I am trying to have WAN FTP access for my router using the built-in ProFTPD service. I can access the directory and files within the LAN and am able to get the user/pass login prompt from the WAN, but unable to list the directory contents. I would REALLY appreciate if some kind soul would be able to help with a guide of what to do after proftpd is enabled with a port other than 21. I know it has to do with port forwarding, but am a confused over whether my forwarding is working, or perhaps something simple as i need to reboot the router to properly initialize? I would think that a guide should be available as many people (including this greenhorn) would like to run an FTP server outside port 21 as a security measure...
Thanks!
Last edited by fretbuzz on Thu Aug 09, 2018 0:56; edited 1 time in total
In case anyone cares, I finally got it to work by:
1) Making sure my shares for ProFTPD were setup in Services->USB configuration
2) Making sure ProFTPD was enabled and custom port was entered in Services->NAS
3) Setting up a range of ports (which my custom port from #2 was a part of) to open under under NAT/Qos-> Port Range Forwarding.
4) Creating and Entering a startup script in Administration->Commands so that the router re-writes the proftpd conf file and IPtables after each router reboot:
make sure to:
- put your WAN IP address in MasqueradeAddress line
- Put the port range you used in #3 to the PassivePorts line
- not sure if the IP tables are necessary to be written to after each reboot, but I did it anyways: use same port range as #3 again.
- reboot router after the above is done.
Not sure why this is what it took for me, but hope it helps someone else looking to use a non-standard (not 21) FTP port with WAN access and successful active/passive directory listing from the WAN.
Since this isn’t specific to Marvell ping one of the mods (if you could find one) and ask him or her to move this post over this General or Advanced Networking sub forum for more exposure. I’ve seen a few regulars over there on both sub forums than know their stuff when it comes to firewall and IPv6 rules so you’ll likely be better served there. If you can’t find a mod just repost it. I haven’t ran and ftp service in years and don’t have any plans to do it again but its makes perfect sense in today’s world why you would run it on an it on an alternative port, good luck
In case anyone cares, I finally got it to work by:
1) Making sure my shares for ProFTPD were setup in Services->USB configuration
2) Making sure ProFTPD was enabled and custom port was entered in Services->NAS
3) Setting up a range of ports (which my custom port from #2 was a part of) to open under under NAT/Qos-> Port Range Forwarding.
4) Creating and Entering a startup script in Administration->Commands so that the router re-writes the proftpd conf file and IPtables after each router reboot:
make sure to:
- put your WAN IP address in MasqueradeAddress line
- Put the port range you used in #3 to the PassivePorts line
- not sure if the IP tables are necessary to be written to after each reboot, but I did it anyways: use same port range as #3 again.
- reboot router after the above is done.
Not sure why this is what it took for me, but hope it helps someone else looking to use a non-standard (not 21) FTP port with WAN access and successful active/passive directory listing from the WAN.
Cheers
I think I stumbled on something else:
- enter this as a "startup script":
#-------- for proftpd passive WAN access -----
echo 'MasqueradeAddress xxx.xxx.xxx.xxx'>> /tmp/proftpd/etc/proftpd.conf
echo 'PassivePorts xxxxx xxxxx'>> /tmp/proftpd/etc/proftpd.conf
killall -HUP proftpd
(ie. 2 different scripts in Administration->Commands)
- Also, do not enter anything in NAT/QoS->Port Forwarding/Port Range etc. as this forwards the login rules past the router, but does not input them into the router (which has ProFTPD on it). The scripts created under Administration->Commands will insert everything needed upon reboot.
