FTP over WAN (internet) on WRT610N

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
elmiku
DD-WRT Novice


Joined: 14 Sep 2009
Posts: 9

PostPosted: Mon Sep 14, 2009 14:43    Post subject: FTP over WAN (internet) on WRT610N Reply with quote
Dear,

Since 2 weeks I installed successfully the EKO DD-WRT firmware on my WRT610N
Firmware Version: DD-WRT v24-sp2 (09/01/09) big - build 12774M NEWD Eko
Everything is working fine, except FTP access over WAN for accessing my attached USB stick to the router.
I tried all hints and tips on following link but whithout a positive result, including the 2 described options:
http://www.dd-wrt.com/wiki/index.php/ProFTPd
The only thing is, I dont use port 21 for FTP as my provider blocks this port. So I replaced port 21 everywhere with

the port I use for FTP. FYI, remote management trough the internet over port 8080 is working fine.
However, inside the LAN, FTP is working correctly.I can see the data on my USB stick
From Outside my LAN (over the internet) it is impossible to access it via FTP.
I tried already via browser and with FTP client Filezilla ..

Please can someone help me or put me in the right direction about how to solve this annoying problem?

Best Regards
Kurt
Sponsor
reddfoxx
DD-WRT Novice


Joined: 13 Feb 2009
Posts: 3

PostPosted: Mon Sep 14, 2009 15:21    Post subject: Reply with quote
Did you open the ftp port on your router?

/usr/sbin/iptables -I INPUT 1 -p tcp --dport (the port you used for proFTPd) -j logaccept should do the magic.

Do yourself a favor and check that the port you used for FTP is actually visible from the internet, for example by using a port scanner, such as ShieldsUP!
m00nman
DD-WRT User


Joined: 14 Jan 2009
Posts: 406
Location: AB, Canada

PostPosted: Mon Sep 14, 2009 19:33    Post subject: Reply with quote
insert the following into the firewall script:
Code:
/usr/sbin/iptables -I INPUT 1 -p tcp --dport 21 -j logaccept

Don't forward port 21

_________________

Nethear R6300 v2 - Latest Kong dd-wrt always
Linksys E3000 - Latest dd-wrt always
Asus RT-N56U - OpenWRT trunk
elmiku
DD-WRT Novice


Joined: 14 Sep 2009
Posts: 9

PostPosted: Mon Sep 14, 2009 19:40    Post subject: Reply with quote
Hi

Thanks for ur reply but what u said I have already done as I mentioned before (options in link)

Kurt
Masterman
DD-WRT Guru


Joined: 24 Aug 2009
Posts: 2070
Location: South Florida

PostPosted: Mon Sep 14, 2009 19:58    Post subject: Reply with quote
Why on earth does your ISP block port 21? Call them up and bitch...You're paying for it after all..Unless it's part of their terms of service..
_________________
Optware, the Right Way
Asus RT-AC68U
Asus RT-N66U
Asus RT-N10
Asus RT-N12
Asus RT-N16 x5
Asus WL520gU
Engenious ECB350
Linksys WRT600Nv1.1
Linksys WRT610Nv1
Linksys E2000
Netgear WNDR3300
SonicWall NSA220W
SonicWall TZ215W
SonicWall TZ205W
SonicWall TZ105W
elmiku
DD-WRT Novice


Joined: 14 Sep 2009
Posts: 9

PostPosted: Tue Sep 15, 2009 8:54    Post subject: Reply with quote
I know it is stupid but it's no problem for me because I just use anaother port (12121)
The connection to the ftp server seems to be ok but then I have always the following error in Filezilla:
"Failed to retrieve dirctory listing"
this is driving me nuts Sad
I tried almost everything ..

Anyone can give me the golden tip? :-)

Cheers
Kurt
mk01
DD-WRT User


Joined: 27 Dec 2008
Posts: 186
Location: EU, Slovakia

PostPosted: Tue Sep 15, 2009 10:07    Post subject: Reply with quote
elmiku wrote:
"Failed to retrieve dirctory listing"
this is driving me nuts Sad
I tried almost everything ..

Anyone can give me the golden tip? Smile


try to change passive / non-passive transfers.

