LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   vsftpd behind router (https://www.linuxquestions.org/questions/linux-software-2/vsftpd-behind-router-4175457849/)

dougan 04-11-2013 09:47 PM
vsftpd behind router
 
I am trying to set up an FTP server on my home network. I am having trouble connecting from the WAN.

I am running vsftpd on Raspbian on a raspberry pi. I have an Asus router with DD-WRT installed.

I have made the following adjustments to my /etc/vsftpd.conf file:
anonymous_enable=NO
local_enable=YES
write_enable=YES
listen_port=2121
pasv_min_port=1024
pasv_max_port=1030
pasv_address=[my dyndns address]
pasv_addr_resolve=YES

The listen_port=2121 is because Charter blocks port 21.

I have my router (DD-WRT)set up to forward ports 2121, 20, and the range of 1024 to 1030 to my raspberry pi's LAN IP.

However, I am having trouble connecting from outside my network. When I run the command-line windows ftp from my computer at my work, I am able to log in. Once I am logged in, I have an exchange like this:

230 Login successful.
ftp> pwd
257 "/home/dougan"
ftp> ls
550 Permission denied.
425 Use PORT or PASV first.
ftp> literal pasv
227 Entering Passive Mode (68,187,99,74,4,2).
ftp> pwd
257 "/home/dougan"
ftp> ls

It just hangs for awhile before I get:

425 Failed to establish connection.

It keeps behaving like I'm having port forwarding problems, but I have everything set up in DD-WRT so it can't be that. Does anybody have any ideas?

chrism01 04-12-2013 01:08 AM
You may need to add some modules for cxn tracking for ftp:

http://wiki.openwrt.org/doc/howto/netfilter
http://www.linuxhomenetworking.com/w...Using_iptables
http://www.cyberciti.biz/tips/how-do...g-feature.html

Alternately, if this is for a limited group of known clients, sftp would be simpler and also encrypted.

jefro 04-12-2013 03:38 PM
If you test within the lan does it work?

dougan 04-14-2013 01:12 PM
Quote:
Originally Posted by jefro (Post 4930513)
If you test within the lan does it work?

Yes, it works just fine within the LAN.

dougan 04-14-2013 01:37 PM
Forgive me, because I am not fully familiar with how iptables works. But the fact that this works fine on my LAN makes me think I can rule out need to update iptables on the FTP server. I guess I could see why it would need to be done on the router, though.

I've found a lot of documentation, including jefro's, and they all seem to differ. I tried this on my router:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:1030 -d [WAN dyndns address] --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s [WAN dyndns address] --sport 22 -d 0/0 --dport 1024:1030 -m state --state ESTABLISHED -j ACCEPT

This did not do it for me. Can anybody help me understand what I should be doing here?

Thanks!


All times are GMT -5. The time now is 12:01 PM.