OUR NETWORK:TiVo Community TechLore Explore3DTV DVRplayground Dijit Community See all... About UsAdvertiseContact Us

More FTP Problems....

 
Learn about scoring Download Discussion's Raw Score: 183398.0
January 1, 2011 02:20 AM
Rating (0 votes)
  • 1
  • 2
  • 3
  • 4
  • 5
Rate This!

Member Avatar

Dart00

Member

Im having more FTP problems, been trying to fix these for 2-3 days now and hope someone can help. They started when I upgraded my firmware to this current version. Internal Access to the FTP server works great! :) But WAN access fails miserable. :( I dont use WAN access that much, but i "do" need it. I dont keep sensitive files on it. For security I run my FTP server on Port 11111. Im having this problem in Filezilla and in Mozilla and IE and anything else I try. :(

I followed this guide: http://www.dd-wrt.com/wiki/index.php/ProFTPd

This address works: ftp://192.168.1.1:11111

Feedback from Filezilla:

Status: Connecting to 192.168.1.1:11111...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.3c Server (DD-WRT) [76.127.74.252]
Command: USER anonymous
Response: 331 Anonymous login ok, send your complete email address as your password
Command: PASS **************
Response: 230 Anonymous access granted, restrictions apply
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Status: Directory listing successful

But thats only for the internal network. Im useing Dynamic DNS (which is set up and working correctly)

This address does NOT work: ftp://synaptic.dyndns-ip.com:11111/

I get this:


Status: Resolving address of synaptic.dyndns-ip.com
Status: Connecting to 76.127.74.252:11111...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.3c Server (DD-WRT) [76.127.74.252]
Command: USER anonymous
Response: 331 Anonymous login ok, send your complete email address as your password
Command: PASS **************
Response: 230 Anonymous access granted, restrictions apply
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (76,127,74,252,235,39).
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing

Not exsactly sure whats going on here....

Here is my GUI configuration: http://img704.imageshack.us/img704/4936/72974308.jpg

Here is my Startup Script:

echo "MasqueradeAddress synaptic.dyndns-ip.com" >> /tmp/proftpd/etc/proftpd.conf 
echo "PassivePorts 60000 61000" >> /tmp/proftpd/etc/proftpd.conf
killall -HUP proftpd

Here is my firewall Script:

/usr/sbin/iptables -I INPUT 1 -p tcp --dport 11111 -j logaccept  
/usr/sbin/iptables -I INPUT -p tcp -m tcp --dport 60000:61000 --syn -j logaccept

Finally here is my config file once the router is fully rebooted:

ServerName      DD-WRT
DefaultAddress  192.168.1.1
ServerType      standalone
DefaultServer   on
AuthUserFile    /tmp/proftpd/etc/passwd
ScoreboardFile  /tmp/proftpd/etc/proftpd.scoreboard
Port            11111
Umask           022
MaxInstances    10
User            root
Group           root
UseReverseDNS   off
IdentLookups    off
RootLogin       on
<Limit SITE_CHMOD>
  DenyAll
</Limit>
DelayEngine     off
WtmpLog         off
DefaultRoot     /mnt
<Directory      /mnt/*>
  AllowOverwrite  on
   <Limit WRITE>
   </Limit>
</Directory>
<Anonymous      /mnt/PublicFTP>
User           ftp
Group          root
UserAlias      anonymous ftp
<Directory *>
  <Limit WRITE>
    DenyAll
  </Limit>
</Directory>
</Anonymous>
MasqueradeAddress synaptic.dyndns-ip.com
PassivePorts 60000 61000

If there is any more information you need, just ask. I really need to get this resolved. 

Discussion:    Add a Comment | Comments 1-6 of 6 | Latest Comment

Kong Avatar
Member
January 1, 2011 5:08 AM

You have to add an iptable rule to open your ftp port from wan side:

http://www.dd-wrt.com/wiki/index.php/ProFTPd_Server

I guess I add this to my todo list to add an option in the webif that allows to set wan access

Generic Member Avatar
Member
  • member since: 10/12/2010
  • rank: 504 of 28504
  • 10 comments
January 1, 2011 2:22 PM updated: January 1, 2011 2:23 PM

I posted my firewall script near the end:


/usr/sbin/iptables -I INPUT 1 -p tcp --dport 11111 -j logaccept 
/usr/sbin/iptables -I INPUT -p tcp -m tcp --dport 60000:61000 --syn -j logaccept

But I changed it to the firewall setup you pointed out in the guide:

wanf=`nvram get wan_iface`
iptables -I INPUT 2 -i $wanf -p tcp  --dport 11111 -j logdrop
iptables -I INPUT 2 -i $wanf -p tcp -m state --state NEW --dport 11111 -m limit --limit 3/minute --limit-burst 2 -j logaccept
iptables -I INPUT -p tcp -m tcp --dport 60000:61000 --syn -j logaccept