_________________
ASUS 500gD on OpenWRT
LinkSys WRT610N V1
ASUS RT-N16
ASUS WL500gP V2
elmiku
DD-WRT Novice


Joined: 14 Sep 2009
Posts: 9

PostPosted: Tue Sep 15, 2009 11:12    Post subject: Reply with quote
Already tried that too ...
Jaredwhamilton
DD-WRT User


Joined: 03 Feb 2008
Posts: 245
Location: Oil City, PA

PostPosted: Tue Sep 15, 2009 14:10    Post subject: Reply with quote
Who is your provider? You're not behind another firewall, are you?
_________________
Main Router
WRT54GL V1.1 Running v24-sp2 std
elmiku
DD-WRT Novice


Joined: 14 Sep 2009
Posts: 9

PostPosted: Sun Sep 20, 2009 11:20    Post subject: Reply with quote
provider is telenet
No firewall @ client side
on server side there is the DD WRT
connection session is working and sever goes to passive mode and send the port to the client that it needs to use for the data session
Here it goes wrong ..
The client cannot make the datasession with the server on the received port(port between 60000 and 65000 as set on my ftp server)
I did forwarded port range 60000 65000 on the firewall of my DD WRT to the build in proftpd server
I have no clue why this isnt working ..
Searched already for hours and hours :-(

greetz
mk01
DD-WRT User


Joined: 27 Dec 2008
Posts: 186
Location: EU, Slovakia

PostPosted: Sun Sep 20, 2009 11:39    Post subject: Reply with quote
elmiku wrote:

I did forwarded port range 60000 65000 on the firewall of my DD WRT to the build in proftpd server
I have no clue why this isnt working ..
Searched already for hours and hours :-(

greetz


did you already try

iptables -I INPUT -m state --state RELATED,ESTABLISHED -j logaccept

I don't know, if this is part of the standard DD-WRT fw setup. My dd-wrt is not running WAN there.

still, you can try it.

mk

_________________
ASUS 500gD on OpenWRT
LinkSys WRT610N V1
ASUS RT-N16
ASUS WL500gP V2
elmiku
DD-WRT Novice


Joined: 14 Sep 2009
Posts: 9

PostPosted: Mon Sep 21, 2009 6:31    Post subject: Reply with quote
Hi,

Yes this rule is already in the INPUT chain ..

Thanks anyway ..
elzar
DD-WRT Novice


Joined: 03 Jun 2007
Posts: 35

PostPosted: Mon Sep 21, 2009 12:27    Post subject: Reply with quote
I think there's a problem with iptables on the wrt610n. I have similar issues with connecting to the OpenVPN Server. After disabling the firewall completely, the connection is working. I tried every iptables-rule I could find here for OVPN, but nothing helped. I'm going to flash another build sooner or later, and will try it again.
elmiku
DD-WRT Novice


Joined: 14 Sep 2009
Posts: 9

PostPosted: Mon Sep 21, 2009 19:23    Post subject: Reply with quote
Hi guys
Thank for the help
I finally found it myself !!!
following iptable rule did the magic
/usr/sbin/iptables -I INPUT -p tcp -m tcp --dport 60000:61000 --syn -j logaccept

(pay attention these are MY paasive ports ...)
The problem is I forwarded these ports with the GUI. The GUI is putting this rule in the FORWARD table instead of the INPUT table .. remember that the FTP server is on the router and NOT on a PC in my LAN.
Therefore the rule in the FORWARD table could never been executed and it blocked all my passive ports.

Following site helped me to resolve this annoying problem:
http://www.gentoo-wiki.info/ProFTPd

I hope maybe this was helpfull for other people too
Let me know and drop a small message if so

Cheers
Kurt
mk01
DD-WRT User


Joined: 27 Dec 2008
Posts: 186
Location: EU, Slovakia

PostPosted: Mon Sep 21, 2009 20:20    Post subject: Reply with quote
elmiku wrote:
Hi guys
Thank for the help
I finally found it myself !!!
following iptable rule did the magic
/usr/sbin/iptables -I INPUT -p tcp -m tcp --dport 60000:61000 --syn -j logaccept


normally, ip_conntrack_ftp module should do the job, but apparently this module is not part of dd-wrt installation.

if you want to experiment a little bit, copy this module to jffs and load it via startup script with "insmod /jffs/ip_conntrack_ftp.o".

this should help the firewall to properly pass data connection as part of previous ftp stream on port 21 (RELATED connection).

edit: it seems, that you have also copy and load (before ip_conntrack_ftp) ip_conntrack.o .

mk



conntrack_ftp.zip
 Description:

Download
 Filename:  conntrack_ftp.zip
 Filesize:  21.79 KB
 Downloaded:  893 Time(s)


_________________
ASUS 500gD on OpenWRT
LinkSys WRT610N V1
ASUS RT-N16
ASUS WL500gP V2
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum