1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

wrtsl54gs ftp server

Discussion in 'HyperWRT Firmware' started by plugh, May 31, 2006.

  1. plugh

    plugh Network Guru Member

    Is there a way to turn on the ftp server but only allow internal access to it?

    Perhaps some oddball setup on the "Access Restrictions" page?

    Or would it require some kind of entry in the "Firewall script" (and if so, what)?
     
  2. plugh

    plugh Network Guru Member

    Tried a number of differant things via the "Access Restrictions" page with no success.

    Eventually came up with a hack which works for now - ie...

    Set up port forwarding for ports 20-21 to a nonexistant machine on the lan. Incoming connects from the wan get redirected, connects from the lan get the built-in server.

    I'm sure there is a more elegant way to do this, but hey...

    BTW, in the process of poking around, I found something that looks iffy to me...

    The FTP server is something valled ProFTPD.
    It uses a config file proftpd.conf
    The contents of this file include the following:
    <VirtualHost k.l.m.n> </VirtualHost>
    where k.l.m.n is the WAN IP address

    In my case, the WAN IP is DHCP assigned, and it makes me wonder what happens when the DHCP lease expires and a differant IP address gets assigned...
     
  3. michael1231

    michael1231 LI Guru Member

    Take a look at "src/router/rc/services.c"
    Line 4415, DefaultAddress %s, its value is nvram_safe_get("lan_ipaddr") originally, try to change it to nvram_safe_get("wan_ipaddr").



     
  4. plugh

    plugh Network Guru Member

    I'm nowhere near the point of being able to do my own builds yet. I was hoping for something I could do within the existing firmware.

    The port forwarding trick is working ok for now, but at some point I'll poke at this some more. One thing I realized is that the system already operates this way for the telnet deamon (ie connects from the wan are blocked but from the lan are accepted) so perhaps I'll find a clue there.
     
  5. prowler1968

    prowler1968 Network Guru Member

    I know that you have solved this with a fantom forward, but I have an alternative - possibly.

    As I don't have an SL, only a GS, I could be making a false assumption here. When you turn on the FTP function in the router, does it automatically forward port 21 to the IP address of the SL? You DO NOT need to forward ports for internal machines to reach another internal machine if they are both serviced by the same router. You would be accessing the FTP function by a private IP address.

    If this is not the way the SL works, please advise me otherwise. I am interested in upgrading to this rig in the future.
     
  6. Toxic

    Toxic Administrator Staff Member

    I would guess using iptables. though I dont know the interface names.

    I guess it would be something like this:

    iptables -A FORWARD -i eth0 -p tcp -dport 21 -j REJECT

    if you know the interface name of the WAN the use that instead of "eth0"

    maybe Thibor could add a feature to the ftp server to enable/disable WAN/LAN connections?
     
  7. Thibor

    Thibor Super Moderator Staff Member Member

    i don't see a problem with that, it will be in 15d/16
     
  8. rljo

    rljo Network Guru Member

    Hi Thibor,

    Did you ever release 15c for the SL? If so, I missed it. NO pushing here, I appreciate all your efforts. If 15c is not to be for the SL, I'll patiently wait for 15d.

    Thanks,
    Bob
     
  9. Thibor

    Thibor Super Moderator Staff Member Member

  10. rljo

    rljo Network Guru Member

    Why, I'll be a ...... ;-)
    Thanks!!!!

    Bob
     
  11. Bill_S

    Bill_S Network Guru Member

    Can someone give me a suggestion on how to solve a problem with the FTP server on my SL.? I have enabled the FTP server and left the port at the default, I also included the groups that I wanted to have access in the listing for access.
    Each time someone try’s to log into the FTP server (format of: ftp://username:password@<IP_address_or_domain_name>) it seems to either time out or not recognize the user/password.
    Any suggestions?

    Thanks
     
  12. Bill_S

    Bill_S Network Guru Member

    Can someone give me a suggestion on how to solve a problem with the FTP server on my SL.? I have enabled the FTP server and left the port at the default, I also included the groups that I wanted to have access in the listing for access.
    Each time someone try’s to log into the FTP server (format of: ftp://username:password@<IP_address_or_domain_name>) it seems to either time out or not recognize the user/password.
    Any suggestions?

