Menu
What's new
By:
Filters Better Search

vsftpd.conf & port woes

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

CraigFoote

CraigFoote

Occasional Visitor
TL;DR What does '227 Entering Passive Mode (192,168,2,1,224,194).' mean?

I have a new Bell HH4000 (Giga Hub) that I've connected to my Asus RT-AC3100 which is in mesh with another one. I have two USB drives plugged into the AC3100 which I want to serve up via the AC3100's FTP server. I had this working with Rogers so I think the setup is sound. I can connect using the internal IP but I'm not able to connect using my external IP address.

I have these ports open at the HH4000:

Code: 
external        internal        device
20              2020            ac3100
21              2021            ac3100
115             20115           ac3100
990             20990           ac3100
57530:57560     57530:57560     ac3100


And these ports open at the AC3100:

external        internal        device
2020            20              127.0.0.1
2021            21              127.0.0.1
20115           115             127.0.0.1
20990           990             127.0.0.1
57530:57560     <blank>         127.0.0.1

So requests are passed through the HH4000 to the AC3100 which handles them, or it tried. The Filezilla log from accessing the server using external IP showed:

'Server sent passive reply with unroutable address. Using server address instead.'

It appears the request was routed through the HH4000 to the AC3100 but the FTP server is misconfigured for external access.

After some reading it appeared I needed to add vsftpd.conf entries so I installed merlin 386.12_2 on the AC3100 and enabled 'JFFS custom scripts and configs'. I also selected 'Format JFFS partition at next boot' and rebooted. I turned on SSH access for the LAN and logged into the HH4000. To override the default file, I copied the vsftpd.conf from /etc/ to /jffs/configs/vsftpd.conf. I then customized my copy producing the following and restarted the HH4000.

Code: 
anonymous_enable=NO
nopriv_user=root
write_enable=YES
local_enable=YES
chroot_local_user=YES
local_umask=000
dirmessage_enable=NO
xferlog_enable=NO
syslog_enable=NO
connect_from_port_20=YES
use_localtime=YES
listen=YES
pasv_enable=YES
pasv_addr_resolve=YES                         #added
pasv_address=footeware.ca                     #added
pasv_min_port=57530
pasv_max_port=57560
tcp_wrappers=NO
max_clients=5
ftp_username=anonymous
ftpd_banner=Welcome to Footeware FTP.         #modified
ssl_enable=YES
ssl_ciphers=HIGH
rsa_cert_file=/etc/cert.pem
rsa_private_key_file=/etc/key.pem

That got rid of the "unroutable address" error but I still cannot get a listing of the contents. I got the correct welcome message so I know my .conf file is being used.

The filezilla log:

Code: 
18:38:18    Command:    PASV
18:38:18    Trace:    CFtpControlSocket::OnReceive()
18:38:18    Response:    227 Entering Passive Mode (70,31,148,145,224,196).                                 #suspicious
18:38:18    Trace:    CFtpRawTransferOpData::ParseResponse() in state 2
18:38:18    Trace:    CControlSocket::SendNextCommand()
18:38:18    Trace:    CFtpRawTransferOpData::Send() in state 4
18:38:18    Trace:    Binding data connection source IP to control connection source IP 192.168.2.242        #my local internal computer
18:38:18    Trace:    tls_layer_impl::client_handshake()
18:38:18    Trace:    Trying to resume existing TLS session.
18:38:18    Command:    LIST
18:39:18    Trace:    CFtpControlSocket::OnReceive()
18:39:18    Response:    425 Failed to establish connection.

As I understand it the initial connection is done on one port then switched to another random port for transfers. Adding the 'pasv_min_port' and 'pasv_max_port' options in the vsftpd.conf should confine such secondary connections to this range. This range is 57530-57560 but the suspicious line above:

227 Entering Passive Mode (70,31,148,145,224,196)

...indicates the ports are on IP 70.31.148.145 (my external IP) as 224 & 196. These ports differ with each FTP connection request and so can't be opened.

And that's as far as I've gotten. A successful login but unsuccessful file listing. I can add more vsftpd.conf entries but I don't know of any more.

Sorry for the long post and please, please post any ideas.
 
