Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Dean]

Okay, my problem seems to be the same as others posted here (unable to connect remotely), but for some reason none of the solutions listed work for me. I can connect locally but not over the web. I've tried active only, passive only as well as auto. I've had multiple people try to get in using different ftp programs, all failed. I'm pretty much at the end of my patience, so here I am hoping someone has the magic bullet for my problems:

DNS 323 v1.06:

Idle Time:2
Port:1026
Flow Control:unlimited
Server is running
User goes to Volume_1 root with r/w authority
Drives are Raid 1

Router - DIR 655 HW vA4, FW v1.21
Virtual server settings:

IP:192.168.1.120
Port(public and private):1026
Protocol:TCP
Schedule:Always
Check box: Checked

on the off chance that the -1 port is needed as mentioned in some posts I also did the following:

IP:192.168.1.120
Port(public and private):1025
Protocol:TCP
Schedule:Always
Check box: Checked

Log of the last person trying to connect (with some edits to my ftp address for privacy's sake):

[22:11:17] SmartFTP v3.0.1024.32
[22:11:18] Resolving host name "xxx.155.130.xxx"
[22:11:18] Connecting to xxx.155.130.xxx Port: 1026
[22:11:18] Connected to xxx.155.130.xxx.
[22:11:18] 220---------- Welcome to Pure-FTPd [TLS] ----------
[22:11:18] 220-You are user number 1 of 10 allowed.
[22:11:18] PASV
[22:11:18] 227 Entering Passive Mode (192,168,1,120,178,213)
[22:11:18] Passive ip address returned from server different from server ip.
[22:11:18] Opening data connection to 192.168.1.120 Port: 45781
[22:11:18] MLSD
[22:11:18] PASV
[22:11:18] 227 Entering Passive Mode (192,168,1,120,178,213)
[22:11:18] Passive ip address returned from server different from server ip.
[22:11:18] Opening data connection to 192.168.1.120 Port: 45781
[22:11:18] MLSD
[22:11:39] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected

[DBDave]

Mine's doing the same thing - when the server is issuing a PASV command, it attaches the local LAN IP.  In order to work, the server has to have the WAN side IP here.  I'm using a software FTP service, free, called Filezilla, and it actually has a menu option for this, and I tell it to use my dynamic dns service to get the IP to put here. 

Even if this gets working, I fear mine's still not going to work right, because in Filezilla I can tell it what range of ports to use for passive, and then forward that appropriate range of ports in my router.  Dlink's hardware FTP seems to be missing this option as well, so I've no clue how to get the passive ports forwarded in the router.

I would like to see this finally fixed, but I've come to love Filezilla's remote management screen where I can flow-control my friends "on the fly" as I need bandwidth.  As well as being icon-notified on my primary workstation of FTP activity (soft FTP is running on old laptop under desk).  If the DNS-323's FTP could offer remote management that rivaled Filezilla, then I'll switch over.  Otherwise, I'm sticking with the soft FTP.  The "old laptop" can't see the DNS for FTP sharing, sadly, so I setup a free file synchronizing software called Allway Sync that mirrors the laptop's HD FTP space onto the DNS.

I'm behind a DSL modem that's been bridged, and a Netgear router.

Dave

[fordem]

Switch to port 21 - and use active ftp - does it work now?

If not - there is a good chance your ISP may be blocking the port.

If it does - then the problem lies with the client-side firewall preventing the data channel from being established.  This is the reason passive ftp exists, but the DNS-323 does not support ftp.

The actual mechanics have already been covered in other posts.

[Dean]

Fordem, if I understand your post you think my ISP would be blocking a random port such as 1026? After some checking, they do block inbound port 21. No mention of 1026 though.  http://www.dslreports.com/faq/10283

[Dean]

Okay, after more poking around this morning it lookes like PASSIVE hands out random ports (from a range?) back to the client by design and if these too are not forwarded then the router will of course block them.

This explains this line in my posted FTP log:

[22:11:18] Opening data connection to 192.168.1.120 Port: 45781

so I guess my next question is, does anyone know the range of ports that are used by the DNS323 for this operation?

Edit: Having someone try to connect via ACTIVE only gets forced back into PASSIVE:

[09:52:33] PORT 192,168,0,119,17,59
[09:52:33] 500 I won't open a connection to 192.168.0.119 (only to 24.80.119.24)
[09:52:33] Automatic failover of data connection mode from "Active Mode (PORT)" to "Passive Mode (PASV)".
[09:52:33] PASV
[09:52:33] 227 Entering Passive Mode (192,168,1,120,19,159)
[09:52:33] Passive ip address returned from server different from server ip.
[09:52:33] Opening data
connection to 192.168.1.120 Port: 5023
[09:52:33] MLSD

[fordem]

Fordem, if I understand your post you think my ISP would be blocking a random port such as 1026? After some checking, they do block inbound port 21. No mention of 1026 though.  http://www.dslreports.com/faq/10283

No - I don't think your ISP is blocking a random port such as port 1026.

I'm really not inclined to repeat the hows and the whys of ftp another time - try searching this forumfor one of the other posts in which I have covered it.

Very briefly - when a non standard port is used, if the client is behind a NAT router, active ftp will fail because the client side firewall will block the data connection - you need to use passive ftp, which is not supported by the DNS-323.

I just noticed - my previous post has an omission - where I say the DNS-323 does not support ftp, the word passive was inadvertently omitted - passive ftp is not supported, only active ftp.

