• September 16, 2019, 06:14:56 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2]

Author Topic: FTP on 323 - unroutable address  (Read 19641 times)

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: FTP on 323 - unroutable address
« Reply #15 on: November 11, 2008, 07:11:05 PM »

I spent a considerable amount of time researching and session logging before I was discovered that Active FTP was the only way to reach the DNS over the Internet between two NAT'ed LANs.  How I discovered it was purely by chance reading.

I was in the process of putting the product back in the box for return - since I couldn't get FTP to work as expected - when I noticed the little asterisk and footnote stating that it was recommended that a VPN session be established when connecting to the DNS using FTP from the Internet - that's when it occurred to me that *maybe* that both TCP Port 20/21 needed forwarding.

In short, I don't believe your understanding (and that of 'fordem') are incorrect; what you expected to occur should ... it just doesn't when it comes to the DNS - at least with the current f/w releases.


Cheers,


What I "expect to occur" has already been stated - and my DNS-323 DOES work this way with both 1.04 & 1.05 versions of the firmware, as in fact does every other ftp server I have setup.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

hilaireg

  • Level 3 Member
  • ***
  • Posts: 332
Re: FTP on 323 - unroutable address
« Reply #16 on: November 11, 2008, 08:11:06 PM »

Well ... your DNS-323 must be magical; cause unless I forward Ports 20/21 to the DNS-323 there's no way a file write happens from an external NAT'ed LAN to the DNS-323 via FTP when in Active mode.  And it doesn't happen at all if the external client FTP is set to Passive.

All my other FTP servers & clients work as I would expect.

Cheers,
Logged

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: FTP on 323 - unroutable address
« Reply #17 on: November 12, 2008, 05:50:33 PM »

Well ... your DNS-323 must be magical; cause unless I forward Ports 20/21 to the DNS-323 there's no way a file write happens from an external NAT'ed LAN to the DNS-323 via FTP when in Active mode.  And it doesn't happen at all if the external client FTP is set to Passive.

All my other FTP servers & clients work as I would expect.

Cheers,

I don't know if you have read the responses in this thread - but - just in case you haven't, please allow me to point out that there appear to be two persons, other than myself, that have indicated that the DNS-323's ftp server works with just port 21 forwarded.

Statistically that's three for, one against - the prople have spoken - you're out voted.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

Sumdumphuc

  • Level 2 Member
  • **
  • Posts: 46
Re: FTP on 323 - unroutable address
« Reply #18 on: November 12, 2008, 06:41:43 PM »

at least you guys have it working,

I have tried everything here in the thread and still nothing.
I have changed so many setting now I think I have to reset everything and start over.
I have set user access in DNS-323
started the ftp server
port forward my router both 20 and 21 for both TCP and UDP
I'm using fire ftp
I have unticked the box "Passive mode"
I have dyndns set up

and I still can not get in from another location
Logged

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: FTP on 323 - unroutable address
« Reply #19 on: November 12, 2008, 06:59:29 PM »

Troubleshoot in a systematic fashion ...

 the first step is to verify that you can access the ftp server locally
 the second step is to verify that your dyndns resolves correctly (if you're going to use dyndns)
 the third step is to verify that port forwarding has been correctly configured

It should be noted that some routers require more than just the actual port forwarding - I've seen Netgear routers that need a schedule set before they would allow access, and if you're using Cisco, you'll also need to verify that your ACL allows ftp access.

It is also possible that your ISP may block port 21 inbound - especially if the TOS forbids the hosting of servers.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

Sumdumphuc

  • Level 2 Member
  • **
  • Posts: 46
Re: FTP on 323 - unroutable address
« Reply #20 on: November 12, 2008, 08:37:36 PM »

thanks for the fast reply.
Ok, the first thing that I'm unsure of is;
I have a modem (billion bi-pac 7300) and a wireless router (Linksys WRT-350N)

                      Internet
                          |
            __________________
           |billion 192.168.1.XXX|
                          |
                          |
             ________________
           |Linksys 192.168.2.1|
             /                        \
           /                            \
 ________________       ________________
|PC1 192.168.2.XX1|    |PC2 192.168.2.xx2|

Do I port forward(PF) on the Billion or the Linksys, because I'm unsure I have PF both, but I have a feeling this is wrong (I have tested all configurations of this and none work eg: PF billion only, no go.... PF Linksys only, no go....... so at this moment both are PFed).


