channels, do so, as the output power for those channels is higher, resulting in better signal levels, signal to noise ratios and data rates.

 

What you can do is take a screenshot of the inSSIDer display, dump it into something like Microsoft paint and wipe out your MAC address from the text and display area and then save it. Insert it into a post so I can have a look at it if you need help with the interpretation. With the info provided by the inSSIDer display it will be easier to determine what the problem might be.

 

So, before you decide to go router shopping, have a look at your wifi environment and see if that is contributing to the issue.  An ethernet test will also help determine if this is partly a wifi issue or if its an FTP issue, or possibly a network addressing issue brought about by the implementation of IPV6 recently by Rogers.  Don't rule anything out at this point just yet.



Re: CISCO DPC3825, cannot access external FTP sites

s4mcd
I Plan to Stick Around

Wow, that's a lot to consider.

 

Currently, I am not using the D-Link (DIR-655) router at all. The primary computer that I am using is connected by Ethernet cable to the Cisco DPC3825 router. The inability to access FTP sites occurs on both this Ethernet-connected computer and on WiFi-connected devices, including iPad and iPhone (both latest iOS9). The iPhone on WiFi cannot access FTP, but disabling WiFi and using cellular data, it can access FTP. All of this points squarely at the Cisco DPC3825.

 

On this Ethernet-connected computer, the Internet outage issue has not arisen since I took the D-Link router out. Short outages continue to affect Skype and streaming on my WiFi iPad, though proximity is an issue: the Cisco router is in the most remote corner of the house, where the cable comes in. The iOS signal-strength indicator often shows low strength. That's why I had another router closer to the main usage areas and am likely to get another one anyway. As part of troubleshooting the WiFi issue, I will try some of the steps you provided for WiFi. Thanks.

Re: CISCO DPC3825, cannot access external FTP sites

Datalink
Resident Expert
Resident Expert

@s4mcd, I haven't forgotten about your FTP situation, just to let you know.  I'm wondering about the DPC-3825 and any IPV6 issues that might cause FTP to fail considering the very recent enabling of IPV6 across the network.  I don't have any answer to that but I will ask the question. 

 

Just to note, that DIR-655 is an old router.  I have an A or B model sitting in a box somewhere.  If D-Link did not update the firmware rules, all of the models A, B, and C will be operating under 802.11 draft N rules, which is very old and no longer meets the official N rules.  

 

The real concern is the fact that there hasn't been any updates since Dec 2014, which is a long time to go considering the security issues that have come up over the last to to three years.  I hate to say it, and am very loath to tell anyone to spend any money, but, its probably time to park that router.  Unfortunately that is one of few D-Link routers that isn't supported by DD-WRT.  Too bad, otherwise you could keep using it.



Re: CISCO DPC3825, cannot access external FTP sites

@s4mcd can you try accessing any other FTP sites that you would normally use, just to see if its all FTP sites that you are locked out of, or just the Cisco site.  I was able to access the Cicso FTP site using Firefox, navigate around, read the text files, etc, etc.  There have been network routing issues recently so I've asked the question if that might be an issue here.  I might need more info from you, and if so will let you know.



Re: CISCO DPC3825, cannot access external FTP sites

s4mcd
I Plan to Stick Around

Thank you for the advice on the D-Link. Replacement is planned. That would solve the FTP problem assuming the new router doesn't have the same issue and the Cisco router's bridge mode doesn't block anything.

 

With the Cisco router, I cannot access any FTP sites. As test sites, I tried ftp.sap.com, ftp.cisco.com, ftp.avidyne.com. All are accessible via Rogers cellular data, none are accessible on my network behind the Cisco router, whether using Ethernet or WiFi.

Re: CISCO DPC3825, cannot access external FTP sites

Datalink
Resident Expert
Resident Expert

IPV6 shouldn't enter into the picture as the DPC-3825 is not enabled for IPV6 operation, so you will be running the traditional IPV4 addressing.  

