1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTP Setup Help

Discussion in 'Tomato Firmware' started by Bill_S, Oct 17, 2012.

  1. Bill_S

    Bill_S Network Guru Member

    I cannot get the FTP server working on my WRTSL54GS running Tomato Firmware v1.28.9054 MIPSR1-beta K26 USB Ext.
    The log shows the correct WAN IP address (replaced with xxx.xx.xx.xxx)AP3 is the name of the device (Access Point 3). The device has a USB drive attached to it and I can access it locally using the Win7 Network icon for AP3. AP3 is the WRTSL54GS with DHCP turned off so that it just acts an switch and AP. I have the router forwarding the FTP port to AP3's LAN IP address. But I can’t get the FTP server to work internally or externally. Anyone have a suggestion?
    Here is the log:

     
  2. koitsu

    koitsu Network Guru Member

    Your port forwarding is set up incorrectly/wrong to handle both active mode and passive mode FTP. I'll give you a snippet of my firewall rules from my co-location server. These are for FreeBSD/OpenBSD pf, not Linux iptables, but that doesn't matter -- it's the **concept** and understanding the FTP protocol which is important. The comments are what will help you the most:

    Code:
    # Punch holes for FTP.  The rule looks complex, so here it is explained:
    # - Make sure pass rule only applies to 72.20.98.68 (ftp.parodius.com)
    # - Permit incoming connections to port 21 (main FTP service)
    # - Permit incoming connections to ports 49152-65535 (FTP passive mode)
    # - TCP port 20 is actually for **outbound** connections in FTP active mode,
    #  but since we permit all outbound traffic, we don't need a rule for it.
    # - TCP ports 49152-65535 come from ftpd(8) and ip(4) manpages; there are
    #  sysctl(8) knobs for these, but we shouldn't mess with them.
    #
    pass in quick on $ext_if proto tcp from any to 72.20.98.68 port { ftp, 49152:65535 }
    
    You'll need to adapt similar forwarding rules on your own, and make sure that the FTP server you're using behind the router lets you set what port ranges to use for passive mode (pick a small number of port ranges please; you do not have to (nor should you!) use 49152 to 65535).

    Be sure to note all the traffic is also TCP; FTP does not use UDP.
     
  3. Bill_S

    Bill_S Network Guru Member

    Thank you very much, seems to be working now that I got the ports forwarded correctly.
    Thanks again
     
    koitsu likes this.

Share This Page