×

Switch Account

FTP Server doesn't work outside local network with Westell A90-9100EM​15-10

FTP Server doesn't work outside local network with Westell A90-9100EM​15-10

Reply
Contributor
Contributor
Posts: 4
Registered: ‎12-10-2010

Hi,

 

I can't access my home ftp server (Seagate Blackarmor 440 with latest firmware) from any remote location. When i'm connected to the local network it works fine. But as soon as i try to access from remote location it just doens't.

I tried forwarding the appropriate port (21) but no luck. Then i tried to set it as dmz host, but still no luck. Here's what i get from the client:

 

  • STATUS:>               [12/10/2010 2:38:01 PM] Getting listing ""...
  • STATUS:>               [12/10/2010 2:38:01 PM] Resolving host name...
  • STATUS:>               [12/10/2010 2:38:01 PM] Host name resolved
  • STATUS:>               [12/10/2010 2:38:01 PM] Connecting to FTP server...
  • STATUS:>               [12/10/2010 2:38:01 PM] Socket connected. Waiting for welcome message...
  •                                 [12/10/2010 2:38:01 PM] 220 vsFTPd 2.0.7+ (ext.1) ready...
  • STATUS:>               [12/10/2010 2:38:01 PM] Connected. Authenticating...
  • COMMAND:>         [12/10/2010 2:38:01 PM] USER chris
  •                                 [12/10/2010 2:38:01 PM] 331 Please specify the password.
  • COMMAND:>         [12/10/2010 2:38:01 PM] PASS *****
  •                                 [12/10/2010 2:38:01 PM] 230 Login successful.
  • STATUS:>               [12/10/2010 2:38:01 PM] Login successful.
  • COMMAND:>         [12/10/2010 2:38:01 PM] PWD
  •                                 [12/10/2010 2:38:01 PM] 257 "/"
  • STATUS:>               [12/10/2010 2:38:01 PM] Home directory: /
  • COMMAND:>         [12/10/2010 2:38:01 PM] FEAT
  •                                 [12/10/2010 2:38:01 PM] Informational Message Only:
  •                                 211-Features:
  •                                  EPRT
  •                                  EPSV
  •                                  MDTM
  •                                  PASV
  •                                  UTF8
  •                                  REST STREAM
  •                                  SIZE
  •                                  TVFS
  •                                 211 End
  • STATUS:>               [12/10/2010 2:38:01 PM] This site supports features.
  • STATUS:>               [12/10/2010 2:38:01 PM] This site supports SIZE.
  • STATUS:>               [12/10/2010 2:38:01 PM] This site can resume broken downloads.
  • COMMAND:>         [12/10/2010 2:38:01 PM] REST 0
  •                                 [12/10/2010 2:38:02 PM] 350 Restart position accepted (0).
  • COMMAND:>         [12/10/2010 2:38:02 PM] PASV
  •                                 [12/10/2010 2:38:04 PM] 500 OOPS: child died
  • STATUS:>               [12/10/2010 2:38:04 PM] PASV failed, trying PORT.
  • COMMAND:>         [12/10/2010 2:38:04 PM] PORT 192,168,1,16,213,119
  • ERROR:>                [12/10/2010 2:38:04 PM] Control connection closed.
  • ERROR:>                [12/10/2010 2:38:04 PM] Syntax error: command unrecognized.
  • ERROR:>                [12/10/2010 2:38:04 PM] Failed to establish data socket.
  • STATUS:>               [12/10/2010 2:38:04 PM] Waiting 0 seconds...
  • STATUS:>               [12/10/2010 2:38:04 PM] Getting listing "/"...
  • STATUS:>               [12/10/2010 2:38:04 PM] Resolving host name...
  • STATUS:>               [12/10/2010 2:38:04 PM] Host name
  • STATUS:>               [12/10/2010 2:38:04 PM] Connecting to FTP server...
  • STATUS:>               [12/10/2010 2:38:04 PM] Socket connected. Waiting for welcome message...
  •                                 [12/10/2010 2:38:04 PM] 220 vsFTPd 2.0.7+ (ext.1) ready...
  • STATUS:>               [12/10/2010 2:38:04 PM] Connected. Authenticating...
  • COMMAND:>         [12/10/2010 2:38:04 PM] USER chris
  •                                 [12/10/2010 2:38:04 PM] 331 Please specify the password.
  • COMMAND:>         [12/10/2010 2:38:04 PM] PASS *****
  •                                 [12/10/2010 2:38:04 PM] 230 Login successful.
  • STATUS:>               [12/10/2010 2:38:04 PM] Login successful.
  • COMMAND:>         [12/10/2010 2:38:04 PM] PWD
  •                                 [12/10/2010 2:38:04 PM] 257 "/"
  • STATUS:>               [12/10/2010 2:38:04 PM] Home directory: /
  • STATUS:>               [12/10/2010 2:38:04 PM] This site supports features.
  • STATUS:>               [12/10/2010 2:38:04 PM] This site supports SIZE.
  • STATUS:>               [12/10/2010 2:38:04 PM] This site can resume broken downloads.
  • COMMAND:>         [12/10/2010 2:38:04 PM] REST 0
  •                                 [12/10/2010 2:38:04 PM] 350 Restart position accepted (0).
  • COMMAND:>         [12/10/2010 2:38:04 PM] PORT 192,168,1,16,213,121
  •                                 [12/10/2010 2:38:04 PM] 200 PORT command successful. Consider using PASV.
  • COMMAND:>         [12/10/2010 2:38:04 PM] LIST
  •                                 [12/10/2010 2:39:04 PM] 425 Failed to establish connection.
  • ERROR:>                [12/10/2010 2:39:04 PM] Server can't open data connection.

