D-Link Forums
The Graveyard - Products No Longer Supported => D-Link Storage => DNS-323 => Topic started by: P01arBear on October 20, 2009, 11:38:06 PM
-
Hey,
I hope this gets to D-Link's staff.
On the DNS-323's ftp panel settings;
(http://moe.mabul.org/up/moe/2009/10/21/img-083546ab7ij.png)
PLEASE ADD A FUNCTION SO THE DNS CAN AUTO-UPDATE THE EXTERNAL IP REPORT ITSELF.
For us passive mode users, this is a need!
If I'm at work or out of the city and need to log into my ftp but my ISP changes my IP during the day (since it's not static), then I won't be able to access it (well yes, but it will reject me). The hole point of FTP is being able to access it from outside the network, making it impossible to update manualy the IP if we aren't inside the network.
This function would make the DNS totaly independant and reliable in passive mode.
I have alot of people that require constant access to my DNS, if my external IP changes while I'm not at home then they won't be able to access it for hours until I get back and type in my new external IP myself.
I'm pretty sure you guys can handle this new feature! If you could release this as a quick fix on a 1.08b06 FW I'd be really thankful.
Thanks
-
I use DynDNS to resolve this issue, if my IP changed, DynDNS will update the IP address automatically for you. With firmware 1.07, you can do it directly. With Beta 1.08 I am not sure, since I don't have it installed.
-
DynDNS isn't for the same utility. DynDNS is just a forward towards your IP.
This is a passive IP issue that can only be solved by the DNS-323 updating itself the external IP it sends back when it ftp activity.
Read this thread to understand why the feature I ask is so important;
http://forums.dlink.com/index.php?topic=8794.0
Foredem explains it well at his last replies.
When passive ftp is being used, the ftp server will tell the ftp client to make a data connection and it will specify an ip address and a port on which the connection is to be made - and if the ftp server is not configured correctly it will specify it's private ip address, which is what you are experiencing here..
Look at the image shown above, it needs to have an IP put in manualy to report in passive. That is the problem; it should be able to get it (your external IP) itself to be independant even when outside of your home.
Just adding a function that would configure it to fetch your IP every ½h, 1h or week as the user would wish and stick it to the passive IP report.
If possible, could a tech just pass by and say they have taken this into consideration.
Thanks
-
UP. :-X
-
It works just fine with DNS-323, DIR-655 (FW1.32) and passive FTP.
Without this setting, I never needed it with any of my NAS.
Connect to: (22.10.2009 19:05:27)
hostname=lizzi556.dyndns.org:40
username=anonymous
startdir=
lizzi556.dyndns.org=188.192.196.189
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 1 of 10 allowed.
220-Local time is now 19:05. Server port: 21.
220-This server supports FXP transfers
220 You will be disconnected after 2 minutes of inactivity.
USER anonymous
230 Anonymous user logged in
SYST
215 UNIX Type: L8
FEAT
211-Extensions supported:
EPRT
IDLE
MDTM
SIZE
REST STREAM
MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
MLSD
ESTP
PASV
EPSV
SPSV
ESTA
AUTH TLS
PBSZ
PROT
211 End.
OPTS UTF8 ON
500 Unknown command
Connect ok!
PWD
257 "/" is your current location
Get directory
TYPE A
200 TYPE is now ASCII
PASV
227 Entering Passive Mode (188,192,196,189,217,45)
LIST
150 Accepted data connection
Download
Waiting for server...
226-Options: -l
226 2 matches total
I need to use the external port 40 as I already have another ftp on 21 (no D-Link NAS ;D )
Here are my settings:
DNS-323
(http://lizzi555.dyndns.org/PICS_ETC/NAS02FTP.png)
Virtual Server of DIR-655 from external port 40 to internal port 21:
(http://lizzi555.dyndns.org/PICS_ETC/FTPVSERV.png)
and Portforwarding the standard passive ports :
(http://lizzi555.dyndns.org/PICS_ETC/DNSPORTFOR.png)
-
Well, I did try pretty much everything except forwarding the passive ports like you did...And I would try but my DIR-655 router won't stick the rules when I save them. The firmware is bugged and I'm still waiting for an answer;
http://forums.dlink.com/index.php?topic=8872.0
Even then, this function would still be of some use.
