Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Sumdumphuc]

I have 2 DNS-323's and I would like to use ftp to both of them. I have no idea how to do it, this is one idea I had is this correct? anyone done this before?


                      Internet
                          |
            __________________
           |          Router         |
           
             /                        \
           /                            \
 ___________                      ___________
|DNS-323  1 | <- 1xDDNS     |DNS-323  2 |<-1x different DDNS
     Port 21                               Port ?

1. Do I need to make 2 DDNS accounts and set up in each DNS-323
2. Do I need to use a different port for one of the DNS-323? If so what port is suggested?

Is this the right direction to do this?

[k3rnelpanic]

You can do this with one DDNS account. You'll have to use two external ports though. You'll have to port forward them on your router.

ex. have port 21 map to port 21 for the ip of DNS-323 #1 and have port 25 map to port 21 for the ip of DNS-323 #2. You don't have to have them running different ports internally as they are on different IP addresses. This keeps all your administration changes on the router rather than have two different ports setup on the NAS boxes.

[fordem]

It actually depends on how you want to do it and on what your ISP will allow you to do.

The method outlined above by k3rnelpanic is probably the easiest - and the only way if your ISP restricts you to a single public ip address - as he describes it, you will require a router that allows you to foward an external port (25) to a different internal port (21), and not all routers permit this.  Not using the standard port may also give problems if you do not hack the DNS-323 so that you can use passive ftp.

A second method - if your ISP allows it, and if your router allows it - is to use two public ip addresses and to forward port 21 on each of the address to one DNS-323 - if you go this route, two DynDNS URL's will be required, I am not certain if this requires separate accounts - I believe you can have upto five URLs on one account.

[Sumdumphuc]

The method outlined above by k3rnelpanic is probably the easiest - and the only way if your ISP restricts you to a single public ip address - as he describes it, you will require a router that allows you to foward an external port (25) to a different internal port (21), and not all routers permit this.  Not using the standard port may also give problems if you do not hack the DNS-323 so that you can use passive ftp.

I have set this up so far, still can not access it....
Should my FTP client (fire ftp) be searching on port 25?
If internal port is 21 shouldn't I leave the DNS-323 FTP server on 21?
How would I hack the DNS-323 to be able to use passive mode?

Would this be all easier if I learnt how to use fun_plug?

EDIT: I'm still using FW 1.05 cause Allway sync does not support SSL/TLS until next release.

[fordem]

www.portforward.com

IF you have forwarded port 25 to port 21 - then ...

Yes, your ftp client will need to be specifically told to use port 25
Yes, your DNS-323 should be on port 21
Any hacking of your DNS-323 will not be done on instructions from me - I, myself, would need instructions.
Yes, knowing how to use fun_plug  would probably be an asset.

[Sumdumphuc]

Then I do not understand why I can not access the second DNS. I have checked all settings more times than I can count and everything looks correct.

DNS-323 status


Linksys Wrt Router


Fireftp port settings


any suggestions? I really would like this able to work.

[fordem]

Is the client you're testing from behind a NAT firewall?

If it is, try either putting it in the DMZ of the firewall or connecting it directly to the internet, bypassing the firewall entirely

One of the problems that can occur when non standard ftp ports are used is that a client side NAT firewall may drop the incoming data connection request.  The firewall may see the outgoing request on port 21 and allow & forward the incoming connection request from that ip address, but when a non standard port is used, the incoming request is not recognized as a part of the ftp transfer (because of the non standard port)

[ECF]

I would recommend changing the FTP port to 25 on the DNS-323 itself and forward port 25 to port 25. The initial connection may be made on 25 and forward to 21 but the outgoing transfer may still be on port 21 so your FTP client will not be looking at 21 for receiving data. Port forwarding will only work on the incoming port and forward to 21 it does not affect the outgoing traffic.

[Sumdumphuc]

I would recommend changing the FTP port to 25 on the DNS-323 itself and forward port 25 to port 25. The initial connection may be made on 25 and forward to 21 but the outgoing transfer may still be on port 21 so your FTP client will not be looking at 21 for receiving data. Port forwarding will only work on the incoming port and forward to 21 it does not affect the outgoing traffic.

I have tried this and still no go, I do know that my outgoing mail.server setting is set to port 25, should I therefore try a different port for the DNS? Say port 26 (or do you have another port number to try?).

The first DNS has/does not have any problem at all connecting, but the second one is yet to connect. This is very annoying. I'm going away in a few months and need this working for this trip. fordem I don't believe it is, though I will double check tonight, if it is I will do as you have suggested.

[ECF]

Actually try something more like port 1025 on the DNS-323 as well as your client and port forward 1025 to 1025.

[Sumdumphuc]

Getting closer, I can now see the DNS-323 but still can not get inside.


Here is the log from the first DNS-323 (the one that can be accessed)

Code: [Select]

220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 1 of 6 allowed.
220-Local time is now 14:47. Server port: 21.
220 You will be disconnected after 2 minutes of inactivity.
       USER XXX
331 User XXX OK. Password required
       PASS (password not shown)
230 OK. Current restricted directory is /
       FEAT
211-Extensions supported:
EPRT
IDLE
MDTM
SIZE
REST STREAM
MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
MLSD
ESTP
PASV
EPSV
SPSV
ESTA
AUTH TLS
PBSZ
PROT
211 End.
       PWD
257 "/" is your current location
       TYPE A
200 TYPE is now ASCII
       PASV
227 Entering Passive Mode (EXTERNAL,IP,150,249)
       MLSD
150 Accepted data connection
226-Options: -l
226 1 matches total
and here is the log from the second DNS-323 (the one I'm having problems with)

Code: [Select]

220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 1 of 2 allowed.
220-Local time is now 13:43. Server port: 1025.
220 You will be disconnected after 2 minutes of inactivity.
       USER XXX
331 User XXX OK. Password required
       PASS (password not shown)
230 OK. Current restricted directory is /
       FEAT
211-Extensions supported:
EPRT
IDLE
MDTM
SIZE
REST STREAM
MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
MLSD
ESTP
PASV
EPSV
SPSV
ESTA
AUTH TLS
PBSZ
PROT
211 End.
       PWD
257 "/" is your current location
       TYPE A
200 TYPE is now ASCII
       PASV
227 Entering Passive Mode (LOCAL,IP,238,56)
       MLSD
I have changed the IP numbers in both logs, In the working log it has the external IP in the non working one it has the Local IP. Stumped to understand why this is.

As you can see the second DNS-323 does not get as far as

Code: [Select]

150 Accepted data connection
226-Options: -l
226 1 matches total
Thanks for the help so far, hope I can get this sorted.

[Sumdumphuc]

anyone have any ideas?

[fordem]

200 TYPE is now ASCII
       PASV
227 Entering Passive Mode (LOCAL,IP,238,56)
       MLSD

The passive ftp implemetation is broken in that it does not allow you to specify the range of ports that you have forwarded at the NAT router - it should work with active ftp, provided the client side is setup correctly.

Try using active ftp with the ftp client connected directly to the internet - or if you like PM me with the public ip address and the ports of both ftp servers and we'll see if I can connect from here.