• November 02, 2024, 01:38:59 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DNS-320l passive FTP problem  (Read 13721 times)

garmcqui

  • Level 1 Member
  • *
  • Posts: 5
DNS-320l passive FTP problem
« on: April 27, 2014, 02:14:59 AM »

Hello all,

I've been trying to set up my DNS-320L ftp server for a long time now.  I thought I had it working reliably but now my dynamic IP has changed, it won't work.  These are my FTP server settings:



As you can see, the passive mode is set to report the external IP address (which was 217.44.87.209) and this worked well on a remote computer.  However, I had to restart my router and so I was assigned a new dynamic IP, after this my FTP stopped working  :(

I have set my router to forward port 21 to the DNS-320L, along with ports 55536-55663 (are these required???)

I have setup DDNS in the DNS-320L as follows:



However, the IP address is not updating automatically in the FTP server settings, so it is reporting my old external IP.  Here is the Filezilla connection log:

Quote
Status:   Resolving address of carthall.no-ip.biz
Status:   Connecting to 217.42.87.134:21...
Status:   Connection established, waiting for welcome message...
Response:   220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:   220-You are user number 1 of 10 allowed.
Response:   220-Local time is now 09:00. Server port: 21.
Response:   220-IPv6 connections are also welcome on this server.
Response:   220 You will be disconnected after 10 minutes of inactivity.
Command:   USER carthall
Response:   331 User carthall OK. Password required
Command:   PASS ********
Response:   230 OK. Current restricted directory is /
Command:   SYST
Response:   215 UNIX Type: L8
Command:   FEAT
Response:   211-Extensions supported:
Response:    EPRT
Response:    IDLE
Response:    MDTM
Response:    SIZE
Response:    REST STREAM
Response:    MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:    MLSD
Response:    ESTP
Response:    PASV
Response:    EPSV
Response:    SPSV
Response:    ESTA
Response:    AUTH TLS
Response:    PBSZ
Response:    PROT
Response:   211 End.
Status:   Server does not support non-ASCII characters.
Status:   Connected
Status:   Retrieving directory listing...
Command:   PWD
Response:   257 "/" is your current location
Command:   TYPE I
Response:   200 TYPE is now 8-bit binary
Command:   PASV
Response:   227 Entering Passive Mode (217,44,87,209,217,75)
Command:   MLSD
Error:   Connection timed out
Error:   Failed to retrieve directory listing

So the DDNS is correctly reporting the new IP address (217.42.87.134), but the DNS-320L FTP server is reporting the old IP address (217,44,87,209).  I get a similar error if I try to connect to FTP using Windows Explorer:



Any ideas?  The FTP server is useless if it doesn't report the correct external IP...

Thanks in advance,

Gareth
« Last Edit: April 27, 2014, 02:35:46 AM by garmcqui »
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: DNS-320l passive FTP problem
« Reply #1 on: April 27, 2014, 02:58:05 AM »

Hi,

I would suggest the following:

  • In "FTP Server" setting uncheck "Report external IP in PASV mode". Obviously you can't use this because the case where this address changes isn't covered.
  • I wouldn't use DDNS function within DNS-320L (although it seems to work) but let your router do the work instead

In your router you only have to do a portforwarding for port 21 to the internal address of your DNS-320L (as you already did), other port forwardings (55536-55663) aren't needed.

BUT: This only works if your router has implemented an FTP application level gateway (ALG) that is able to interpret FTP control messages and intiiate corresponding NAT operations (translate private PASV server address within FTP PASV control message into your public router address and allow incoming data connections to ports 55536-55663 via temporary and dynamically created NAT/firewall forwarding rules). Any good router should do so.

PT
Logged

garmcqui

  • Level 1 Member
  • *
  • Posts: 5
Re: DNS-320l passive FTP problem
« Reply #2 on: April 27, 2014, 04:26:25 AM »

Hi and thank you for your reply.

I was using my Router (BT HomeHub 4) to handle the DDNS, but I was getting the same problem, hence I tried using the DNS-320L. 

If I uncheck "Report external IP in PASV mode", it appears to report the internal IP of the NAS.   In Filezilla, it appears to work but only on the second attempt.  It ALWAYS fails on the 1st attempt, as shown:

1st Attempt:
Quote
Status: Resolving address of carthall.no-ip.biz
Status: Connecting to 217.42.87.134:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 10 allowed.
Response: 220-Local time is now 10:31. Server port: 21.
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 10 minutes of inactivity.
Command: USER carthall
Response: 331 User carthall OK. Password required
Command: PASS ********
Response: 230 OK. Current restricted directory is /
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Extensions supported:
Response: EPRT
Response: IDLE
Response: MDTM
Response: SIZE
Response: REST STREAM
Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response: MLSD
Response: ESTP
Response: PASV
Response: EPSV
Response: SPSV
Response: ESTA
Response: AUTH TLS
Response: PBSZ
Response: PROT
Response: 211 End.
Status: Server does not support non-ASCII characters.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Error: Connection timed out
Error: Failed to retrieve directory listing