(Im running on port 11111 and forwarding my passive ports: 60000-61000 to IP 192.168.1.1, also 22222 is my SSH)

And I still got the same result, it times out at the same time :(

Here is a copy of my IPtables (Iptables -L):

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
logaccept  tcp  --  anywhere             anywhere            tcp dpts:60000:61000 flags:FIN,SYN,RST,ACK/SYN
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
logaccept  tcp  --  anywhere             anywhere            state NEW tcp dpt:11111 limit: avg 3/min burst 2
logdrop    tcp  --  anywhere             anywhere            tcp dpt:11111
DROP       udp  --  anywhere             anywhere            udp dpt:route
DROP       udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route
logaccept  tcp  --  anywhere             Synaptic            tcp dpt:22222
DROP       icmp --  anywhere             anywhere
DROP       igmp --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere            state NEW
logaccept  0    --  anywhere             anywhere            state NEW
DROP       0    --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     gre  --  192.168.1.0/24       anywhere
ACCEPT     tcp  --  192.168.1.0/24       anywhere            tcp dpt:1723
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
lan2wan    0    --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             Synaptic            tcp dpts:60000:61000
ACCEPT     udp  --  anywhere             Synaptic            udp dpts:60000:61000
DROP       tcp  --  anywhere             0.0.0.0             tcp spt:0
DROP       udp  --  anywhere             0.0.0.0             udp dpt:0
TRIGGER    0    --  anywhere             anywhere            TRIGGER type:in match:0 relate:0
trigger_out  0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere            state NEW
DROP       0    --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain advgrp_1 (0 references)
target     prot opt source               destination

Chain advgrp_10 (0 references)
target     prot opt source               destination

Chain advgrp_2 (0 references)
target     prot opt source               destination

Chain advgrp_3 (0 references)
target     prot opt source               destination

Chain advgrp_4 (0 references)
target     prot opt source               destination

Chain advgrp_5 (0 references)
target     prot opt source               destination

Chain advgrp_6 (0 references)
target     prot opt source               destination

Chain advgrp_7 (0 references)
target     prot opt source               destination

Chain advgrp_8 (0 references)
target     prot opt source               destination

Chain advgrp_9 (0 references)
target     prot opt source               destination

Chain grp_1 (0 references)
target     prot opt source               destination

Chain grp_10 (0 references)
target     prot opt source               destination

Chain grp_2 (0 references)
target     prot opt source               destination

Chain grp_3 (0 references)
target     prot opt source               destination

Chain grp_4 (0 references)
target     prot opt source               destination

Chain grp_5 (0 references)
target     prot opt source               destination

Chain grp_6 (0 references)
target     prot opt source               destination

Chain grp_7 (0 references)
target     prot opt source               destination

Chain grp_8 (0 references)
target     prot opt source               destination

Chain grp_9 (0 references)
target     prot opt source               destination

Chain lan2wan (1 references)
target     prot opt source               destination

Chain logaccept (4 references)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere

Chain logdrop (1 references)
target     prot opt source               destination
DROP       0    --  anywhere             anywhere

Chain logreject (0 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            tcp reject-with tcp-reset

Chain trigger_out (1 references)
target     prot opt source               destination

Any more ideas?

Generic Member Avatar
Member
  • member since: 10/12/2010
  • rank: 504 of 28504
  • 10 comments
January 5, 2011 4:49 PM

Still cant get this to work :( Anyone have any more ideas?

Kong Avatar
Member
January 10, 2011 6:21 AM

If you connect to ftp://synaptic.dyndns-ip.com:11111/ are you located outside your own local network, not from a client in your own local network e.g. 192.168.x adress space?

Latest dd-wrt builds disable loopback connections. But loopback would be used if you call the wan adress from your local network.

Generic Member Avatar
Member
  • member since: 02/06/2012
  • rank: 41 of 28504
  • 7 comments
February 14, 2012 11:17 PM

I'm having a weird problem I set the firewall rules everything works perfect and I'm able to access through the internet but if I restart the router the port seems to get block again, apparently the Iptable gets overwritten after rebooting the router. Does anybody know a solution???

Generic Member Avatar
Member
  • member since: 02/24/2012
  • rank: 19 of 28504
  • 46 comments
February 25, 2012 2:22 AM updated: February 25, 2012 2:23 AM

Hi, Aben. Just put a line with the iptables command under Administration / Commands and press Save Startup.

Discussion:    Add a Comment | Back to Top | Comments 1-6 of 6 | Latest Comment

Add Your Reply

(will not be displayed)

Email me when comments are added to this thread

 
 

Please log in or register to participate in this community!

Log In

Remember

Not a member? Sign up!

Did you forget your password?

You can also log in using OpenID.

close this window
close this window