I have an problem accesing the proftpd content when i choose different port from the default 21.
promblem with proftpd when using different port
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
September 15, 2010 2:11 PM
I just tested a different port and it works as expected.
What port did you use to test?
Did you try to connect from WAN or LAN?
What FTP client did you use?
September 16, 2010 1:00 AM
It doesn't matter what is the port, just must be different from 21. When I'm connecting from LAN i have no problems, but from WAN i can only see the content when it is port 21. When i change the port number and trying to connect, i can enter the user and password but after that i can't see the content. I'm using the web browsers Firefox and IE.
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
September 16, 2010 3:35 AM
Did you add the appropriate port forwarding rule for the port you configured in proftpd?
September 16, 2010 10:06 AM
Yes of course i added the appropriate port. When i type the URL of the ftpd i can type user and password, but after that nothing happens, e.g. when i browse with IE i type the user and pass but after that the browser doesn't load the content.. (it's the same with Firefox)
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
September 16, 2010 1:12 PM
Can you try with a real ftp client like filezilla, it will show you more details when it trys to connect. You can use the portable version of filezilla.
http://portableapps.com/apps/internet/filezilla_portable
If it shows that the authentication was successful make sure you check through telnet or ssh that the drive you specified under proftpd settings (/jffs etc) is mounted and read/writable by anyone.
September 16, 2010 2:37 PM
updated: September 17, 2010 5:22 AM
I just tried the filezilla and here is the details:
I checked the drive and it is mounted. I can access the mounted drive from LAN, but from WAN i can't. When i change the proftpd port to default 21 i can access from LAN and WAN. I'm suspecting the firewall.
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
September 16, 2010 5:08 PM
Just to verify you "only" added a firewall rule in "Administration->Commands" like:
iptables -I INPUT 1 -p tcp --dport 21 -j logaccept
replace 21 with your port.
But from the above output it looks like that the whole authentication worked fine, but the directory listing (MLSD) is not working. Since you said that it is working with port 21 it cannot be a filesystem problem or client firewall problem. I just tested WAN access using port 2000 and it definitely works here.
Did you enable anything special, QOS L7 Filter etc. or do you use any special FW rules?
September 17, 2010 5:29 AM
Yes i've added the rule
here is the iptables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
logaccept tcp -- anywhere anywhere tcp dpt:1000
logaccept tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:1194
ACCEPT udp -- anywhere anywhere udp dpt:1194
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp dpt:route
DROP udp -- anywhere anywhere udp dpt:route
ACCEPT udp -- anywhere anywhere udp dpt:route
logaccept tcp -- anywhere DD-WRT tcp dpt:www
logaccept tcp -- anywhere DD-WRT tcp dpt:ssh
logdrop icmp -- anywhere anywhere
logdrop igmp -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW
logaccept 0 -- anywhere anywhere state NEW
logdrop 0 -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- 192.168.12.0/24 anywhere
ACCEPT gre -- 192.168.11.0/24 anywhere
ACCEPT tcp -- 192.168.11.0/24 anywhere tcp dpt:1723
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
lan2wan 0 -- anywhere anywhere
ACCEPT tcp -- anywhere nb-ent38 tcp dpt:47958
ACCEPT udp -- anywhere nb-ent38 udp dpt:47958
ACCEPT tcp -- anywhere 192.168.12.2 tcp dpt:47959
ACCEPT udp -- anywhere 192.168.12.2 udp dpt:47959
ACCEPT tcp -- anywhere nb-ent38 tcp dpt:34766
ACCEPT udp -- anywhere nb-ent38 udp dpt:34766
ACCEPT tcp -- anywhere nb-ent38 tcp dpt:22921
ACCEPT udp -- anywhere nb-ent38 udp dpt:22921
TRIGGER 0 -- anywhere anywhere TRIGGER type:in match:0 relate:0
trigger_out 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW
logdrop 0 -- anywhere anywhere
The interesting is that if i choose the default 21 port it works fine, but if i change the port as you see in the config port 1000 for example, a can't see the listing for directory. I can authenticate with every port i choose, but i can list the dirextory content only when the port is 21.
Member
- member since: 02/28/2010
- rank: 5 of 28504
- 1 articles authored
- 27 forum threads started
- 1023 comments
September 17, 2010 1:10 PM
There is defintely something wrong with those rules the first line in your INPUT chain basically opens up the firewall completely.
Reset the router and test proftpd again with out playing with the iptable rules.
October 25, 2011 3:17 PM
Normally ftp protocol use 20 and 21 ports Port 21 is to connect etc, and 20 to transfer data. Is possible use another port, but is very complex to work in active mode. In passive mode is easy. However you need specify in your client to use passive mode.
You can find on proftpd documentation.
One tip.
Some providers block 21 port.
If you want use only to personal use, try use openvpn. Then you can connect normally on your private network IP.
Add Your Reply
Sponsored Links
Copyright © 2012
Capable Networks LLC.. All Rights Reserved.
RSS |
Privacy Policy |
Advertise With Us |
Terms of Use |
About Us |
Contact Us |
Site Map
Our Capable Community Network:
DVR playground |
Explore3DTV |
MediaSmart Home |
MotoDash |
My Open Router |
Pogoplugged |
DijitCommunity |
Robo Community |
Sansa Community |
TechLore |
TiVo Community |
TouchSmartDevZone
MyOpenRouter.com is not affiliated with NETGEAR®. NETGEAR is a registered trademark of NETGEAR, Inc. in the United States and/or other countries. Other brand names mentioned herein are for identification purposes only and may be trademarks of their respective holder(s). © 2011 NETGEAR, Inc. All rights reserved.
