Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jim2664258]

I have recently upgraded to the 1.31NA firmware version and am having problems getting passive FTP connections rejected when they don't originate from my local LAN.  I am not 100% sure this firmware upgrade has anything to do with it, as I rarely run an FTP server on my machine.  This is the first time I tried it with the new firmware however, and I know it was working the last time I tried it (with older firmware).

My setup:
- I listen for FTP connections on port 3021.  I find that considerably cuts down on random attempts to connect to my machine from Asia Pacific locales 
- The range of ports I use for the passive connection is 3100-3200
- I have tried using the FireFTP client in Firefox, and also FileZilla with the same results
- On my main machine I am running the Cerberus FTP server
- To get to my machine from the Internet, I use a hostname from dnsalias.com.  I have verified the hostname points to the correct IP address.
- When I upgraded to firmware 1.31NA, I imported my saved config and everything works fine (except perhaps this?)
- I do have uPNP enabled.  I tried disabling it, rebooting router, re-enabling it, rebooting.  Did not help.

Keep in mind that connections originating from a machine on the local lan work just fine, but connections from the Internet do not.  For my ftp clients, I have created two different connection profiles that are identical except the IP address they use to connect - local lan profile uses 192.168.0.2 and the Internet profile uses a hostname from dnsalias.com (and yes, the hostname is valid when I try this).

If I run the FireFTP Firefox addon and configure the client to connect to the host machine on the local LAN (192.168.0.x) it connects fine and gets a directory listing.  If I run the same client from a different location (or even if I use an 'Internet' profile connection while attached on the lan locally) I can connect but I cannot get a directory listing once I am logged in.

Looking in the DLink logs, I see one or two entries like this each time I attempt:


I know enough about networking to be dangerous, but why is the incoming requesting being routed to port 80?  I do not have a rule set up for port 80 - I know that is usually used for a web service.

In port forwarding I have this set up:


I have not tried anything like 30-30-30 resets or manually restoring config entries, although I can do that because I have screen shots of all my config.  Figured I would ask here first for potential config setup issues.  I am particularly curious why the incoming passive ftp request on port 3581 (example above) is routed to my machine on port 80 (and hence denied).  I actually did try routing port 80 to my machine and I got a different error in the log, most likely because I have nothing listening on port 80.

Any suggestions?  Thanks.

[lizzi555]

At first forward the port 3021 as virtual server.

Second goto Firewall section and set Endpoint Filtering UDP to endpoint independent and TCP to address restricted.

If this still does not help try disabling SPI firewall.

Use a client that logs your connections. Sometimes the server reports back his internal IP (192.168.0.2), even to an external connection.
This can be set in most ftp servers . If you enter your dnsalias name as server address in the software, this will help.

I'm running two ftp servers behind the DIR-655, it works.

[jim2664258]

I tried your suggestions besides turning off SPI and it did not help.  There is one other thing that may have been upgraded in this picture, and that is my FTP server software.  I am going to spend some time taking a look to see if there is a conflict there.

I don't think I should have to change any router config from what I have now since this has always worked before - but I do appreciate the suggestion, didn't hurt to try.

[jim2664258]

Yep.  I had installed a beta version of Cerberus FTP server and I can't say for sure if it worked with the old router firmware or not with Internet connections.  My guess is that beta version did not, and I never tried it with Internet connections.

I rolled back the FTP server to the last stable version and it is working fine now.