FTPS / FTPES not working

Discussion in 'Tomato Firmware' started by cptskippy, Jan 19, 2010.

  1. cptskippy

    cptskippy Guest

    I've got a WRT54GL v2 running Tomato Firmware v1.25.1720 and I have a server on my LAN running the Filezilla FTP Server with FTP / FTPES / FTPS configured and I can connect to it just fine with a client on the LAN but I am unable to establish an FTPES or FTPS connection via WAN. Am I missing a setting in Tomato that might be blocking this?

    In the router I've got ports 20-21 and 5001-5201, for Passive FTP, and port 999 for FTPS forwarding to the internal server. I can connect from a remote location with Passive FTP just fine but when I try to use Explicit FTP I get the following error log in the FTP Client and a similar error for FTPS. The server does not display any errors but eventually times out.

    I've tried moving the ports around (e.g. not using 20-21) but it doesn't seem to help. I have setup SSH through the router to my server and I can establish an FTES connection over the SSH tunnel so I'm fairly certain it is something with the Router/Firewall.

    Ideas?
     
  2. michse

    michse Addicted to LI Member

    Hi,

    use administration-debugging and then iptables dump. View it with notepad++ (or something else) and you should see, which rule blocks your traffic. maybe you find the answer.

    Mh, I think ftp uses some other random ports to transmit, not only 20,21.

    http://de.wikipedia.org/wiki/File_Transfer_Protocol

    So if you don't tell your ftp client, which port to use (5001-5201), it does'nt work.

    michse
     
  3. michse

    michse Addicted to LI Member

    Hi,

    use administration-debugging and then iptables dump. View it with notepad++ (or something else) and you should see, which rule blocks your traffic. maybe you find the answer.

    Mh, I think ftp uses some other random ports to transmit, not only 20,21.

    http://de.wikipedia.org/wiki/File_Transfer_Protocol

    So if you don't tell your ftp client, which port to use (5001-5201), it does'nt work.

    michse
     
  4. rkloost

    rkloost Addicted to LI Member

    Standard FTP will give issues, because the server will initiate the back-connect.

    With passive FTP the client initiates the sessions and the ports are negotiated in the protocol.

    For easy setup on firewalls I prefer SFTP (SSH based), because only one port is used.

    Firewall logs and server and client logs should be sufficient to debug this issue.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice