FTP in port other than 21

Discussion in 'Tomato Firmware' started by OLOCO, Mar 6, 2012.

  1. OLOCO

    OLOCO Networkin' Nut Member

    Well, I wil try to explain my problem the best I can (no englslih speaker).
    I'm trying to put a server behind my tomato router. This is Gene6FTP.
    If I use port 21, I can connect via PORT and PASV with no problem from WAN, just with a port mapping of 21 (and maybe 50000-50010).
    But… if I try to user a diferent port (2121), I just can connect via PASV method, and not all the clients work well with it.
    I have already configured PASV ports 50000-50010 in the server, and mapped them on tomato.
    I can't understand why I can connect perfectly with port 21 and not with any diferent one.
    I have tryed to active/desactive FTP nat helper, and reloading it (modprobe nf_conntrack_ftp ports:2121), but no success.
    The FTP included in tomato is not active, so… I dont know what else can I try.
    This is my iptables -L:

    Th version of tomato is:
    Tomato Firmware v1.28.9011 MIPSR2-RAF-NCC-VLAN K26 USB VPN-NOCAT
    And Port Mapping:
    Please, ask me for any kind of information you need.
    Thank you in advance!!
  2. shadowken

    shadowken Networkin' Nut Member

    Have you tried to change your ftp server's default port to 2121 ?
  3. OLOCO

    OLOCO Networkin' Nut Member

    Hi Shadowken.
    I have not activated my internal ftp server, so I think It is not the problem. Later, if I am able to resolve my problem, maybe I will activate tomato's FTP server, but not at this moment. What I need to do is to be able to connect to my external ftp server using a port diferent to 21, via PASV and PORT. The extrange thing is that using port 21 I can do it witouth problem, but if I try to do it with any other port (port forwarding it), I get a 425 error and cannot get the list of files of the server.
  4. shadowken

    shadowken Networkin' Nut Member

    I didn't tell you to make the changes on TOMATO FTP .., anyway as it shown in your iptables you set dport 2121 to your FTP server but actually your FTP listens on 21 not 2121 .
    if you want to access your FTP using 2121 to access 21 port , set the source port 2121 to destination port 21 . Otherwise i don't know because i don't understand you .
  5. OLOCO

    OLOCO Networkin' Nut Member

    My server is listening on port 2121. So, looking at iptables,
    it says that all the connections have to go to, port 2121 (the one that my Gene6FTP server is listening at).
    My question is: Why can I connect to my gene6ftp server with no problems (PORT AND PASV) if I configure it to listen on port 21 (and making port forwarding to port 21, too), but if I configure the gene6ftp server to listen on port 2121 (and port forwarding to port 2121), I cant connect via PORT, and sometimes PASV (depending of the client) ?

    Thanks for your time and patient!!
  6. bucher

    bucher Networkin' Nut Member

    I have not used it in a long time, but there is an option in gene6 to tell it your external IP, if you do not use pasv mode I think that is what you have to do. I always used port 54321 and I think I had to add 54320 as well and then tell the server certain ports as well and forward all those ports. For some reason I needed the server port minus 1 as well, that's why I did 54320.
  7. OLOCO

    OLOCO Networkin' Nut Member

    Hi Bucher!. I know what you are trying to tel me. But I have already done that. I have configured port range 50000-50010 so as to use with PASV in GeneFTP, and I have already mapped them. Anyway, using PORT mode there is no need to use these ports. the strange thing is that using port 21, PORT mode works perfectly, but if I change to any other port, it doesn't.

