1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DMZ and FTP issues

Discussion in 'Networking Issues' started by OLOCO, Dec 25, 2011.

  1. OLOCO

    OLOCO Networkin' Nut Member

    Hi!
    I wish you could help me.
    I have an asus rt16n with tomato 1.28.
    All the settings are from default.
    Well, I have got a server throuth DMZ (192.168.1.10).
    I want to connect to the external hard drive via integrated ftp server, but there is a problem. When DMZ is NOT activated, I can connect correctly via Internet and Lan, but if I activate the DMZ option, I just can connect via Lan to the ftp server, but not from Internet.
    I think Its something related to Iptables, but im not sure, and thats why I am here... I wish you could help me to find the solution to this problem.
    I will answer any question yo need to do, the better I can (I'm spanish, and my english is quite poor...).

    Thank you very much!!
     
  2. OLOCO

    OLOCO Networkin' Nut Member

    More info:
    This is the result of iptables -L -n with DMZ activated:

    And this is the iptables withouth DMZ activated:

    When I try to connect via filezilla to the integrated ftp server when DMZ is activated, I get this error:
    The strange thing is that I can connect to the web server from Internet, the same as sshd.
    I understand that iptables will accept all the incoming connections (INPUT CHAIN) because of
    "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0".
    Also, I have tried to add:
    and
    but the same result...

    Any Idea?.
    Thanks for your time!!!
     
  3. OLOCO

    OLOCO Networkin' Nut Member

    More news:
    I have just tried to delete the line in CHAIN FORWARD containing
    (this is the one that the router add to iptables when DMZ is activated), but I still cannot connect.

    I have no more ideas.... :(
     
  4. joelinkup

    joelinkup LI Guru Member

    Return everything you have played with to the default setting and then set up your FTP service... OK... Let's say that is done... Now you say when DMZ IS ACTIVATED you can connect for FTP locally via the LAN but NOT via the Internet... but when DMZ IS NOT ACTIVATED you can connect both via the LAN and via the Internet... OK... Go back to the DMZ ACTIVATED mode where it works only locally... At this point my question is... Are you trying to test the Internet FTP connectivity by connecting over the Internet by using the same Internet connection you are testing???... If so... Don't do that... Sign on via someone elses Internet connection and THEN try to get into your FTP server via the Internet... You may be surprised... I hope so...
     
  5. OLOCO

    OLOCO Networkin' Nut Member

    Hi joelinkup! I had already tried what you said, but it still fails. Finally, I managed to make it run by making port forwarding to the ip of the router, so as to be able to connect to it. What I cant understand is: If I make a DMZ to 192.168.1.10, the line
    in
    is added. I think it means that any connection to any port is forwarded to ip 192.168.1.10. So... why am I able to connect to the port 8080, or port 443 (for ssh to my router in my case) IP 192.168.1.1, if I have not made a port forwarding to these ports?
     

Share This Page