Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jorbit1]

Hi All,

I've been trying to work through some ftp problems I've been having with my nas (dlink 323). I'm able to use filezilla or any ftp program to connect to my nas via IP (local 192.168.x.x) from within my LAN no problem. I registered a domain entry with dlink dynamic dns and have it pointing at my wan ip (IP address giving to me by ISP 96.250.xxx.xxx). I then entered my ddns setting for the nas (tools-->ddns). On my router I've added a port forwarding rule which sends all requests on port 21 to my nas. Now from within my LAN I am unable to connect to my nas via any ftp program through the dlink dynamic dns entry (xxx.dlinkddns.com). Which I've read through the forums and they've mentioned some routers are not able to loopback, which is perfectly fine I really don't want ftp access from within my LAN via ddns entry, IP works great. Now I would like access from outside my network via ddns entry. Everytime I try to connect I get the following error message

Status: Resolving address of xxx.dlinkddns.com

Status: Connecting to 96.250.xxx.xxx:21...

Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".

Error: Could not connect to server

 

I've read through many threads trying to figure this one out and I'm completely stumped, any would be appreciated.

Thanks,
Jimmy

[fordem]

There are several possible causes for this problem and you need to check them all one by one.

First - have you tested from OUTSIDE your LAN - if not - then do that as the first step - do not proceed beyond this point unless you have tested from a remote location.
Second - is your ftp client configured for active or passive ftp?
Third - if your ftp client is using passive ftp - is your router configured to forward the selected passive ftp ports?
Fourth - if your ftp client is using passive ftp - is your ftp server configured to return a public ip address, and is that address correct?
Fifth - is your ftp server using a DHCP reservation or a static ip address?
Sixth - if your ftp server is using a static ip, has a default gateway setting been configured?
Seventh - if your ftp client is using active ftp - is it behind a NAT router - not all NAT routers will properly allow active ftp.
Eighth - does your ISP permit the hosting of servers - if not they may block port 21.

[jorbit1]

Hi Fordem,

I didn't realize I missed that many steps. I've completed the first step and that's when I got the error message. I'll work on 2-8 and reply again. Thank you for your thorough response.

Jimmy

[jorbit1]

Ok so here's what I've done.

2. FTP client is in passive mode.
3. I just added another rule to my router limiting the port usage to match that of the ftp server.
4. The ftp server is configured to use a public ip and I've confirmed that is correct.
5. The ftp server is currently using DHCP.
6. N/A
7. N/A
8. I did a quick google and got to many different answers, so I changed it to 1025 but still no luck (I also added 1025 to my port forwarding rules).

[fordem]

Did you also tell your ftp client to use 1025?

[jorbit1]

Yup, no luck...

Status:   Resolving address of xxx.dlinkddns.com
Status:   Connecting to 96.250.xxx.xxx:1025...
Status:   Connection attempt failed with "ECONNREFUSED - Connection refused by server".
Error:   Could not connect to server

I wish there was a way to bypass the router all together, this way I could remove that variable. I have this suspicion that its the culprit.

Verizon actiontec model MI424-WR

Thanks,
Jimmy

[fordem]

Have you ever used the Windows native ftp client?  It's very primitive, uses a CLI interface, and does not support passive ftp - BUT - it gives error messages that make sense, at least to me.  Try it, even if only for diagnostic purposes.

[jorbit1]

I just tried the native ftp client and from within my local LAN all is well. When I try to connect from my local LAN via WAN DNS entry (xxx.dlinkddns.com) I wasn't able to connect. Now I wasn't able to test outside my LAN because I left my pc at work, but tomorrow when I go in I'll try it and see.

Thanks again Fordem, I'll keep you posted with any results.
Jimmy

[irotjaf]

I think this page may help you to test the response on the port from internet:
http://www.canyouseeme.org/

You can see the effect immediately after any setting you change to the router.

My advise: disable all firewalls (router and your computer), put the NAS in dmz, wok like this until you get it working, otherwise these may create confounding factors.

P.s. Make sure the DNS points to your IP. Even better, don't use the hostname you registered in dlink, use directly your IP (coz it may change and the DDNS service is not updated).

P.p.s. The router may need a rule simply to accept connections on port 21. It is different from port forwarding, but may be necessary. In my modem/router is under Firewall -> Filter rules. There you can also restrict the IP's that access your ftp. This is a later thought though.

Good luck.

[jorbit1]

So I've just verified from work...still no luck. I tried by IP address as well just to be certain is wasn't the DNS.

ftp> open xxx.dlinkddns.com 1025
> ftp: connect :Unknown error number

This link is definitely helpful...thank you.

I think this page may help you to test the response on the port from internet:
http://www.canyouseeme.org/

I'm going to try this tonight and I'm now confident that I'll be able to eliminate/troubleshoot my router issues.

Jimmy

[HSishi]

Mh, I might be wrong, but there are some points which makes me "huh?"