 

Are you using an FTP application to run FTP links, and, what are you using for your DNS, Rogers, or another DNS?



Re: CISCO DPC3825, cannot access external FTP sites

s4mcd
I Plan to Stick Around
I should check for firmware updates for the Cisco DPC3825, but I cannot see any options within the router admin site.

Re: CISCO DPC3825, cannot access external FTP sites

Datalink
Resident Expert
Resident Expert

The updates are all done thru the CMTS.  The end user can't force updates at all.

 

1.   Are you using an FTP application or web browser to access the sites?

2.  What DNS are you using, Rogers as a default, or other DNS?

3.  Any chance of a firewall change or maybe an antivirus program with embedded firewall has updated

     causing a change in the firewall rules?



Re: CISCO DPC3825, cannot access external FTP sites

s4mcd
I Plan to Stick Around

Sorry, I replied to your questions but it failed to post due to some invalid HTML presumably caused by pasting the DNS settings. I just noticed. Here's the rewrite with some updates.

  1. I went to a store with customer WiFi and verified that I could access FTP sites via their WiFi and via Rogers cellular.
  2. For testing purposes, I have used ftp.sap.com, ftp.cisco.com, and ftp.avidyne.com. All are blocked while using home WiFi or Ethernet via Cisco router. All are accessible via Rogers cellular network (and store WiFi).
  3. I am using web browsers to access the FTP sites: Safari on IOS 9.3.2 via WiFi and Rogers cellular, Chrome on Windows 10 via Ethernet, Edge on Windows 10 via Ethernet. All exhibit the behaviour that they cannot access FTP if they are going through the Cisco router.
  4. I am running BitDefender Total Security 2016 on the Windows 10 computer. Windows Firewall says its settings are being managed by BD. WF doesn't show FTP as a separate Inbound/Outbound rule so I can't determine its status there. BD shows that FTP-S is allowed, says nothing about FTP, provides no mechanisms for changing ports. It shouldn't matter because my iOS devices are not going via BD and they exhibit the same problem only behind this router.
  5. I am unaware of how to change DNS on Cisco router, so I presume it's Rogers. The router reports these values: Default Gateway 99.255.54.1, DNS IPv4 1: 64.71.255.204, DNS IPv4 2: 64.71.255.198.

Re: CISCO DPC3825, cannot access external FTP sites

Gdkitty
Resident Expert
Resident Expert

I am using the google DNS at home, and was able to connect..
BUT i am using a different modem.

When i am home tonight, i will see if i can hop on my wifes machine, to test the regular rogers DNS servers (which your running) to see if its blocked.

 

Beyond that.. all i can see is that yes, its somehow some setting/firmware on the modem doing it?

Re: CISCO DPC3825, cannot access external FTP sites

Datalink
Resident Expert
Resident Expert

@s4mcd, can you run a ping test and trace to ftp.cisco.com.  Here's the results from west Ottawa:

 

C:\Users\test>ping ftp.cisco.com

 

Pinging ftp.cisco.com [72.163.7.54] with 32 bytes of data:
Reply from 72.163.7.54: bytes=32 time=75ms TTL=239
Reply from 72.163.7.54: bytes=32 time=78ms TTL=239
Reply from 72.163.7.54: bytes=32 time=75ms TTL=239
Reply from 72.163.7.54: bytes=32 time=72ms TTL=239

 

Ping statistics for 72.163.7.54:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 72ms, Maximum = 78ms, Average = 75ms

 

C:\Users\test>tracert ftp.cisco.com

 

Tracing route to ftp.cisco.com [72.163.7.54]
over a maximum of 30 hops:

 