2nd Attempt:
Quote
Status: Resolving address of carthall.no-ip.biz
Status: Connecting to 217.42.87.134:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 10 allowed.
Response: 220-Local time is now 10:33. Server port: 21.
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 10 minutes of inactivity.
Command: USER carthall
Response: 331 User carthall OK. Password required
Command: PASS ********
Response: 230 OK. Current restricted directory is /
Status: Server does not support non-ASCII characters.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (217,42,87,134,217,9).
Command: MLSD
Response: 150 Accepted data connection
Response: 226-Options: -a -l
Response: 226 3 matches total

Status: Directory listing successful

However I still can't connect in Windows Explorer:



Gareth

Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: DNS-320l passive FTP problem
« Reply #3 on: April 27, 2014, 05:36:01 AM »

Hi,

of course, as the Explorer Window shows, a passive FTP to a private address 192.168.1.112 can't work through the Internet and this seems to be the same problem as the first connection failure within Filezilla client. But your router seems to have FTP ALG functionality, because a second connection request is successful.

Where sits the client you used for testing? Inside your LAN or outside in some other location (hence it really has to cross the Internet?). If your client sits inside your LAN and you use the external address of your router (resolved via DDNS) to connect to your FTP server, results can be unexpected depending on the so called "hairpinning"-behaviour of your router.

So for testing purposes, use a client that really comes from the Internet. Clients sitting inside your LAN should use the private address of the FTP server to connect to it directly, this way bypassing the router.

PT
« Last Edit: April 27, 2014, 05:49:24 AM by PacketTracer »
Logged

garmcqui

  • Level 1 Member
  • *
  • Posts: 5
Re: DNS-320l passive FTP problem
« Reply #4 on: April 27, 2014, 05:56:33 AM »

I have used 2 clients for testing now, both outside the home LAN. 

Client 1 is a Window's 7 PC in another location behind another NAT router.  This always fails the first time on Filezilla and then works the second time.  However it will not work on Windows Explorer. 

Client 2 is a Windows 7 PC connected through a mobile broadband dongle.  This seems to work perfectly, both on Filezilla and in windows explorer in active mode (Passive mode won't work as the NAT is not reporting the external IP). 

So it must be something to do with the router that the first client is behind (this is also a BT Home Hub) that is preventing it from connecting properly?

Any idea what? I have tried connecting both in active and passive mode.

Thanks,

Gareth
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: DNS-320l passive FTP problem
« Reply #5 on: April 27, 2014, 06:34:24 AM »

Hi,

looks like BT home hub has a problem with FTP in any of the following situations:

  • FTP server using PASV mode behind the router (your DNS-320L)
  • FTP client using PORT mode (active FTP) behind the router (your Client 1 behind the other router)

These are the two cases where a FTP ALG built into the routers has something to do:

  • It has to replace private IP addresses (and ports) within FTP-PASV or FTP-PORT control messages with the public addresses (and ports) of the routers.
  • It has to dynamically set a port forwarding rule back in for the FTP data connection.

So if you use PASV mode the hard part has be done by the router at the server site.
And if you use PORT mode (active FTP) the hard part has be done by the router at the client site (Client 1).

This would explain why active FTP works fine with your Client 2, because there is no NAT router at this client's site (at least this is my interpretation of "dongle" - the client has a public IP address, right?), and the router at your server's site has no problem with active FTP because it has nothing to do with FTP ALG in this case.

PT

Logged

garmcqui

  • Level 1 Member
  • *
  • Posts: 5
Re: DNS-320l passive FTP problem
« Reply #6 on: April 27, 2014, 08:29:46 AM »

I've managed to get it working well, buy implementing encryption on the FPT server and then using FTPS (Explicit) to connect from Filezilla (obviously this means it won't work through windows explorer, but I can live with that). 

I'm using Goodsync to backup several computers outside the LAN, and it can backup to FTPS, so that's what I'll use.

Thanks for the help.  :)

Can't understand why FTPS would work when FTP doesn't. 

Strange, huh?

Gareth

Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: DNS-320l passive FTP problem
« Reply #7 on: April 27, 2014, 04:03:19 PM »

Yes, really strange! Maybe this works because CCC is used to allow involved NATs to read control connection in plain text and do needed modifications to make FTP(S) work over those NATs. But this is no explanation why FTPS works and FTP doesn't. By the way: Here you can find a good presentation of the things we have discussed in this thread.

PT
Logged