DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2008-03-28 08:50:59
- uppsju
- Member
- Registered: 2007-12-14
- Posts: 18
Problems using FTP from internet
Hi,
I have the DNS-323 on my home network behind a Linksys 54GL router.
I've set up a forwarding port (TCP) from internet to be directed towards port 21 for the internal IP address for my DNS-323.
The gateway for the ftpserver is set the same as my router: 192.168.1.1
From the home network it works fine.
From the internet I get to the login screen and can login, but the connection times out at the LIST command. That is, it never sends back the information about the initial folder the user has access to.
I see from the ftp client log that active mode fails, and that it automatically switches to passive mode. I'm guessing this is the issue.
Do I need to specify a port for outgoing data for the DNS-323? Or put the DNS-323 in the DMZ?
Thanks for ideas and replies.
Last edited by uppsju (2008-03-28 08:52:10)
Offline
#2 2008-03-28 11:25:32
- SweMart
- Member
- From: Stockholm, Sweden
- Registered: 2008-03-18
- Posts: 14
Re: Problems using FTP from internet
The built in FTP is not "NAT aware", thats a poblem when connecting from the Internet. I think you have two options:
a) Place your NAS in a DMZ with a proper public IP
b) Install another FTP daemon thatis NAT aware
I've compiled proftpd which is NAT aware for the DNS, I'm gonna try to create funpkg package during the day if I get time. proftpd aso supports TLS/SSL enabled transfers.
Offline
#3 2008-03-28 14:13:48
- fordem
- Member
- Registered: 2007-01-26
- Posts: 1938
Re: Problems using FTP from internet
SweMart wrote:
The built in FTP is not "NAT aware", thats a poblem when connecting from the Internet. I think you have two options:
a) Place your NAS in a DMZ with a proper public IP
b) Install another FTP daemon thatis NAT aware
I've compiled proftpd which is NAT aware for the DNS, I'm gonna try to create funpkg package during the day if I get time. proftpd aso supports TLS/SSL enabled transfers.
I don't agree - I have used my DNS-323 with the "native" ftp server, across the internet, behind a NAT firewall and with a single port (21) forwarded. The ftp client was the "built-in" ftp client in Windows Small Business Server 2003 and used from the command prompt.
What is happening here is the firewall at the client end does not know how to deal with ftp - it is not associating the incoming data stream with the outgoing requests and as a result, sees the incoming stream as being initiated from the outside and discards it. Just as an example - a Cisco SOHO71 or SOHO91 at the client end will handle this "transaction" flawlessly.
Purely for verification purposes - try putting the client in the DMZ or with a proper public ip
Last edited by fordem (2008-03-28 14:21:34)
Offline
#4 2008-03-28 14:23:10
- bq041
- Member
- From: USA
- Registered: 2008-03-19
- Posts: 709
Re: Problems using FTP from internet
Try forwarding another port like internet 22 to LAN 21. My ISP blocks traffic on common server ports and I had the same issue you do. Since I switched to using port 22, I have had no problems.
DNS-323 F/W: 1.04b84 H/W: A1 ffp: 0.5 Drives: 2X 400 GB Seagate SATA-300
DNS-323 F/W: 1.05b28 H/W: B1 ffp: 0.5 Drives: 2X 1 TB WD SATA-300
DSM-G600 F/W: 1.02 H/W: B Drive: 500 GB WD ATA
Offline
#5 2008-03-28 15:23:37
- HaydnH
- Member
- Registered: 2007-09-28
- Posts: 187
Re: Problems using FTP from internet
FTP from the internet? You know ftp usernames & passwords are sent in clear text and understand the security implications right? Now where's my snoop command gone ;P
http://www.wu-ftpd.org/rfc/rfc2577.html
Offline
#6 2008-03-28 15:26:44
- bq041
- Member
- From: USA
- Registered: 2008-03-19
- Posts: 709
Re: Problems using FTP from internet
Yes, I do. I use mine for my service people to get programs from. I only turn it on for them when they need it and I give them a 30 minute window before I remove their login.
DNS-323 F/W: 1.04b84 H/W: A1 ffp: 0.5 Drives: 2X 400 GB Seagate SATA-300
DNS-323 F/W: 1.05b28 H/W: B1 ffp: 0.5 Drives: 2X 1 TB WD SATA-300
DSM-G600 F/W: 1.02 H/W: B Drive: 500 GB WD ATA
Offline
#7 2008-04-01 08:18:11
- uppsju
- Member
- Registered: 2007-12-14
- Posts: 18
Re: Problems using FTP from internet
Hmm,
just got to test ftp again, now that my dns-323 was placed in the DMZ.
Still no go using passive mode.
Active mode fails too, with the message:
Response: 500 I won't open a connection to x.xxx.xx.xxx (only to xxx.xxx.xx.xx)
I'm starting to think that fordem is right, it is at the client end. Will have to test from several networks to check.
But if it appears that I cannot connect to my dns-323 by ftp from any outside network, any ideas what should I check next?
Thanks
Offline
#8 2008-04-01 11:36:06
- andrey
- Member
- Registered: 2008-03-22
- Posts: 34
Re: Problems using FTP from internet
I had exactly the same problem when I initially enabled FTP. In my case, my router D-Link DGL-4500 was blocking certain packets. Specifically, it had SPI (stateful packet inspection) enabled for the firewall. I believe most of newer routers have something similar enabled by default as well.
So, to troubleshoot your issue, I would suggest turning off *all* firewall features on your Linksys router. If that works, than enable firewall one item at a time to see which one is breaking FTP listings. But my guess is that it would be some type of packet inspection filter or feature.
-- Andrey
Last edited by andrey (2008-04-01 11:36:53)
Offline
#9 2008-04-01 14:52:54
- fordem
- Member
- Registered: 2007-01-26
- Posts: 1938
Re: Problems using FTP from internet
uppsju wrote:
But if it appears that I cannot connect to my dns-323 by ftp from any outside network, any ideas what should I check next?
Thanks
Talk to your ISP - some terms of service specifically forbid hosting of servers and the ISP may enforce these terms by blocking the "well known" ports numbers associated with certain services - just as an example, my ISP blocks incoming connections on ports 80, 81, 800 & 8080 - which are all commonly used for web hosting.
Offline
#10 2008-10-06 19:52:10
- Indra
- Member
- From: Thailand/Indonesia
- Registered: 2008-10-05
- Posts: 11
Re: Problems using FTP from internet
Hi fordem,
How I can be sure that the problem is "my ISP is blocking certain port"?
I am in Thailand, and usually when I ask the ISP, they will say that there is no problem until I can prove that they do really have problem.
Offline
#11 2008-10-06 22:15:13
- fordem
- Member
- Registered: 2007-01-26
- Posts: 1938
Re: Problems using FTP from internet
Try putting the NAS in the DMZ.
Offline
#12 2008-10-07 07:32:29
- Indra
- Member
- From: Thailand/Indonesia
- Registered: 2008-10-05
- Posts: 11
Re: Problems using FTP from internet
fordem wrote:
Try putting the NAS in the DMZ.
Yes, I have done it but no luck so far 
Please see my complete explanation here: http://dns323.kood.org/forum/p21223-Yes … tml#p21223
Offline