By the way - if your ISP blocks 21, it's probably because your TOS does not permit you to host an ftp server on that level of service.

[Dean]

If it supports active, then why (as you see from my post above your reply) does the FTP client get forced back to Passive when an Active connection is attempted? If I could get through with active, then I wouldnt be having these issues. I'm not seeing anything on my testing that indicates the support of active.

[DBDave]

Fordem,

It sounds like you are put off by having to repeat yourself, so I hesitate to differ with you, when you are trying to help.  BUT....

Passive IS supported and works fine on the DNS-323.... here is an example of an xfer over local LAN:

PWD
Response:   257 "/Volume_1/David/GPS logs (Holux)" is your current location
Command:   TYPE I
Response:   200 TYPE is now 8-bit binary
Command:   PASV
Response:   227 Entering Passive Mode (192,168,1,32,70,129)
Command:   RETR Holux_M-241_Total_Start_20090123-194117_Finish_20090123-201632.kml
Response:   150-Accepted data connection
Response:   150 97.6 kbytes to download
Response:   226-File successfully transferred
Response:   226 0.004 seconds (measured here), 26.70 Mbytes per second
Status:   File transfer successful

It's when someone from the WAN side of the router connects, it fails because the FTP server is responding to the PASV request with the local LAN IP and does not support a function to retrieve the WAN IP to place in this response (as opposed to FileZilla, which works fine for me on the same ports, no ISP blocking, etc).  If my software FTP server wasn't crashed right now, I'd give you a screenshot of the filezilla settings where this specific problem is resolved by saying basically "go get that IP from my dynamic dns service OR use this specific IP OR something else."

Any further advice would be appreciated, and I will take the time to search this forum for previous FTP PASV probs.

Dave

[fordem]

@Dean - Active will NOT work on a non standard port IF the client is behind a NAT firewall - put the client in the DMZ and see what happens.  Again, I will point out to you that you arelikely to be in violation of your ISP's TOS


@DBDave - I stand corrected - that was probably added in the most recent firmware release - however, I believe you'll find the implementation is incomplete - when you find the config screens for passive ftp, do let me know.

[Dean]

I ended up modding the box and using a custom script to get it to work. Sadly for me this seemed to be the only route. Yet I have 3 friends that didnt have any issues at all using custom ports and passive, worked right out of the box with simple port forwards. They are all on a different ISP though, but since I wasnt using a restricted port I still dont quite get it and probably never will fully understand why. The mod did the trick so I'm at least up and running now.

[DBDave]

Fordem, no problem - I should receive the part I need to rebuild my crashed soft FTP machine on Tuesday/Wednesday... so I'll make sure I grab some screenshots during the soft FTP setup and post them here.  I never rave about software, and I've set up many FTP servers over the years, but the Filezilla Server seems to be the pinnacle so far.  Powerful user setups, memory efficient, remote management with security for LAN only or WAN manangement (user defined port).  Flexible DDNS options.  Live flow controls, FXP support, etc.  My only gritch is that the soft FTP setup can't share the networked DNS-323, so I have to use a daily filesync freeware setup that is suiting my needs so far.  Anyway, I'll be sure to post those screenshots when I get them.

Dean, I have no clue either why you have friends with these units (on another ISP) that can connect remotely, and we can't.  I thought it had something to do with DSL being double NAT'ed originally, but since I've bridged my modem, I'm really at a loss, too.  But again, until the DNS's FTP has a powerful remote management/statistics interface (think icon in tray), I'm sticking with the soft FTP sadly.

Dave

[DBDave]

Dean,

I think I know what you are meaning by "modded the box."  Read this:

http://wiki.dns323.info/howto:open_ports_ftpd

The wiki info is slightly dated referencing v1.04 firmware, but is very informative.  Looks like modifying one file with WAN IP by hand, every time it changes (and possibly requiring fun_plug).  Sticking with my softy FTP for now, personally. 

Dave

[fordem]

I ended up modding the box and using a custom script to get it to work. Sadly for me this seemed to be the only route. Yet I have 3 friends that didnt have any issues at all using custom ports and passive, worked right out of the box with simple port forwards. They are all on a different ISP though, but since I wasnt using a restricted port I still dont quite get it and probably never will fully understand why. The mod did the trick so I'm at least up and running now.

Read the other threads - it's fully covered - in most cases ftp problems with non standard ports are caused by one or the other of the two NAT firewall/routers - with active ftp, it's the client side, with passive ftp, it's the server side.

[Dean]

Dean,

I think I know what you are meaning by "modded the box."  Read this:

http://wiki.dns323.info/howto:open_ports_ftpd

The wiki info is slightly dated referencing v1.04 firmware, but is very informative.  Looks like modifying one file with WAN IP by hand, every time it changes (and possibly requiring fun_plug).  Sticking with my softy FTP for now, personally. 

Dave

I used Fonz's Fun_Plug then edited a script from ShadowAndy that automatically sets the external IP up for the box upon rebooting it. So when/if my dynamic IP changes, the only thing I will have to do is reboot the NAS, not the best solution, but my IP changes only a couple or three times a years usually so no biggie.

[ttmcmurry]

I've had this problem before and made posts about it.  Basically if you use Passive FTP the 323 chooses random ports to use for that range, but becuase your router doesn't know what those ports are and to which system they should be forwarded, the data is "lost" and you can't do a passive transfer.

The solution I proposed in the official 1.07 firmware feature request page was the ability to specify the PASV port range on the 323 to be able to make this work as intended.