Unable to browse FTP behind my network


Recommended Posts

Hello All, 

 

There is probably going to be some real simple reason why this is occuring. I am unable to explore my hosted ftp server. 

 

Here is what i know:

 

I have an E4200 Router running DD-WRT v24-sp2 (03/25/13) mega - build 21061

 

I try to access the ftp server from behind my network and this will happen 

STATUS:>  	[22/09/2014 13:24:21] Connected. Authenticating...
COMMAND:>	[22/09/2014 13:24:21] USER stleonarm
		[22/09/2014 13:24:21] 331 User stleonarm OK. Password required
COMMAND:>	[22/09/2014 13:24:21] PASS *****
		[22/09/2014 13:24:21] 230-User stleonarm has group access to:  users     
		230 OK. Current restricted directory is /
STATUS:>  	[22/09/2014 13:24:21] Login successful.
COMMAND:>	[22/09/2014 13:24:21] PWD
		[22/09/2014 13:24:21] 257 "/" is your current location
STATUS:>  	[22/09/2014 13:24:21] Home directory: /
COMMAND:>	[22/09/2014 13:24:21] FEAT
		[22/09/2014 13:24:21] Informational Message Only:
		211-Extensions supported:
		 EPRT
		 IDLE
		 MDTM
		 SIZE
		 REST STREAM
		 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
		 MLSD
		 AUTH TLS
		 PBSZ
		 PROT
		 UTF8
		 TVFS
		 ESTA
		 PASV
		 EPSV
		 SPSV
		 ESTP
		211 End.
STATUS:>  	[22/09/2014 13:24:21] This site supports features.
STATUS:>  	[22/09/2014 13:24:21] This site supports SIZE.
STATUS:>  	[22/09/2014 13:24:21] This site can resume broken downloads.
COMMAND:>	[22/09/2014 13:24:21] REST 0
		[22/09/2014 13:24:21] 350 Restarting at 0
COMMAND:>	[22/09/2014 13:24:21] PASV
		[22/09/2014 13:24:21] 227 Entering Passive Mode (213,186,xx,xxx,162,92)
COMMAND:>	[22/09/2014 13:24:21] LIST
STATUS:>  	[22/09/2014 13:24:21] Connecting FTP data socket... 213.186.xx.xxx:41564...
		[22/09/2014 13:24:21] 150 Accepted data connection
		[22/09/2014 13:24:21] 226-Options: -a -l 
		226 9 matches total
STATUS:>  	[22/09/2014 13:24:21] Directory listing completed.
STATUS:>  	[22/09/2014 13:24:22] Getting listing "/www"...
COMMAND:>	[22/09/2014 13:24:22] CWD /www
		[22/09/2014 13:24:22] 250 OK. Current directory is /www
STATUS:>  	[22/09/2014 13:24:22] PWD skipped. Current folder: "/www".
COMMAND:>	[22/09/2014 13:24:22] PASV
		[22/09/2014 13:24:22] 227 Entering Passive Mode (213,186,xx,xxx,162,195)
COMMAND:>	[22/09/2014 13:24:22] LIST
STATUS:>  	[22/09/2014 13:24:22] Connecting FTP data socket... 213.186.xx.xxx:41667...
		[22/09/2014 13:24:22] 150 Accepted data connection
ERROR:>   	[22/09/2014 13:25:22] Timeout (60000 ms) occurred on receiving data from the server.
		[22/09/2014 13:25:23] 226-Options: -a -l 
		226 51 matches total

The connection will time out. 

 

I have access to the root directory but am unable to browse any further than there. I then connect my tablet to my mobile phone and try connecting and browsing from outside my network. It works.

 

So we know that the problem is behind my network but i can not locate the problem. 

 

I have turned off Windows firewall on my pc. No Affect. 

I have put my PC into a DMZ on the router. No Affect

I have turned off the router firewall. No affect. 

 

I am begining to run out of ideas. 

 

Any thoughts as to what the problem might be?

 

Thanks folks

Link to comment
Share on other sites

What tablet are you running?  What ftp client on your tablet? 

 

Can you try your same tablet behind your network?

 

Try switching from pasv mode on your ftp client to active, if you can and see if that fixes your issue.  It is possibly that your tablet is running active mode vs pasv mode.  pasv mode requries more ports to be opened on the host side vs a single port, active requires 1 single port to be open on the host side.  If not configured properly on the host side, pasv will result in what you are seeing.

