vsftpd behind router
I am trying to set up an FTP server on my home network. I am having trouble connecting from the WAN.
I am running vsftpd on Raspbian on a raspberry pi. I have an Asus router with DD-WRT installed. I have made the following adjustments to my /etc/vsftpd.conf file: anonymous_enable=NO local_enable=YES write_enable=YES listen_port=2121 pasv_min_port=1024 pasv_max_port=1030 pasv_address=[my dyndns address] pasv_addr_resolve=YES The listen_port=2121 is because Charter blocks port 21. I have my router (DD-WRT)set up to forward ports 2121, 20, and the range of 1024 to 1030 to my raspberry pi's LAN IP. However, I am having trouble connecting from outside my network. When I run the command-line windows ftp from my computer at my work, I am able to log in. Once I am logged in, I have an exchange like this: 230 Login successful. ftp> pwd 257 "/home/dougan" ftp> ls 550 Permission denied. 425 Use PORT or PASV first. ftp> literal pasv 227 Entering Passive Mode (68,187,99,74,4,2). ftp> pwd 257 "/home/dougan" ftp> ls It just hangs for awhile before I get: 425 Failed to establish connection. It keeps behaving like I'm having port forwarding problems, but I have everything set up in DD-WRT so it can't be that. Does anybody have any ideas? |
You may need to add some modules for cxn tracking for ftp:
http://wiki.openwrt.org/doc/howto/netfilter http://www.linuxhomenetworking.com/w...Using_iptables http://www.cyberciti.biz/tips/how-do...g-feature.html Alternately, if this is for a limited group of known clients, sftp would be simpler and also encrypted. |
If you test within the lan does it work?
|
Quote:
Yes, it works just fine within the LAN. |
Forgive me, because I am not fully familiar with how iptables works. But the fact that this works fine on my LAN makes me think I can rule out need to update iptables on the FTP server. I guess I could see why it would need to be done on the router, though.
I've found a lot of documentation, including jefro's, and they all seem to differ. I tried this on my router: iptables -A INPUT -p tcp -s 0/0 --sport 1024:1030 -d [WAN dyndns address] --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s [WAN dyndns address] --sport 22 -d 0/0 --dport 1024:1030 -m state --state ESTABLISHED -j ACCEPT This did not do it for me. Can anybody help me understand what I should be doing here? Thanks! |
All times are GMT -5. The time now is 12:01 PM. |