    Thanks
     
  13. windage

    windage Network Guru Member

    Your ISP might be blocking the port

    I have telus TV and Telus blocks my ftp port 21. They only block it when you subscribe to thier tv service otherwise just subbing to dsl service is ok. So with that being said, check your ISP out.

    Hope this gives you an idea.
     
  14. Toxic

    Toxic Administrator Staff Member

    yeah it was a bit of a silent update...
     
  15. HennieM

    HennieM Network Guru Member

    Dunno the SL, nor ProFTPD (I don't know much...), and cool solutions with the port forward/iptables hacks. Here an additional one (I think)

    The classic Linux daemon (service) usually lets you tell it to "listen" for incoming connections on certain interfaces, and not on others. This can usually be done by manupilating the hosts.allow and hosts.deny files (usually in /etc) for daemons run via inetd, or directly in the config file of the daemon.

    IMHO, the <VirtualHost> statement found by plugh tells the ProFTPD daemon to listen on the WAN interface, so perhaps just removing that statement might tell ProFTPD to NOT listen for connections on the WAN interface. (The Apache http server uses similar VirtualHost statements.)

    As the config file currently shows - I assume - the correct IP for the WAN interface, there is probably some script that updates this IP when it changes. Maybe then, after removing the <VirtualHost> statement from the ProFTPD config file, the script that does this updating should also be found and modified.
     
  16. Bill_S

    Bill_S Network Guru Member

    I checked with my ISP and was told that port 21 was not blocked and I have retried to FTP to the SL router several times and I get getting "connection refused".
    Any suggestions?
    Thanks
     
  17. windage

    windage Network Guru Member

    I was told by my ISP that port 21 wasn't blocked

    And that wasn't true. Try running an ftp server straight from your comp and straight out thru the broadband connection. JUst try it before you start pulling out your hair. I couldn't believe I couldn't get my ftp server connection going until I changed ports and Telus swore up and down they weren't blocking that port. Maybe you already tried this, but I thought to suggest this to you just in case.
     
  18. Bill_S

    Bill_S Network Guru Member

    Thanks, will give it a try and let you know.
     
  19. Bill_S

    Bill_S Network Guru Member

    Ok, after a long session with Linksys Tech. Support my FTP server is working. How, I don't know. I can confrim that my ISP was not blocking port 20 or 21.
    The tech logged onto my router and made some adjustments, the only one that I can see that he made that I had not was port forwarding port 20 and 21 to my routers internal IP address.
    If I knew more, I would be happy to pass it along but that's all I know.
     
  20. Thibor

    Thibor Super Moderator Staff Member Member

    forwarding ports 20 & 21 are done internally when the ftp server is activated so it shouldn't be that, but as long as you have it working that's the main thing
     
  21. Bill_S

    Bill_S Network Guru Member

    Thibor, I forgot to include the fact that I am now using the "stock" Linksys firmware v2.02.1. I much prefer yours, Thibor but I just could not get the FTP server to work.
     
  22. Thibor

    Thibor Super Moderator Staff Member Member

    i have no objections to you using stock fw, but the ftp server in mine worked when i tested it.
     
  23. Bill_S

    Bill_S Network Guru Member

    I was sure it did but I couldn't figure what was happening with mine and I needed to get it up and running. I would really like to figure it our because I like your firmware MUCH better than the stock fw.
    Any suggestions for testing?
     
  24. Bill_S

    Bill_S Network Guru Member

    Sucess, the FTP server is working with 15c. All I did was flash the firmware back to v2.00.5 then flashed it with HyperWRT + thibor15c.
    Its seems like once the FTP server started working it continued to work on all the other firmware.
    I am now going to backup the configuration then clear the Nvram and restore to factory defaults and reload the configuration file. Will let you know if everything is ok after that.
     
  25. Bill_S

    Bill_S Network Guru Member

    All is well after clearing NVram, restoring factory defaults then loading my configuration file.
    FTP server works..
     

Share This Page