I hope you understand my bad diagram.
Logged

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: FTP on 323 - unroutable address
« Reply #21 on: November 13, 2008, 04:21:45 AM »

I understand your excellent diagram, and it shows why you're having a problem at first glance - you have two routers, an almost guaranteed way to cause problems in your situation.

The first thing I would suggest is that you get rid of one - I can understand your reluctance to do that, since which is probably not an option, since the Billion also your modem and I suspect does not have wireless capability, were I in that situation I would have added wireless capability using an access point and not a router, but we'll come back to that later.

There should be a way to put the billion in to "bridge mode" so it acts only as a modem and not as a router - in which case the Linksys will get a public ip address and you can then port forward on that.

Another option would be to configure the Linksys at a static address (WAN) side and then configure the Billion so that it places the Linksys in the DMZ - port forwarding would then be done on the Linksys - and the final option would be to configure the Linksys to act as a wireless access point only (configure both routers to use the same private subnet, Billion at 192.168.1.1, Linksys at 192.168.1.2, disable DHCP on the Linksys, configure DHCP on the Billion to start it's DHCP range at 192.168.1.3 (or later) and then link the two routers LAN port to LAN port.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

Sumdumphuc

  • Level 2 Member
  • **
  • Posts: 46
Re: FTP on 323 - unroutable address
« Reply #22 on: November 13, 2008, 04:56:36 AM »

Yes you are correct, I bought the billion before I needed wireless then when I needed wireless I bought the Linksys thinking I could do away with the billion but I could not, the Linksys does not have a ADSL line in. I choose the Linksys WRT350N because of the attached storage USB slot (which is in use to do backups of one of the DNS-323)
I tried to configure them on the same private subnet but had no luck getting on the internet (Linksys also over the phone tried to help configure with the same results), so that is why it is configured the way it is.

Ideally I would like to go with your first second option and put the billion in bridge mode.

I will look into this now and see if there is a way to do this.
Logged

hilaireg

  • Level 3 Member
  • ***
  • Posts: 332
Re: FTP on 323 - unroutable address
« Reply #23 on: November 13, 2008, 09:28:52 AM »

I don't know if you have read the responses in this thread - but - just in case you haven't, please allow me to point out that there appear to be two persons, other than myself, that have indicated that the DNS-323's ftp server works with just port 21 forwarded.

Statistically that's three for, one against - the prople have spoken - you're out voted.

I have read the posts and have gone back and attempted to get the DNS-323 FTP to function in R/W with only Port 21 forwarded ... no luck.

WinXP (initiator)      <-> NAT LAN #1 Router (everyone else) <-> Internet <-> NAT LAN #2 Router <-> DNS323
(IE Passive Enabled)

RESULT: No R/W


WinXP (initiator)      <-> NAT LAN #1 (everyone else) <-> Internet <-> NAT LAN #2 (my fw) <-> DNS323
(IE Passive Disabled)

RESULT: R only, Fail on W


A subsequent follow-up call to D-Link Support yielded no success in getting FTP 'Writes' without forwarding Port 20.  Same exercise with any *other* FTP server gives the desired result when only forwarding Port 21.  Out-voted or not, I cannot get an initiator to write via FTP to DNS323 unless I forward Port 20 to the DNS323.