Code: 
And these ports open at the AC3100:

external        internal        device
2020            20              127.0.0.1
2021            21              127.0.0.1
20115           115             127.0.0.1
20990           990             127.0.0.1
57530:57560     <blank>         127.0.0.1
What do you mean by this? 127.0.0.1 is an unrouteable address. You shouldn't be forwarding any ports to that address.

CraigFoote said:
TL;DR What does '227 Entering Passive Mode (192,168,2,1,224,194).' mean?
Click to expand...

"224,194" is the passive port information. (224 x 256) + 194 = 57,538

You must test this from the internet. It will not work properly if you try connecting to your public IP address from inside your LAN.
 
Last edited:
Thanks for the fast reply!

re: 127.0.0.1. I tried 192.168.2.1, the IP assigned to the AC3100, same response. I don't know how or why, but it seems to be working. The ftp server is responding, The intent was to port forward the external request thru the HH4000 to the AC3100 hosting the FTP server. Is there a better way?

re: passive port info. Thanks for clarifying that. So it seems the port 57538 is within the range I have open so that's not a problem.

I feel like I'm close but I have no idea what to try next :(
 
CraigFoote said:
re: 127.0.0.1. I tried 192.168.2.1, the IP assigned to the AC3100, same response. I don't know how or why, but it seems to be working. The ftp server is responding, The intent was to port forward the external request thru the HH4000 to the AC3100 hosting the FTP server. Is there a better way?
Click to expand...
You shouldn't be forwarding any FTP ports on the AC3100 for it's own FTP server. It's completely pointless if you have enabled "WAN access" in the FTP server settings.
 
I removed them and rebooted the AC3100. Now I get no response:

Code: 
22:05:25    Trace:    CControlSocket::SendNextCommand()
22:05:25    Trace:    CFtpLogonOpData::Send() in state 0
22:05:25    Status:    Resolving address of Footeware.ca
22:05:25    Status:    Connecting to 70.31.148.145:21...
22:07:25    Error:    Connection timed out after 120 seconds of inactivity
22:07:25    Trace:    CFtpControlSocket::ResetOperation(2114)
22:07:25    Trace:    CControlSocket::ResetOperation(2114)
22:07:25    Trace:    CFtpLogonOpData::Reset(2114) in state 1
22:07:25    Error:    Could not connect to server
 
Are you testing this from the internet like I said?

Your HH4000 port forwarding rule is wrong. The FTP server is listening on port 21 so you shouldn't be translating it to port 2021.
 
Added back the port forwardings on the AC3100, this time to 192.168.2.1 rather than 127.0.0.1, rebooted and tried filezilla. Back to previous state, connection over TLS but no listing.

