Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[barf]

Have two DNS-323s funning f/w v1.09 on both.

Have first FTP on port 21 and second using port 2121.

Have port forwarded these ports on my router (running dd-wrt), can only access the first one on port 21.  Well not entirely true, I see access to the one on 2121, but I cannot get directory listing and then it times out.  Tried using Filezilla, CoreFTP and even command line FTP.

Have tried active, passive, report external IP in passive mode etc, but still no luck.

Anyone have any suggestions or success in with similar setup?

TIA

[ivan]

Are you saying that you have activated the FTP server on each and are trying to use an FTP client to see each one?  If so then just leave each at the default port (21) and you will have access from your client either by name or IP address - at least that is how I work here.

[barf]

Yes, I have the FTP server running on each one at home and trying to access remotely from an FTP client at work.

First of all, I am not too familiar with FTP, so forgive me if I ask some basic questions.  Just learning as I go.

I only have one external IP address available to my home.  I am running dd-wrt on my router and thought I had to direct FTP to either the NAS1 (192.168.1.100) running FTP1 (port 21) or to NAS2 (192.168.1.200) running FTP2 (port 2121).

I am able to connect to NAS1, but when I try NAS2, I get this:

Status:   Connection established, waiting for welcome message...
Response:   220---------- Welcome to Pure-FTPd [TLS] ----------
Response:   220-You are user number 1 of 10 allowed.
Response:   220-Local time is now 08:42. Server port: 2121.
Response:   220-This server supports FXP transfers
Response:   220 You will be disconnected after 2 minutes of inactivity.
Command:   USER xxxxx
Response:   331 User xxxxx OK. Password required
Command:   PASS ***********
Response:   230 OK. Current restricted directory is /
Status:   Connected
Status:   Retrieving directory listing...
Command:   PWD
Response:   257 "/" is your current location
Command:   TYPE I
Response:   200 TYPE is now 8-bit binary
Command:   PASV
Response:   227 Entering Passive Mode (xx,xx,xx,xx,220,226)
Command:   MLSD
Error:   Directory listing aborted by user
Error:   Connection closed by server

Are you saying to port forward 21 to both NAS1 and NAS2 in my router?  Is there a way to FTP to my external IP and also specify an internal IP (192.168.1.100 or 192.168.1.200)?

[fordem]

PASV
Response:   227 Entering Passive Mode (xx,xx,xx,xx,220,226)
Command:   MLSD
Error:   Directory listing aborted by user
Error:   Connection closed by server

Are you configured for PASV ftp?

[OlegMZ]

It looks like DD-WRT does not have capability to detect FTP on non-standard ports (TCP/2121)
In case of passive FTP both connections are initiated by the client:
a) control connection to the server on port TCP/21 (or custom port you use)
b) DATA connection on port, specified by the server during initial control exchange (inside packets payload)

If you router is capable to inspect FTP exchange packets on both standard and customized port numbers it will look inside the control packets exchange and open appropriate ports. If not, you would have to use it manually as follows:

1) Go to 2nd DNS FTP config and specify range of ports for Passive mode, DIFFERENT from your 1st DNS.
2) Memorize these ports and non-standard port you used for FTP. You do not have to change contol FTP port on 2nd DNS actually. You may do this just by port forwarding
3) Go to DD-WRT NAT settings and make sure proper port forwarding extsts PublicIP:TCP2121 -> DNS2IP:TCP21
4) Go to Port Trigger settings and specify that for port TCP 2121 you want to open a range of ports you specified  in DNS2 for Passive mode.

The idea is then the router sees traffic on you port 2121 it will dynamically open proper port range for DATA traffic. The solution is not technically perfect, but works for SOHO implementations and is available of most home routers.

Here is how FTP works if you are still interested:
http://slacksite.com/other/ftp.html

[barf]

Thanks OlegMZ.

Got it working .... you are right that something didn't like non-standard ports for FTP.

I was port forwarding ExternalIP2121 to InternalIP2121.  When I changed it to External2121 to Internal21 it worked.

Thanks for all who tried to help me.

[OlegMZ]

Interesting... You mean that you just changed internal (reall) port on 2nd DNS to a standard one and adjusted port forwarding? That's it? Nothing else? No trigger ports or shifted DATA pprts for Passive mode?
Did you try to connect to both FTP at the same time and transfer data from/to them?
I am just curious how smart DD-WRT in this case. If internal DATA ports are the same at both FTP servers, then DD-WRT should change dynamic translations to use different ports at WAN side for data something like this:

DNS1IP:55536 -> RTRWANIP:55536
DNS2IP:55536 -> RTRWANIP:55556

But for this to work D-WRT should also MODIFY Control packets payload data from DNS2 to FTP client to change advertized port 55536 to public (changed) port 55556.
Otherwise FTP client would send packet to real port 55536, which... would forward this data to DNS1 instead of DNS2! And this connection will be dropped because different TCP flags, sequence numbers etc.
It DD-WRT  can do it I would be impressed.
 

[barf]

Yes, just changed port forwarding in dd-wrt.

I can access both servers independently.  I never tried to access both at the same time.  I don't know how to access two remote sites simultaneously.

I am experimenting with security and found I had to enable "report external IP in passive mode" and also forward the passive ports 55536-55663 to ftp1.  I am using a different passive port range forwarded to ftp2.  I am then using "Require explicit FTP over TLS" as my encryption.

Works using both Filezilla and Core FTP lite.  I have to select "Auth SSL" in Core FTP lite.

Don't know if I am doing the right thing, but it seems to work.....still learning as I go.

[barf]

Update: I ticked off the box that says "Allow SSL/TLS connection only" in the FTP server and it works great.  Now anyone trying to access my server MUST use encryption. Ha!

Filezilla works great .... just use the latest version.

Was using older version of Core FTP lite and while it could connect using encryption, it froze when I tried to change to a subfolder.  Downloaded latest version 2.2 and must use "AUTH TLS" and unselect SSL Listings and SSL Transfers.  Now works well with that program too.

I am able to connect to both FTP servers simultaneously, but don't know how to copy between servers.  I can connect to FTP1 using Core FTP and connect to FTP2 using Filezilla.  I have active transfers going on both servers simultaneously so dd-wrt is port forwarding correctly.

I don't have and don't know of a program where I can connect to two servers at the same.

[D-Link Multimedia]

FlashFXP

[barf]

Okay, just tried FlashFXP and can transfer back and forth between the two FTP servers using secure transfer.  I'm doing this remotely, so it's pretty cool that this works .... I'm happy.

I guess I can do organizing and maintenance transfers between the two servers while I am away from home now

[D-Link Multimedia]

Yeah its great software for remote (and local copies). Thats my preferred method for duplicating files across nas's here at the office. Usually gets better speeds than the built in local backup. You can also use ctrl+d inside folders to check for missing folders etc.

[barf]

Don't know what you mean ctrl-d to check for missing folders etc???  I just get "0 object(s) filtered" every time I press ctrl-d.

I do like that I can check disk space used and how much for each folder.

Hmm....FlashFXP is only 30day evaluation software.  Looks like I will be evaluating it more