1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTPS / FTPES not working

Discussion in 'Tomato Firmware' started by cptskippy, Jan 19, 2010.

  1. cptskippy

    cptskippy Guest

    I've got a WRT54GL v2 running Tomato Firmware v1.25.1720 and I have a server on my LAN running the Filezilla FTP Server with FTP / FTPES / FTPS configured and I can connect to it just fine with a client on the LAN but I am unable to establish an FTPES or FTPS connection via WAN. Am I missing a setting in Tomato that might be blocking this?

    In the router I've got ports 20-21 and 5001-5201, for Passive FTP, and port 999 for FTPS forwarding to the internal server. I can connect from a remote location with Passive FTP just fine but when I try to use Explicit FTP I get the following error log in the FTP Client and a similar error for FTPS. The server does not display any errors but eventually times out.

    I've tried moving the ports around (e.g. not using 20-21) but it doesn't seem to help. I have setup SSH through the router to my server and I can establish an FTES connection over the SSH tunnel so I'm fairly certain it is something with the Router/Firewall.

    Ideas?
     
  2. michse

    michse Addicted to LI Member

    Hi,

    use administration-debugging and then iptables dump. View it with notepad++ (or something else) and you should see, which rule blocks your traffic. maybe you find the answer.

    Mh, I think ftp uses some other random ports to transmit, not only 20,21.

    http://de.wikipedia.org/wiki/File_Transfer_Protocol

    So if you don't tell your ftp client, which port to use (5001-5201), it does'nt work.

    michse
     
  3. michse

    michse Addicted to LI Member

    Hi,

    use administration-debugging and then iptables dump. View it with notepad++ (or something else) and you should see, which rule blocks your traffic. maybe you find the answer.

    Mh, I think ftp uses some other random ports to transmit, not only 20,21.

    http://de.wikipedia.org/wiki/File_Transfer_Protocol

    So if you don't tell your ftp client, which port to use (5001-5201), it does'nt work.

    michse
     
  4. rkloost

    rkloost Addicted to LI Member

    Standard FTP will give issues, because the server will initiate the back-connect.

    With passive FTP the client initiates the sessions and the ports are negotiated in the protocol.

    For easy setup on firewalls I prefer SFTP (SSH based), because only one port is used.

    Firewall logs and server and client logs should be sufficient to debug this issue.
     

Share This Page