Code: 
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpLogonOpData::Send() in state 0
22:23:01    Status:    Resolving address of Footeware.ca
22:23:01    Status:    Connecting to 70.31.148.145:21...
22:23:01    Status:    Connection established, waiting for welcome message...
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    220 Welcome to Footeware FTP.
22:23:01    Trace:    CFtpLogonOpData::ParseResponse() in state 1
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpLogonOpData::Send() in state 2
22:23:01    Command:    AUTH TLS
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    234 Proceed with negotiation.
22:23:01    Trace:    CFtpLogonOpData::ParseResponse() in state 2
22:23:01    Status:    Initializing TLS...
22:23:01    Trace:    tls_layer_impl::client_handshake()
22:23:01    Trace:    tls_layer_impl::continue_handshake()
22:23:01    Trace:    tls_layer_impl::continue_handshake()
22:23:01    Trace:    tls_layer_impl::continue_handshake()
22:23:01    Trace:    tls_layer_impl::continue_handshake()
22:23:01    Trace:    tls_layer_impl::continue_handshake()
22:23:01    Trace:    TLS Handshake successful
22:23:01    Trace:    Protocol: TLS1.3, Key exchange: ECDHE-SECP256R1-RSA-PSS-RSAE-SHA384, Cipher: AES-256-GCM, MAC: AEAD, ALPN: ftp
22:23:01    Trace:    tls_layer_impl::verify_certificate()
22:23:01    Trace:    System trust store decision: false
22:23:01    Trace:    Hostname does not match certificate SANs
22:23:01    Trace:    Sending certificate_verification_event
22:23:01    Trace:    CFtpControlSocket::SetAsyncRequestReply
22:23:01    Trace:    set_verification_result(true)
22:23:01    Status:    TLS connection established.
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpLogonOpData::Send() in state 6
22:23:01    Command:    USER craig
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Trace:    gnutls_record_recv returned spurious EAGAIN
22:23:01    Trace:    gnutls_record_recv returned spurious EAGAIN
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    331 Please specify the password.
22:23:01    Trace:    CFtpLogonOpData::ParseResponse() in state 6
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpLogonOpData::Send() in state 6
22:23:01    Command:    PASS **********
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    230 Login successful.
22:23:01    Trace:    CFtpLogonOpData::ParseResponse() in state 6
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpLogonOpData::Send() in state 7
22:23:01    Command:    SYST
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    215 UNIX Type: L8
22:23:01    Trace:    CFtpLogonOpData::ParseResponse() in state 7
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpLogonOpData::Send() in state 8
22:23:01    Command:    FEAT
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    211-Features:
22:23:01    Response:     EPRT
22:23:01    Response:     EPSV
22:23:01    Response:     MDTM
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:     PASV
22:23:01    Response:     ICNV
22:23:01    Response:     PBSZ
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:     PROT
22:23:01    Response:     REST STREAM
22:23:01    Response:     SIZE
22:23:01    Response:     TVFS
22:23:01    Response:     UTF8
22:23:01    Response:    211 End
22:23:01    Trace:    CFtpLogonOpData::ParseResponse() in state 8
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpLogonOpData::Send() in state 10
22:23:01    Command:    OPTS UTF8 ON
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    200 Always in UTF8 mode.
22:23:01    Trace:    CFtpLogonOpData::ParseResponse() in state 10
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpLogonOpData::Send() in state 11
22:23:01    Command:    PBSZ 0
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    200 PBSZ set to 0.
22:23:01    Trace:    CFtpLogonOpData::ParseResponse() in state 11
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpLogonOpData::Send() in state 12
22:23:01    Command:    PROT P
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    200 PROT now Private.
22:23:01    Trace:    CFtpLogonOpData::ParseResponse() in state 12
22:23:01    Status:    Logged in
22:23:01    Trace:    Measured latency of 4 ms
22:23:01    Trace:    CFtpControlSocket::ResetOperation(0)
22:23:01    Trace:    CControlSocket::ResetOperation(0)
22:23:01    Trace:    CFtpLogonOpData::Reset(0) in state 15
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpListOpData::Send() in state 0
22:23:01    Status:    Retrieving directory listing...
22:23:01    Trace:    CFtpChangeDirOpData::Send() in state 0
22:23:01    Trace:    CFtpChangeDirOpData::Send() in state 1
22:23:01    Command:    PWD
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    257 "/" is the current directory
22:23:01    Trace:    CFtpChangeDirOpData::ParseResponse() in state 1
22:23:01    Trace:    CFtpControlSocket::ResetOperation(0)
22:23:01    Trace:    CControlSocket::ResetOperation(0)
22:23:01    Trace:    CFtpChangeDirOpData::Reset(0) in state 1
22:23:01    Trace:    CFtpListOpData::SubcommandResult(0) in state 1
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpListOpData::Send() in state 2
22:23:01    Trace:    CFtpRawTransferOpData::Send() in state 0
22:23:01    Trace:    CFtpRawTransferOpData::Send() in state 1
22:23:01    Command:    TYPE I
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    200 Switching to Binary mode.
22:23:01    Trace:    CFtpRawTransferOpData::ParseResponse() in state 1
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpRawTransferOpData::Send() in state 2
22:23:01    Command:    PASV
22:23:01    Trace:    CFtpControlSocket::OnReceive()
22:23:01    Response:    227 Entering Passive Mode (70,31,148,145,224,189).
22:23:01    Trace:    CFtpRawTransferOpData::ParseResponse() in state 2
22:23:01    Trace:    CControlSocket::SendNextCommand()
22:23:01    Trace:    CFtpRawTransferOpData::Send() in state 4
22:23:01    Trace:    Binding data connection source IP to control connection source IP 192.168.2.242
22:23:01    Trace:    tls_layer_impl::client_handshake()
22:23:01    Trace:    Trying to resume existing TLS session.
22:23:01    Command:    LIST
22:24:01    Trace:    CFtpControlSocket::OnReceive()
22:24:01    Response:    425 Failed to establish connection.
22:24:01    Trace:    CFtpRawTransferOpData::ParseResponse() in state 4
22:24:01    Trace:    CFtpControlSocket::ResetOperation(2)
22:24:01    Trace:    CControlSocket::ResetOperation(2)
22:24:01    Trace:    CFtpRawTransferOpData::Reset(2) in state 4
22:24:01    Trace:    CFtpListOpData::SubcommandResult(2) in state 3
22:24:01    Trace:    CFtpControlSocket::ResetOperation(2)
22:24:01    Trace:    CControlSocket::ResetOperation(2)
22:24:01    Trace:    CFtpListOpData::Reset(2) in state 3
22:24:01    Error:    Failed to retrieve directory listing
 
Sorry, just saw your post Colin. I initially had the HH4000 just forward 21 external to 21 on the AC3100. I had no wonky 127.0.0.1 mappings then but I couldn't connect. So I put in a mapping from 21 external to 21 internal at 192.168.2.1 (localhost) but got an error in the web gui stating something about a port conflict between ~usb ftp server and wan ftp server. Sorry I don't remember the details. At that point I introduced the translation: HH4000 listens on 21 and forwards to AC3100 on 2021. AC3100 listens on 2021 and forwards to localhost on 21. No conflict. As you can tell, I'm flying by the seat of my pants here now. I've read the internet by now and am grasping at straws. This all just worked on Rogers... but it seems so close.
 
Sorry, thought I was. Checking now... Got my phone hooked up to the laptop over usb. Oops, had wifi left on. Got wifi turned off on both phone and laptop now. "Internet" widget shows me connected to Koodo. Laptop shows me connected as "wired", ifconfig reports my IP as 192.168.19.11. That's an internal IP though but different subnet, "19", so I'm not 100% sure now. Anyway, I tried connecting again through filezilla. This time I got the root folder listing! And drilling down works too!

Ok, switched back away from tethering, connected to internal wfi again. And I cannot access the ftp server internally.

Code: 
09:58:10    Trace:    CControlSocket::SendNextCommand()
09:58:10    Trace:    CFtpLogonOpData::Send() in state 0
09:58:10    Status:    Connecting to 192.168.2.1:21...
09:58:10    Status:    Connection established, waiting for welcome message...
09:58:10    Trace:    CFtpControlSocket::OnReceive()
09:58:10    Response:    220 Welcome to Footeware FTP.
09:58:10    Trace:    CFtpLogonOpData::ParseResponse() in state 1
09:58:10    Trace:    CControlSocket::SendNextCommand()
09:58:10    Trace:    CFtpLogonOpData::Send() in state 2
09:58:10    Command:    AUTH TLS
09:58:10    Trace:    CFtpControlSocket::OnReceive()
09:58:10    Response:    234 Proceed with negotiation.
09:58:10    Trace:    CFtpLogonOpData::ParseResponse() in state 2
09:58:10    Status:    Initializing TLS...
09:58:10    Trace:    tls_layer_impl::client_handshake()
09:58:10    Trace:    tls_layer_impl::continue_handshake()
09:58:10    Trace:    tls_layer_impl::continue_handshake()
09:58:10    Trace:    tls_layer_impl::continue_handshake()
09:58:10    Trace:    tls_layer_impl::continue_handshake()
09:58:10    Trace:    tls_layer_impl::continue_handshake()
09:58:10    Trace:    TLS Handshake successful
09:58:10    Trace:    Protocol: TLS1.3, Key exchange: ECDHE-SECP256R1-RSA-PSS-RSAE-SHA384, Cipher: AES-256-GCM, MAC: AEAD, ALPN: ftp
09:58:10    Trace:    tls_layer_impl::verify_certificate()
09:58:10    Trace:    Sending certificate_verification_event
09:58:10    Trace:    CFtpControlSocket::SetAsyncRequestReply
09:58:10    Trace:    set_verification_result(true)
09:58:10    Status:    TLS connection established.
09:58:10    Trace:    CControlSocket::SendNextCommand()
09:58:10    Trace:    CFtpLogonOpData::Send() in state 6
09:58:10    Command:    USER craig
09:58:10    Trace:    CFtpControlSocket::OnReceive()
09:58:10    Trace:    CFtpControlSocket::OnReceive()
09:58:10    Trace:    gnutls_record_recv returned spurious EAGAIN
09:58:10    Trace:    gnutls_record_recv returned spurious EAGAIN
09:58:10    Trace:    CFtpControlSocket::OnReceive()
09:58:10    Response:    331 Please specify the password.
09:58:10    Trace:    CFtpLogonOpData::ParseResponse() in state 6
09:58:10    Trace:    CControlSocket::SendNextCommand()
09:58:10    Trace:    CFtpLogonOpData::Send() in state 6
09:58:10    Command:    PASS **********
09:58:10    Trace:    CFtpControlSocket::OnReceive()
09:58:10    Response:    230 Login successful.
