• September 16, 2019, 06:19:33 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2 3

Author Topic: Connecting to DNS-323 using FTP over TLS behind a router with firewall (DIR-655)  (Read 41048 times)

mcduarte2000

  • Level 2 Member
  • **
  • Posts: 40
    • Miguel Duarte

I'm trying to configure my DNS-323 to be open to the outside world for connections of FTP over SSL/TLS (my router is a D-Link DIR-655). But unfortunately something is not working.

The connection is established but when using TLS it gets stuck on the LIST command. I already tried to forward the ports 989 and 990 (besides the standard 21 for FTP) to the DNS-323 from my router, using the Port Forwarding Rules table, but it didn't work.

Currently the DNS-323 is on the DMZ of the router, so it shouldn't be a firewall problem, but, when I connect directly to the internal network address of the DNS-323 everything works fine.

Another problem, is that standard FTP, when I put DNS-323 behind the firewall, simply stops working (getting stuck also on the LIST command).

Any ideas of what I should do to make this work?

Thanks,

Miguel
« Last Edit: January 01, 2009, 07:01:41 AM by mcduarte2000 »
Logged

nighthawk

  • Level 1 Member
  • *
  • Posts: 2

hmm, i cant remember the reason exactly, (something to do with control-data or something) but try opening port 20 as well (for the "behind firewall problem")

nighthawk
« Last Edit: January 01, 2009, 07:51:13 AM by nighthawk »
Logged

hilaireg

  • Level 3 Member
  • ***
  • Posts: 332

Short of FTP over VPN, you'll find FTP support is pretty limited when using it outside the LAN.

90% of folks have had success by only forwarding Port 21 on the router to the DNS; I personally have had to forward Port 20 as well ... although it shouldn't be required at all.

The DNS does support reassignment of Port 21 although I suspect Port 20 cannot be reassigned natively.  There is a DNS Wikki that shows you how to 'mod' the DNS - you will not be able to obtain warranty and support from D-Link however.

HTH,

Logged

mcduarte2000

  • Level 2 Member
  • **
  • Posts: 40
    • Miguel Duarte

Well the FTP problem behind the Firewall problem actually is solved using the "Virtual Server List" table of the DIR-655 instead of the "Port Forwarding Rules" table.

Still fighting with being able to use the FTP over TLS... It continues getting stuck on the LIST command...

Miguel
Logged

jrbilodeau

  • Level 3 Member
  • ***
  • Posts: 100

I posted an other thread on here. i use Filezilla as my ftp client. basically you have to use FTPES and not FTPS. thats what i found. btw it just uses the default ftp port (21).
Logged

mcduarte2000

  • Level 2 Member
  • **
  • Posts: 40
    • Miguel Duarte

I posted an other thread on here. i use Filezilla as my ftp client. basically you have to use FTPES and not FTPS. thats what i found. btw it just uses the default ftp port (21).

I'm using FileZilla and FTPES. I can use it from inside my network, but not from outside... Can you access your FTP site (using FTPES) from outside your network? Did you create any special configuration on your router besides the normal parameters needed from a normal non-encrypted FTP?

If I try to connect from outside I just get:

Command:   AUTH TLS
Response:   234 AUTH TLS OK.
Status:   Initializing TLS...
Status:   Verifying certificate...
Command:   USER *******
Status:   TLS/SSL connection established.
Response:   331 User ******* OK. Password required
Command:   PASS ********
Response:   230 OK. Current restricted directory is /
Command:   PBSZ 0
Response:   200 PBSZ=0
Command:   PROT P
Response:   534 Fallback to [C]
Status:   Connected
Status:   Retrieving directory listing...
Command:   PWD
Response:   257 "/" is your current location
Command:   TYPE I
Response:   200 TYPE is now 8-bit binary
Command:   PASV
Response:   227 Entering Passive Mode (*************)
Status:   Server sent passive reply with unroutable address. Using server address instead.
Command:   LIST
Error:   Connection timed out
Error:   Failed to retrieve directory listing
« Last Edit: January 01, 2009, 01:50:17 PM by mcduarte2000 »
Logged

Wilson

  • Level 1 Member
  • *
  • Posts: 20

Hello, is anyone try the latest v1.08 f/w for this issue?
Logged

Tank_Killer

  • Level 2 Member
  • **
  • Posts: 91

have you opened/forwarded your passive port range on your router as well as the port?

have you tried setting your client to NOT use a PASV port range? (dunno how thats done in filezilla)

if it hangs on list this is generally a port issue.
Logged

bripab007

  • Level 3 Member
  • ***
  • Posts: 104

have you opened/forwarded your passive port range on your router as well as the port?

What passive port range does the DNS-323's FTP server use?
Logged

nightshocker

  • Level 2 Member
  • **
  • Posts: 45

so has this been solved? i have the same problem.
Logged

ttmcmurry

  • Level 4 Member
  • ****
  • Posts: 438

I would say wait until 1.08 comes out of beta.  The problem with 1.06/1.07 is you don't know the PASV port range, so how could your router possibly compensate for forwarding ports it isn't aware of that it needs to forward?  You can't change the range, and trust me it spans well over 10,000 ports.  Not ideal or secure.

In 1.08 you'll be able to define a brief range for PASV transfers (1 port * # of simultaneous connections  +1)-- so you can put the apporpriate info in your router for proper communication.  That would solve the connection drops... port 21's pretty much going to always work if it's properly forwarded.



Logged

MisterGoupil

  • Level 1 Member
  • *
  • Posts: 5

In a few words : With FW 1.08, FTP over SSL/TLS and over Internet will be possible ?
« Last Edit: September 06, 2009, 01:14:21 PM by MisterGoupil »
Logged

traylorre

  • Level 1 Member
  • *
  • Posts: 2

mcduarte2000 : It appears that in your logs that you are not connecting over a secure connection.  I have this same problem.  Anyone heard of a solution?

At first, the server responds as supporting TLS, but then it sends an error 534 saying it will operate on no encryption.

RFC 2228 : http://www.networksorcery.com/enp/rfc/rfc2228.txt
Code: [Select]
This command indicates to the server what type of data channel
      protection the client and server will be using.  The following
      codes are assigned:

         C - Clear
         S - Safe
         E - Confidential
         P - Private

The default protection level if no other level is specified is
      Clear.  The Clear protection level indicates that the data channel
      will carry the raw data of the file transfer, with no security
      applied.

You will see in your logs below that you have this problem.  I have this problem as well, using DNS-323 server and FileZilla and CuteFTP clients.

Most people would not understand these messages, and thinking that they are on a secure connection, would be running naked / unencrypted.

Check out this post as  a way to enabled secure FTP.  Then you login as root.
http://nas-tweaks.net/CH3SNAS:Tutorials/fun_plug



---
Command:   AUTH TLS
Response:   234 AUTH TLS OK.

Status:   Initializing TLS...
Status:   Verifying certificate...
Command:   USER *******
Status:   TLS/SSL connection established.
Response:   331 User ******* OK. Password required
Command:   PASS ********
Response:   230 OK. Current restricted directory is /
Command:   PBSZ 0
Response:   200 PBSZ=0
Command:   PROT P
Response:   534 Fallback to [C]
Logged

Filosofer

  • Level 1 Member
  • *
  • Posts: 3

I am also using filezilla and have forwarded ports, ect.
The thing is i can't even connect to the directory.

The dns sits behind the second router, all ports static, pppoe is active and dyndns updates.
im still not getting any progress with this. all firewalls are also off.

Any hints mcduarte2000 for even getting logged on?
Logged

Jimbojjz

  • Level 1 Member
  • *
  • Posts: 1

Really frustrated with this problem. I bought this a few months back planning to use it to help with some backups of certain files on webservers. Spent the past weeks trying to troubleshoot this with absolutely no joy. If I had known this in first place wouldn't have spent 400 on it :(

Exact same symptoms. Can connect locally but via the net on static IP just gets to LIST and dies. I could cry :(
Logged
Pages: [1] 2 3