You said you use DHCP for the LAN IP adress of the NAS. So chances are your NAS will get different IP adresses every time it connects to your router. Does your "Port Forwarding" rule know this and can handle it? If not, give your NAS a static IP adress, provide it with your router's LAN IP as "DNS server" & "Default Gateway" and check your Port Forwardings if they match the (new) IP adress of your NAS.

You try to connect to your FTP via ftp://yourddnsadress:1025. So your forwarding rule has to forward the incoming WAN port 1025 to the NAS port 21.

To be on the safe side, does your router also provide a FTP server? If yes, turn it off (temporary) so the router won't interfere.

And there's a mistype in the command line of the FTP client:
wrong: open xxx.dlinkddns.com 1025
correct: open xxx.dlinkddns.com:1025

I hope I could help a bit .

//HSishi

[jorbit1]

Hi HSishi

After I spent some time clicking around I went with your suggestion of setting a static IP, I think that's one step in the right direction for me, thank you.

As far as the ftp cmd line goes I'm using win 7 which doesn't use the ":". Its possible that older version of ftp can use it though.

I'm still on the hunt for a solution, I'm focusing on the router next. I'm updating the firmware as I type this, I'll keep everyone posted with my progress.

Jimmy

[HSishi]

I checked a similar port forwarding rule in my router (web port 1025 to NAS port 21) and it didn't work for me neither. So I tried something and got a result:

You have to forward TWO ports: The FTP server doesn't respond on port 21, it uses port 22 for the reply.

So your port forwarding rule must be like this:

-WAN Ports- 1025-1026 -to- your NAS IP or device -ports- 21-22 .

So your FTP client calls at port 1025 (waiting for a reply on port 1026) -> your router converts to port 21 -> your ftp server replies on port 22 -> your router converts to port 1026 -> your ftp client gets his response.

A check with http://www.canyouseeme.org/ successed.

//HSishi

[fordem]

I checked a similar port forwarding rule in my router (web port 1025 to NAS port 21) and it didn't work for me neither. So I tried something and got a result:

You have to forward TWO ports: The FTP server doesn't respond on port 21, it uses port 22 for the reply.

So your port forwarding rule must be like this:

-WAN Ports- 1025-1026 -to- your NAS IP or device -ports- 21-22 .

So your FTP client calls at port 1025 (waiting for a reply on port 1026) -> your router converts to port 21 -> your ftp server replies on port 22 -> your router converts to port 1026 -> your ftp client gets his response.

A check with http://www.canyouseeme.org/ successed.

//HSishi

You have an incorrect understanding of both how ftp works, and why port forwarding is required - I have been running ftp servers for the past decade with just port 21 forwarded - port forwarding of port 22 is NOT required under any circumstances, and I have run the DNS-323's ftp server with just port 21 forwarded.

Port forwarding first - when a single public IP address is shared using a NAT router, the norm is to allow all outgoing connections, and block all incoming connections, unless these connections correspond to a previous outgoing connection in which case the NAT router will forward the traffic to the host from which the request originated.  Any incoming connection without a corresponding outgoing connection is discarded because the router does not what to do with it.  Unsolicited incoming connections can be allowed through, provided the router is told where to send it - for a connection on port a, forward the request to ip address 1.2.3.4 - a process commonly known as port forwarding.

Port forwarding is ONLY required for incoming connections - NEVER for outgoing ones.

With an ftp server running traditional or active ftp on the default port 21, the incoming connection to the server is made on port 21, and if the ftp server is behind a NAT router, the router MUST be told which host the connection is to be forwarded, otherwise it will be discarded - the ftp server then establishes an outgoing data connection - since this connection is outgoing, no port forwarding is required.

In this specific case - where passive ftp has been configured - port 22 would not be used, if he were using the default port 21, and port 1026 will not be used when he uses the non standard port 1025 - when passive ftp is used, the user configures the ports on which the data connection will be made, and those port are required to be forwarded.

For what it's worth - I have also - for the purpose of particular exercise - configured and successfully accessed the ftp server on my DNS-323 on port 1025, without forwarding 1026.

[HSishi]

Well, the behaviour jorbit11 and I experienced is, simply forwarding incoming port 1025 to NAS port 21 just didn't work.
My router has a port forwarding with incoming :21 to NAS :21, and this works. So with STANDARD ports my router and NAS are fine.

The problem with timeout occured when trying NON-STANDARD ports. Just forwarding :1025 to :21 and a connection try using ddns_adress:1025 resulted in timeouts.
After I extended the forward rule (1025+1026 to 21+22) I got instantly a connection when trying ddns_adress:1025.

I had the same results with the tests with the "canyouseeme" tool: just forwarding :1025 to :21 ended in timeouts, adding :1026 to :22 does the trick.

It might not be the correct technical description why it works ... and normally it should work without the second port. Call it a "workaround" wich does the trick 

//HSishi