Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[warcat]

Hi everyone

I know, that this issue had been brought up many times here, but unfotunately I haven't found any sollution to my problem in previous topics. And here it is
DNS 323 is set up on a static IP address (*.210)
On a router I've forwarded port 21 to port *.210:1035. I've also opened 55536-55663 ports to *.210
In DNS323 FTP configuration page I've set up 1035 as a listening port, used default range (55536-55663) for passive mode, set up users and gave them full access to corresponding directories.
There is no problem logging in and retriving data via LAN naturally, so I tried to log in from remote location using command line client
Listening port is reported properly, username is accepted, so is the password. Client however says that 'current restricted directory is /'
Problems start when I try to bring up directory content list:

200 PORT command successful
425 Could not open data connection to port 2962: Connection timed out.

We don't use ftp server too often, so I've stumbled on that problem yesterday and after hours of figting it, I've deleted all the users and their shares, restarted ftp server, created users again and gave them access to corresponding shares. Seemed to work, altough 'restricted directory' messge was still in place.

And when I've got to work today morning and tested it again problem returned.

Any advice?

[fordem]

Ordinarily I would suggest you reduce everything to basics - which would mean going back to the default port 21, getting it working and them moving on from there - however - I note you're coming in on 21 and them translating that to 1035 - why - what purpose does it serve?

However - that's not probably not related to your problem - you need to look at the passive ftp connection - that's where the error message is pointing.

[OlegMZ]

1) I totally agree. I would understand if you used non-standard port outside of your router to prevent internet attacks to well known port. But using it internally makes no sense. So for 1st stage I would use TCP/21 -> TCP/21. At least to make sure everything works fine.

2) If your router does not support FTP forwarding (which is strange), make sure that both FTP/21 and data ports (TCP/55536-55663) are FORWARDED (not just opened) to your NAS.

3) It is weird that your client is complaining about port 2962 while it should use one from the range set at NAS?

BTW did you try to connect plain simple browser to go to your FTP using ftp://x.x.x.x ? And make sure you are not trying to access your FTP from behind some firewall (from the office for example), but from direct unrestricted internet connection ( wireless stick, your friend's house etc). Many corporate firewalls limit ports opened to outside, not only inside. And make sure your client is indeed in passive mode.

[warcat]

Port 1035 i a kind of an artifact - my former router had a biult-in ftp server and didn't support any kind of forwarding, so I had to set up NAS as a DMZ, and change its listening port. Nevermind, switched back to 21 as suggested.
I've also set up whole ftp server again, deleted and recreated users and their shares, nothing changed.
Regarding port 2962 - I think that command line ftp client works in active mode, however fire ftp set up to work in passive mode reports connection through 207,127, which translates to 53119 and it is not in a passive mode range...
Tried to connect with:
command line - connects, but cannot bring up content, reports root as a restricted folder
fireftp active mode - same as above
fireftp passive mode - same as above, additionally tries to connect through some strange ports
windows file explorer - connection timed out, make sure you have permission to access that folder. Tried to connect with only username - asks for a password, proceeds to getting contents of a folder and reports time out again.
IE - trying to connect for last 30 minutes, progress bar at half
firefox - after about 15 minutes of logging in looks like it did, but displays an empty folder (which isn't)

All of it points to problem with users permissions. So I gave all the accounts full access to root. Didn't help.
Tried to connect locally again - command line ok(reports root as a restricted directory), fireftp active - the same, fireftp passive - cannot connect, same as firefox, IE and file explorer.

It looks like I have two problems here - one would be with NAS's passive mode, which seems not to work, and second one with my router, which seems to direct traffic improperly.

[warcat]

And now a surprise:
Changed listening port to 1035 again, and forwarded it to NAS. Everything works like a charm.
Now reforwarded port 21 to *.210:1035 AND IT WORKS! Even passive mode reports normal ports now...

So the question is - WTF?

Nevertheless I'm still wondering how long will it last...

EDIT - thirty minutes..., now I'll check how long will it work through 1035 ona a router...

[dividedhighw]

@warcat: Did you get to the bottom of this?  I ask because I have exactly the same problem except that I've been using port 22 (the default for SSH) on the WAN side and have it forwarded (by my dd-wrt Router/AP) to port 21 on my NAS.

This arrangement has worked for me for the last couple of years I've been running a DNS-321.  No problems connecting to my home NAS from work.  I recently upgraded to a DNS-323, configured the same way and it fails with same symptoms you reported ... authenticates but gets hung at listing the directory.  I thought it was a change in firewall rules at work (and was dreading having to appeal to our firewall guy), but since you reported the EXACT same outcome, I'm betting it's a DNS-323 issue.

BTW, I had to redirect port 22 on the WAN side to port 21 on the NAS because my work doesn't allow anyone to connect to an external FTP source unless it's pre-approved; that's why I'm using the SSH port (which as I said, has worked fine with my DNS-321 for a couple of years).

Any help/advice appreciated!

DH

[warcat]

Well, after the initial WTF, I've contacted router's manufacurer's helpdesk, and they've said that they have no idea about DNS323, and maybe I should upgrade firmware on both router and the server. So I did, and it seems to work fine since (the in passive mode, but fails to work in active). Nevertheless that fits me, because most of the clients that would like to access our ftp sever would use clients like total commander, and therefore they will be suited fine. What bothers me is WHY??? But unless it fail again, I'll have that matter settled, fot there are more things to deal with. Nevertheless, if you'll find some sollution, I'll be most glad if you'd feel like posting it here.
Cheers