09:58:10    Trace:    CFtpLogonOpData::ParseResponse() in state 6
09:58:10    Trace:    CControlSocket::SendNextCommand()
09:58:10    Trace:    CFtpLogonOpData::Send() in state 10
09:58:10    Command:    OPTS UTF8 ON
09:58:11    Trace:    CFtpControlSocket::OnReceive()
09:58:11    Response:    200 Always in UTF8 mode.
09:58:11    Trace:    CFtpLogonOpData::ParseResponse() in state 10
09:58:11    Trace:    CControlSocket::SendNextCommand()
09:58:11    Trace:    CFtpLogonOpData::Send() in state 11
09:58:11    Command:    PBSZ 0
09:58:11    Trace:    CFtpControlSocket::OnReceive()
09:58:11    Response:    200 PBSZ set to 0.
09:58:11    Trace:    CFtpLogonOpData::ParseResponse() in state 11
09:58:11    Trace:    CControlSocket::SendNextCommand()
09:58:11    Trace:    CFtpLogonOpData::Send() in state 12
09:58:11    Command:    PROT P
09:58:11    Trace:    CFtpControlSocket::OnReceive()
09:58:11    Response:    200 PROT now Private.
09:58:11    Trace:    CFtpLogonOpData::ParseResponse() in state 12
09:58:11    Status:    Logged in
09:58:11    Trace:    Measured latency of 21 ms
09:58:11    Trace:    CFtpControlSocket::ResetOperation(0)
09:58:11    Trace:    CControlSocket::ResetOperation(0)
09:58:11    Trace:    CFtpLogonOpData::Reset(0) in state 15
09:58:11    Trace:    CControlSocket::SendNextCommand()
09:58:11    Trace:    CFtpListOpData::Send() in state 0
09:58:11    Status:    Retrieving directory listing...
09:58:11    Trace:    CFtpChangeDirOpData::Send() in state 0
09:58:11    Trace:    CFtpChangeDirOpData::Send() in state 1
09:58:11    Command:    PWD
09:58:11    Trace:    CFtpControlSocket::OnReceive()
09:58:11    Response:    257 "/" is the current directory
09:58:11    Trace:    CFtpChangeDirOpData::ParseResponse() in state 1
09:58:11    Trace:    CFtpControlSocket::ResetOperation(0)
09:58:11    Trace:    CControlSocket::ResetOperation(0)
09:58:11    Trace:    CFtpChangeDirOpData::Reset(0) in state 1
09:58:11    Trace:    CFtpListOpData::SubcommandResult(0) in state 1
09:58:11    Trace:    CControlSocket::SendNextCommand()
09:58:11    Trace:    CFtpListOpData::Send() in state 2
09:58:11    Trace:    CFtpRawTransferOpData::Send() in state 0
09:58:11    Trace:    CFtpRawTransferOpData::Send() in state 1
09:58:11    Command:    TYPE I
09:58:11    Trace:    CFtpControlSocket::OnReceive()
09:58:11    Response:    200 Switching to Binary mode.
09:58:11    Trace:    CFtpRawTransferOpData::ParseResponse() in state 1
09:58:11    Trace:    CControlSocket::SendNextCommand()
09:58:11    Trace:    CFtpRawTransferOpData::Send() in state 2
09:58:11    Command:    PASV
09:58:11    Trace:    CFtpControlSocket::OnReceive()
09:58:11    Response:    227 Entering Passive Mode (70,31,148,145,224,195).
09:58:11    Trace:    CFtpRawTransferOpData::ParseResponse() in state 2
09:58:11    Trace:    CControlSocket::SendNextCommand()
09:58:11    Trace:    CFtpRawTransferOpData::Send() in state 4
09:58:11    Trace:    Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.
09:58:11    Trace:    tls_layer_impl::client_handshake()
09:58:11    Trace:    Trying to resume existing TLS session.
09:58:11    Command:    LIST
09:59:11    Trace:    CFtpControlSocket::OnReceive()
09:59:11    Response:    425 Failed to establish connection.
09:59:11    Trace:    CFtpRawTransferOpData::ParseResponse() in state 4
09:59:11    Trace:    CFtpControlSocket::ResetOperation(2)
09:59:11    Trace:    CControlSocket::ResetOperation(2)
09:59:11    Trace:    CFtpRawTransferOpData::Reset(2) in state 4
09:59:11    Trace:    CFtpListOpData::SubcommandResult(2) in state 3
09:59:11    Trace:    CFtpControlSocket::ResetOperation(2)
09:59:11    Trace:    CControlSocket::ResetOperation(2)
09:59:11    Trace:    CFtpListOpData::Reset(2) in state 3
09:59:11    Error:    Failed to retrieve directory listing
 