-
Resolved the DIR problem, will try what you suggest see how it works in passive.
-
Just gave it a try...It really won't work.
I guess the auto-update is vital for some people. :P
-
I don't really need the passive port forwarding when the router is connected via cable modem or bridged DSL modem, only with a DIR- and my VoIP router as modem I have to forward passive ports.
Perhaps you may want to try some additional Advanced/Firewall settings.
SPI = Off
NAT Endpoint filtering:
UDP=Endpoint Independent
TCP = Address restricted
Advanced/Network:
UPNP= Enabled
I noticed with an older filezilla ftp-client that it refused to connect because of having the internal NAS address in the server reply but this is a long time ago with older firmwares. (Now I'm using Total Commander - it has a good LOG in case of problems).
Btw.: Nothing against your request regarding the auto update, it would be a good idea if it is possible to fill in a DynDNS address instead of an IP address. So the NAS could easily retrieve its actual external address.
-
Perhaps you may want to try some additional Advanced/Firewall settings.
SPI = Off
NAT Endpoint filtering:
UDP=Endpoint Independent
TCP = Address restricted
Advanced/Network:
UPNP= Enabled
Have tried all this before, as done no differance. I doubt this is because of the router. The router doesn't have trouble sending/receving data. It's really the reply that the FTP server returns that makes it possible to use passive.
Read this, he explains it better than me:
Foredem explains it well at his last replies.
When passive ftp is being used, the ftp server will tell the ftp client to make a data connection and it will specify an ip address and a port on which the connection is to be made - and if the ftp server is not configured correctly it will specify it's private ip address, which is what you are experiencing here..
Btw.: Nothing against your request regarding the auto update, it would be a good idea if it is possible to fill in a DynDNS address instead of an IP address. So the NAS could easily retrieve its actual external address.
Well, yes...That all depends on how easy it is for D-Link's staff. But, when you configure it at first it already has your external IP correctly. I just don't understand why it doesn't update itselft periodically after.
-
Yes I know what passive FTP is but the main thing that makes me wonder is that we are using identical hardware with the DNS-323 and DIR-655 but the ftp server gives different responses.
There must be something different in the settings.
That's what I wanted to find out.
-
If you go in IE tools -> options -> advanced and uncheck "Use passive FTP"
Will you still be able to log onto your DNS with your external IP?
Are you sure you are in passive rather than active mode?
-
Yes, the log shows clearly it is passive mode.
Yes I can access with IE in active and in passive mode.
You may try yourself with my address:
ftp://lizzi556.dyndns.org:40/
It is only a testserver but it will run today.
-
If you can access the ftp server WITHOUT using forwarding the passive ports - it points to one of following two things ....
a) you're not using passive ftp.
b) you're testing from within the same LAN - which would explain why, when the ftp server responds with "227 Entering Passive Mode (192,168,0,32,232,174)" or something similar, since you do NOT have the "Report external IP in Passive mode" box checked, the client does not report a "Server sent passive reply with non-routeable address" error.
c) you have some sort of undocumented uPnP
-
If I use standard port 21 it works without forwarding passive ports.
I think the FTP ALG in the DIR recognizes the connection and will pass it through.
As here in my example with port 40 I need to forward the passive ports.
Even from inside my network I receive this answer if I use DynDNS name:
Connect ok!
PWD
257 "/" is your current location
Get directory
TYPE A
200 TYPE is now ASCII
PASV
227 Entering Passive Mode (188,192,196,189,217,45)
LIST
150 Accepted data connection
Download
Waiting for server...
226-Options: -l
226 2 matches total
-
Well, I just logged into that site anonymously and did a dir listing, so can you post the log from my connection? That should answer the question of being outside the network, since I'm pretty sure this NAS isn't on my network! ;D
-
lizzi what version of the firmware are you using? 1.08b05?