 

 

This is how you would do it in the filezilla client

In FileZilla, click on Edit | Settings.

Under Connection, click on FTP and choose Active as the Transfer Mode.

Under Connection, under FTP, click on Active mode and choose ?Ask your operating system for the external IP address? (the default setting).

Under Connection, under FTP, click on Passive mode and choose ?Fall back to active mode? (this is an optional setting).

 

 

*Edit* It could also be a firmware issue on your router. 

Link to comment
Share on other sites

So your on your network? But your trying to hit public in the pasv connection

"Connecting FTP data socket... 213.186.xx.xx:41564..."

I would suggest you don't post your public IP on the public forums as general rule.

You say it works when outside, but if your actually on the same local network and you hit a public your talking about a nat reflection or loopback forwarding - which is not good idea and normally has to be setup and quite often PITA

If your on the same network as the ftp server - then just use the local IP to connect to it - it should then give you back a private IP. The ftp helper in your router would change that to the public IP when from the outside..

So for example

Command: PASV

Response: 227 Entering Passive Mode (192,168,1,8,195,17)

Command: MLSD

Response: 150 Connection accepted

Response: 226 Transfer OK

Status: Directory listing successful

or if doing it active

Response: 200 Type set to I

Command: PORT 192,168,1,100,48,249

Response: 200 Port command successful

Command: MLSD

Understanding the difference between passive and active ftp is key in running a ftp server ;)

Here is a great write up http://slacksite.com/other/ftp.html

On a side note I would never run a ftp server to the public internet these days, unless it was just to grab files anon from, etc.

If you want to access your files while your away from your network - vpn in!! Then use ftp or sftp, http to access your stuff. Providing services to the wild west that is the public net is asking for grief..

Link to comment
Share on other sites

I am probably not explaining this well...

 

I pay a hosting company to host a website. It is their FTP server i am trying to browse. My username and password lets me into the ftp root directory (ftp://root) but when i try to go on the next level up (ftp://root/www) the connection times out. 

I am using CuteFTP as a client. 

 

I tried connecting to the ftp server from outside my network by using my mobile phones 3g connection tethered to a tablet and it worked just fine, which means there is an issue with my network. I did not have these issues until putting the latest version of ddwrt on my router.

Perhaps this is a firmware issue?

 

Thanks

/edit just to add that i tried forcing the connection into an Active mode and the server refused the connection. Could not even get to root directory.

Link to comment
Share on other sites

If the only thing that is changing is the connection, then it could be router firmware, but if you are changing systems and changing connection it could be system related or firmware related.

Link to comment
Share on other sites

well roll your firmware back - do you get the problem then?  You seem to have made the data connection - not sure why you made 2?  Looks like you made one for the directory of the root /www - but then you made another one for when you moved directories?

 

Who says you have permission to /www ?  Your saying it works with your phone?  When connected outside your router, but not when your inside your router - this directory of www?

 

Can you use sftp - you do understanding ftp sends password in clear.  Every host I have seen provides stfp these days.

Link to comment
Share on other sites

I'm a friend of his and I can confirm that I can log on to his FTP from my location just fine using his credentials. I can browse every directory with no issue and I've used multiple FTP clients.

 

We updated his Cisco E4200V1 Router from the stock firmware to the latest stable DD-WRT release. It's the same router as I have, just using slightly newer firmware.  I am also running DD-WRT. The issue MUST be at the router somewhere but I've looked and can't figure it out.

 

He's running: DD-WRT v24-sp2 (03/25/13) mega - build 21061

I'm Running: DD-WRT v24-sp2 (03/19/12) mega - build 18777

 

I suppose we could try flashing the same build as I have on it.

Link to comment
Share on other sites

Yeah could be buggy firmware, both of those are really old firmware though.. But if your's work - moving his to yours would be the correct path. Then if you wanted you could go with current code and see if still no issues.

I would think you can find the latest and greatest here

ftp://ftp.dd-wrt.com/betas/2014/06-23-2014-r24461/

You say you are using mega - I believe this would would be the latest and greatest in that line for that e4200 model

ftp://ftp.dd-wrt.com/betas/2014/06-23-2014-r24461/broadcom_K3X/dd-wrt.v24-24461_NEWD-2_K3.x_mega-e4200.bin

Link to comment
Share on other sites

This topic is now closed to further replies.