 ???
« Last Edit: November 13, 2008, 10:32:20 AM by hilaireg »
Logged

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: FTP on 323 - unroutable address
« Reply #24 on: November 13, 2008, 06:43:21 PM »

I just happen to be in Florida, and I uploaded some pictures to my DNS-323 - I have screen shots of the router configuration and the ftp session that I could show you, but this site does not allow images to be uploaded.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

hilaireg

  • Level 3 Member
  • ***
  • Posts: 332
Re: FTP on 323 - unroutable address
« Reply #25 on: November 14, 2008, 04:48:05 AM »

To confirm:

1) The workstation is behind a NAT'ed router in Florida and the DNS323 is behind a different NAT'ed router
2) FTP R/W are occurring from NAT'ed router A over the Internet to NAT'ed router B.
3) Only Port 21 is forwarded on the NAT'ed router in front of the DNS323.
4) The only changes to router rules are in the NAT'ed router in front of the DNS323.
5) The NAT'ed router in front of the workstation doesn't have FTP specific rules (pin-holes).
6) You can successfully R/W to the DNS323 using IE (or Explorer Folder View); i.e. not CMD line.


If so, I'm stumped; I'm able to successfully connect and perform R/W with only Port 21 forwarded to a non-DNS323 FTP.  But unless I forward Port 20, I can't get W to occur on the DNS323 via FTP using the method.

Since if was DNS323 specific, I assumed it wasn't a router misconfiguration  - now you've got me wondering ...
Logged

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: FTP on 323 - unroutable address
« Reply #26 on: November 14, 2008, 07:29:12 AM »

To confirm ...

1) The workstation (a Dell Latitude 420) is behind a NAT'ed router in Florida (a cheap $39 Dynex from BestBuy) and the DNS-323 is behind a different NAT'ed router in Guyana (a Netgear WNR2000).

2) ftp r/w is occurring between the workstation via the Dynex to Comcast, through 3000 odd miles of the Americas II submarine fibre to Guyane (French Guiana), through a few hundred miles of terrestrial fibre across Suriname (Dutch Guiana), into Guyana (British Guiana) and then through Lightening Fast DSL to the Netgear and the DNS-323.

3) Only port 21 is forwarded to the DNS-323, port 800 is forwarded to a D-Link ip camera, and port 1723 is forwarded to a Windows 2003 server.

4) The only changes to router rules are in the NAT'ed router in front of the DNS-323.

5) The NAT'ed router in front of the workstation has only the port forwarding rules.

6) I can successfully R/W to the DNS-323 using either Explorer Folder View or the command line - I haven't tried with IE, I'm not certain that I can write using IE.

Just so that you are aware of it, the Netgear WNR2000, by default, will forward both ports 20 & 21 for the ftp service - this one has had that rule changed so that it forwards 21 only - not that it makes a difference, I have also used a D-Link DI-504 and a Linksys BEFSX41 in this location, with the DNS-323 - it really does not need port 20.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

hilaireg

  • Level 3 Member
  • ***
  • Posts: 332
Re: FTP on 323 - unroutable address
« Reply #27 on: November 14, 2008, 08:17:59 AM »

Appreciate the response,

1) other than the router; match.
2) other than the route & router; match.
3) Port 21 to DNS323; Port 25 to an Exchange Server.  Only difference here is that i'm having to forward Port 20 as well.
4) match.

5) in the test i've done, the router in front of the workstation has not been *touched*.  Can I assume this is what you meant as well?  With the caviat, that Passive FTP in IE Advanced had to be disabled on the workstation.

6) successful "Folder View" writes to the DNS323 without forwarding Port 20 at the router in front of the DNS323; the results on my end differ.  Until I forward Port 20, I cannot successfully write a file to the DNS323.


I get the exact behaviors you and others have posted on any other FTP server behind the router (DGL-4100) - i.e. Port 21 only R/W.  Always find it amazing how something that's quite simple to do becomes complicated.

 ???
« Last Edit: November 14, 2008, 08:33:32 AM by hilaireg »
Logged

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: FTP on 323 - unroutable address
« Reply #28 on: November 15, 2008, 10:30:13 AM »

5.  The only changes on the NAT'ed router in front of the workstation are to set a WPA encryption key, change the default password and spoof the MAC address - NO port forwarding rules are set - no settings have been changed on IE
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.
Pages: 1 [2]