I can confirm that your DNS-323 does respond as described, which I find interesting, since - based on the config screens shown - it shouldn't
Oh - I'm the 190.80.x.x entries in your log.
-
For some reason, he is right it does work.
This is what I changed in my current settings since it works;
- Have unchecked report external IP address.
- Have disabled the SPI firewall on router.
- Have changed TCP to address restricted (UDP was already endpoint endependant).
And it works now...
Edit: I have now tried to enable the SPI firewall, and it still works so the problem is not from there.
-
And you guys thought I was imagining things. :D
-
Well, I've located the problem precisely after many tests;
TCP Endpoint Filtering must be set to ADDRESS RESTRICTED.
It's great to have located the problem, but...Since I was using endpoint independant and now changed to address restricted, should this affect any softwares I use? What is the differance?
-
Hihi
But fordem and gunrunnerjohn,
don't know what you tried.
My DNS-323 is on port 40 and did not report anything in the log. (there are only 2 .mp3 files in the dir)
But my Synology on port 21 did :
(http://lizzi555.dyndns.org/PICS_ETC/NAS00.png)
I'm running 1.08b07 but it also worked with 1.07 and 1.08b05
DIR-655 FW 1.32b04
-
I just used Windows FTP to do an anonymous login to an FTP server at the address you provided.
-
With ftp://lizzi556.dyndns.org:40/ (ftp://lizzi556.dyndns.org:40/) you should have seen something like this:
FTP root at lizzi556.dyndns.org
To view this FTP site in Windows Explorer, click Page, and then click Open FTP Site in Windows Explorer.
--------------------------------------------------------------------------------
05/28/2007 12:00 9,267,855 01 Every 1's A Winner (Sexy Remix).mp3
03/28/2001 12:00 3,397,632 Herbert Grönemeyer_Halt Mich (Unplugged).mp3
But forget the log of the DNS, it is nothing..
Up to now there are only few "get" items logged - no IP, no login
-
When I click that link, I go right to IE and see a page with two MP3 files on it. :)
-
Could any of you explain to me what Nat endpoint TCP filtering does? I have a small idea, but would like to understand better. Should this affect any softwares I'm using?
-
difficult to explain in short words...
Well, I've located the problem precisely after many tests;
TCP Endpoint Filtering must be set to ADDRESS RESTRICTED.
It's great to have located the problem, but...Since I was using endpoint independant and now changed to address restricted, should this affect any softwares I use? What is the differance?
address restricted means a connection only from one IP-address to another specific IP address like ftp between 1 server and 1 host per connection. Firewall will check data packets whether destination ip address belongs to this connection
endpoint independed: doesn't matter to which address the dataflow points - firewall should pass through each packet regardless of destination IP (mostly udp connections)
Perhaps the difference between the two protocols helps a bit understanding:
http://en.wikipedia.org/wiki/Transmission_Control_Protocol
http://en.wikipedia.org/wiki/User_Datagram_Protocol
-
Well that's alot of litterature. When I'll have some free time maybe...
Until then, my main usage is for;
Cabos (P2P client)
uTorrent
Xfire (Voice chat)
T4C (A small game that uses only port 11677 but I don't know if it's UDP or TCP)
...MSN/FTP/Surfing web
Think it should affect in any way these programs?
I remember have changing NAT TCP endpoint to independant, I just don't remember for what reason. I think it was to optimise P2P.
-
Think it should affect in any way these programs?
No, don't think so. Never had problems with this setting.
As a TCP connection allways uses fixed addresses, the firewall will only block malformed data packages.
Have fun with your ftp 8)
-
Sorry but wrong.
http://bit.ly/3t7fI3
TCP does not require fixed addresses... FTP uses TCP as everyone knows and TCP is end to end.
Yep
sometimes I'm missing the right words when trying to explain it easier.
I still have to translate my thoughts to english.
Sorry