Your connections are failing because of the changes you have made to the Asus router's default setup. I've recreated your two router setup and it works with the out-of-the-box FTP settings with WAN access enabled.

Remove your vsftpd.conf file and remove all port forwarding rules on the Asus. Then reboot the router. The only port forwarding rules you need on the HH4000 are port 21 and ports 57530:57560. Do not alter the destination port numbers.

That's it. Nothing else it required.
 
I believe I've done like you said: I've removed all port forwardings on the AC3100, have only 21 and 57530-57560 forwarded on the HH4000 to the AC3100. I can now connect internally from my network. With proper tethering, I can now access ftp from outside my network. Not that I doubted you but I was getting some wonky results with this as my initial setup. I think, as you stated, that I was not tethered correctly and was trying to access ftp with an external IP from inside the network, which as you stated doesn't work. Noob mistake. That's three days I could've used better. Thanks for you patience and insights Colin.
 
If you don't need FTP directly on the client side, consider SFTP, with openssh-sftp-server...

WinSCP, Cyberduck, and other FTP clients support this, and then you won't need to deal with the mess that FTP is over NAT, PASV, etc...

With dropbear, at least in my builds, scp is always an option, but even there, I wouldn't expose that port/service...

sftp is a decent option
 
You must log in or register to reply here.

Similar threads

J
2 PC gaming on latest merlin 386.7_2, attempted port forwarding for both, only one is getting online
Replies
1
Views
1K
ColinTaylor
C
J
Unable to connect to FTP Server connected to Merlin 384.17 (ECONNREFUSED)
Replies
1
Views
4K
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
S Solved New ISP - WAN Setup - Will not work with custom WAN DNS - dnsmasq.conf Asuswrt-Merlin 1
V Import lease list to dnsmasq.conf.add Asuswrt-Merlin 5
L Setting up 2 mac addresses to same IP in dnsmasq.conf.add Asuswrt-Merlin 6
A Splitting port via VLANs on AX88U Pro? Asuswrt-Merlin 3
N Forward only specific port's traffic to Wireguard VPN Asuswrt-Merlin 1
Muyfa666 XT12 ethernet port 3 yellow? Asuswrt-Merlin 25
V Does DNS director block port 53 and/or 853 outgoing? Asuswrt-Merlin 3
K Add/Remove Port Forwards on a schedule Asuswrt-Merlin 3
adri Firewall, Port Forwarding, and DoS Question Asuswrt-Merlin 8
R Disable Intranet access for a LAN port (not the WiFi Guest network)? Asuswrt-Merlin 13

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 682 (members: 15, guests: 667)
Top