1   <1 ms  <1 ms <1 ms   10.0.0.1
2   95 ms   44 ms 47 ms   99.239.32.1
3   18 ms   18 ms 27 ms   67.231.221.77
4   20 ms   15 ms 15 ms    van58-9-231-77.dynamic.rogerstelecom.net [209.148.231.77]
5   19 ms   23 ms 41 ms    van58-9-229-229.dynamic.rogerstelecom.net [209.148.229.229]
6   28 ms   18 ms 19 ms    van58-9-230-205.dynamic.rogerstelecom.net [209.148.230.205]
7   32 ms   36 ms 41 ms    van58-9-229-138.dynamic.rogerstelecom.net [209.148.229.138]
8   40 ms   36 ms 43 ms    64.124.128.193
9   39 ms   36 ms 34 ms    0.ae15.BR2.NYC4.ALTER.NET [204.255.169.1]
10  * * * Request timed out.
11 72 ms   74 ms 74 ms    cisco-gw.customer.alter.net [157.130.134.190]
12 61 ms   59 ms 69 ms    rcdn9-cd1-dmzbb-gw1-ten2-1.cisco.com [72.163.0.9]
13 72 ms   77 ms 78 ms    rcdn9-cd2-dmzdcc-gw2-por1.cisco.com [72.163.0.182]
14 76 ms 110 ms 75 ms    rcdn9-16b-dcz05n-gw2-por2.cisco.com [72.163.2.110]
15 82 ms   73 ms 89 ms    download1.cisco.com [72.163.7.54]

 

Trace complete.

 

I'd like to see if you can reach the end server on the ping test, and if the trace doesn't complete to the end server.  If it stops at some point that would or, should point to a problem in the network addressing.



Re: CISCO DPC3825, cannot access external FTP sites

s4mcd
I Plan to Stick Around

On Windows 10 (on Ethernet), both ping and tracert return "Request timed out". I tried an older Win7 computer too (on WiFi), same results.

 

>> ping ftp.cisco.com

Pinging ftp.cisco.com [173.37.146.11] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 173.37.146.11:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

>> tracert ftp.cisco.com

Tracing route to ftp.cisco.com [173.37.146.11]
over a maximum of 30 hops:

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.

Re: CISCO DPC3825, cannot access external FTP sites

Datalink
Resident Expert
Resident Expert

Ok, thats rather interesting.  Its not even passing thru the modem.  Can you try the following:

 

1.  Run a trace to google.ca and see if it fails to run again:

2.  Ping the modem.  I'm assuming that you're using the standard 192.168.0.1 as the modem gateway address, so, ping 192.168.0.1 and post those results as well, just to see what the modem does.



Re: CISCO DPC3825, cannot access external FTP sites

s4mcd
I Plan to Stick Around

ping and tracert to google.ca both time out.

 

>> ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64

Ping statistics for 192.168.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

 

 

Re: CISCO DPC3825, cannot access external FTP sites

Datalink
Resident Expert
Resident Expert

Ok, ping commands are making it out of the computers, to and from the modem, but no beyond the modem.  Looks like there must be a protocol or permissions issue with the modem.  FTP, Ping, and Traces don't function thru the modem, which are basic functions for any modem.  I would call tech support and see if there is an Enable/Disable switch that has to be enabled in order for those functions to operate.  You know that the Ping command is working and that the modem will respond to the ping, and that ftp works outside the home, so the response can't be "its your equipment".  Let us know what Tech Support indicates.  



Re: CISCO DPC3825, cannot access external FTP sites

s4mcd
I Plan to Stick Around

I used TechXpert and they found the problem. "SPI Firewall Protection" was set to "medium". Changing it to "low" restores FTP access, ping and tracert. (I thought I had tried this setting, but I may have bungled it.)

 

I am running BitDefender on all my Windoze computers so I don't think it's a security issue.

 

Thanks for your help. I appreciated not being treated like a dummy. Smiley Happy

Re: CISCO DPC3825, cannot access external FTP sites

Datalink
Resident Expert
Resident Expert

Ugh, I should have thought of that.  I hope that Techxpert is included in your internet package.  If not, that's a pretty high cost for a switch setting, sorry 😞



Topic Stats
  • 21 replies
  • 2874 views
  • 2 Likes
  • 4 in conversation