Can't Connect to FTP Server

[ccreedy 0]

Hi Guys,

              I've hit a brick wall with problems establishing a connection from an external device to an FTP server now that I'm using AirVPN

 

 

Here's what Ive done so far:

 

Im running an FTP server on a netgear NAS drive on my Lan using PAS

 

I've allocated 6x Ports in the client area on Air VPN and replaced the default port 21 giving seven Ports total and matched the settings on the server accordingly.

 

I have manually set a routing table within my RC87U (Merlin Firmware) so all seven ports are directed TUN - LAN

 

The FTP server on the NAS is working as an IP Camera within the LAN can happily record to it.

 

I have even gone to the lengths of duplicating the port forwarding within the routers WAN - LAN Port forwarding, but have erased this as it had zero effect.

 

However two offsite cameras fail to connect to the server, they attempt to connect and time out, usernames / passwords and share details are all correct.

 

Only Three of the seven allocated ports return as active in the client area, however I put this down to the other ports being closed until the FTP server chooses to open the port for use in order to trigger a response?

 

Any suggestions would be greatly appreciated at this stage as I've spent too many hours trying to resolve it, so a fresh perspective would be great.

 

[Guest]

just to ask, did you try all 7 ports when connecting to the FTP server? Also if a camera connects just fine when on the same network but fail when not and ports show as reachable have you tried to check whether something is blocking remote connections? since the port forward page use the same server to talk to the port on your network when you test it(as far as I know)

[go558a83nk 352]

not sure I understand what you've done 100%.

 

as I understand it you have altered the listening port on your FTP server to match the forwarded ports you've created. correct?

 

what are your routing tables?

[ccreedy 0]

I don't know is this a no no with VPN but I've assinged  a range of six ports + 1 command port generated by airvpn, I've forwarded them to the same local ports to keep things simple, I've manually added the ports to point to the server in the routing table and set the ftp server up to use said ports.

 

I've tried to remotely log into the ftp server using an offsie desktop and I get prompted for a username and password, so I know the ddns and port forward for the comand port are working, but after that the connection times out or fails.

 

Is there any reason why any of the 6 ports would be blocked or unreachable?

 

Many Thanks for your help.

[ccreedy 0]

still waiting for last post to appear: here is an extract from the routing table, 

 

iptables -I FORWARD -i tun13 -p udp -d 192.168.1.55 --dport 30810 -j ACCEPT

iptables -I FORWARD -i tun13 -p tcp -d 192.168.1.55 --dport 30810 -j ACCEPT

iptables -t nat -I PREROUTING -i tun13 -p tcp --dport 30810 -j DNAT --to-destination 192.168.1.55

iptables -t nat -I PREROUTING -i tun13 -p udp --dport 30810 -j DNAT --to-destination 192.168.1.55 

 

iptables -I FORWARD -i tun13 -p udp -d 192.168.1.55 --dport 63673 -j ACCEPT

iptables -I FORWARD -i tun13 -p tcp -d 192.168.1.55 --dport 63673 -j ACCEPT

iptables -t nat -I PREROUTING -i tun13 -p tcp --dport 63673 -j DNAT --to-destination 192.168.1.55

iptables -t nat -I PREROUTING -i tun13 -p udp --dport 63673 -j DNAT --to-destination 192.168.1.55

 

iptables -I FORWARD -i tun13 -p udp -d 192.168.1.55 --dport 63674 -j ACCEPT

iptables -I FORWARD -i tun13 -p tcp -d 192.168.1.55 --dport 63674 -j ACCEPT

iptables -t nat -I PREROUTING -i tun13 -p tcp --dport 63674 -j DNAT --to-destination 192.168.1.55

iptables -t nat -I PREROUTING -i tun13 -p udp --dport 63674 -j DNAT --to-destination 192.168.1.55

 

iptables -I FORWARD -i tun13 -p udp -d 192.168.1.55 --dport 63675 -j ACCEPT

iptables -I FORWARD -i tun13 -p tcp -d 192.168.1.55 --dport 63675 -j ACCEPT

iptables -t nat -I PREROUTING -i tun13 -p tcp --dport 63675 -j DNAT --to-destination 192.168.1.55

iptables -t nat -I PREROUTING -i tun13 -p udp --dport 63675 -j DNAT --to-destination 192.168.1.55

 

iptables -I FORWARD -i tun13 -p udp -d 192.168.1.55 --dport 63676 -j ACCEPT

iptables -I FORWARD -i tun13 -p tcp -d 192.168.1.55 --dport 63676 -j ACCEPT

iptables -t nat -I PREROUTING -i tun13 -p tcp --dport 63676 -j DNAT --to-destination 192.168.1.55

iptables -t nat -I PREROUTING -i tun13 -p udp --dport 63676 -j DNAT --to-destination 192.168.1.55

 

iptables -I FORWARD -i tun13 -p udp -d 192.168.1.55 --dport 63677 -j ACCEPT

iptables -I FORWARD -i tun13 -p tcp -d 192.168.1.55 --dport 63677 -j ACCEPT

iptables -t nat -I PREROUTING -i tun13 -p tcp --dport 63677 -j DNAT --to-destination 192.168.1.55

iptables -t nat -I PREROUTING -i tun13 -p udp --dport 63677 -j DNAT --to-destination 192.168.1.55

 

iptables -I FORWARD -i tun13 -p udp -d 192.168.1.55 --dport 63678 -j ACCEPT

iptables -I FORWARD -i tun13 -p tcp -d 192.168.1.55 --dport 63678 -j ACCEPT

iptables -t nat -I PREROUTING -i tun13 -p tcp --dport 63678 -j DNAT --to-destination 192.168.1.55

iptables -t nat -I PREROUTING -i tun13 -p udp --dport 63678 -j DNAT --to-destination 192.168.1.55 

[ccreedy 0]

Anybody at all?

[go558a83nk 352]

Sorry, I just saw that you pasted your iptables.

 

TUN13 is correct? 

 

What does this website say when you test if the port is open on your port forwarding page?  Remember to have your server listening on that port when you test.

[ccreedy 0]

Hi  go558a83nk,

                            Yes TUN13 is VPN Connection,

 

I've double checked, the command port 30810 and the first port in range 63673 are open and working but none of the others are showing as open 63674 - 63678 despite that being the range I've told the ftp server to use, and having been declared in the routing table.

 

 

[zhang888 1065]

iptables rules are not the routing table. The routing table is irrelavant in your case if other ports are working.

You have to check your FTP software configuration. In some of them, a range means the range to use when

other ports are not available, or when the maximum amount of clients per single connection is reached.

 

You can specify one port at a time and verify.

[ccreedy 0]

Tweaked a few more settings on the ftp server, set enable (but not force FTPS) and set to use Masqerade, then rebooted both FTP and router, I've now got 2 more ports open, but not the full range. don't understand how this changed things.

[ccreedy 0]

I'll give the one port config a try, but am I right in thinking if I limit to one port and am using 3x clients at the same time I could hit potential problems?

[zhang888 1065]

Depends on your FTP daemon, but you should be fine. There is a detailed explanation of a similar configuration here:

https://airvpn.org/topic/1700-ftp-server-and-client-on-air-vpn/

[ccreedy 0]

Hi Guy's have resolved the issue, I've enabled the Masqerade feature on the ftp server and then set the Masqerade IP to that of my AIRVPN address and the connections are now being made. This was just fluke based on what someone on the Netgear Forums mentioned, if this is huge No No, please drop me a line on the forums.

 

Many Thanks for your help.

[gorodnov 0]

I'm having similar issues, can you post your latest routing table and any other info else that could help?