 

 

Also i checked the security log inside firewall:

  • Dec 10 14:43:55 2010
  • Inbound Traffic
  • Accepted Traffic - Service
  • FTP: TCP #.#.#.#:54680->192.168.1.120:21 on eth1
  • Dec 10 14:43:54 2010
  • Outbound Traffic
  • Blocked - Advanced Filter Rule
  • First packet in connection is not a SYN packet: TCP 192.168.1.120:21->#.#.#.#:54678 on eth1
  • Dec 10 14:43:54 2010
  • Outbound Traffic
  • Accepted Traffic - Advanced Filter Rule
  • /fw/policy/0/chain/vod_chain/rule/0: TCP 192.168.1.110:60061->143.127.102.125:80 on eth1
  • Dec 10 14:43:51 2010
  • Outbound Traffic
  • Blocked - Packet invalid in connection
  • TCP 192.168.1.120:21->#.#.#.#:54678 on eth1
  • Dec 10 14:43:51 2010
  • Inbound Traffic
  • Accepted Traffic - Service
  • FTP: TCP #.#.#.#:54678->192.168.1.120:21 on eth1
  • Dec 10 14:43:43 2010
  • Outbound Traffic
  • Accepted Traffic - Advanced Filter Rule
  • /fw/policy/0/chain/vod_chain/rule/0: TCP 192.168.1.121:39585->67.111.14.28:80 on eth1
  • Dec 10 14:43:41 2010
  • Firewall Info
  • Rate Limit
  • 1 messages of type [44] Advanced Filter Rule suppressed in 1 second(s)
  • Dec 10 14:43:40 2010
  • Outbound Traffic
  • Accepted Traffic - Advanced Filter Rule
  • /fw/policy/0/chain/vod_chain/rule/0: TCP 192.168.1.110:60053->143.127.102.125:80 on eth1

 

ftp ip is 192.168.1.120.

I haven't set any rules in advanced filtering under firewall and the firewall setting is typical security (also tried minimum with no luck).

 

The same ftp server has worked fine with Brighthouse so i'm guessing it's a router issue probably but don't really know. Can somebody maybe help me fix that?

 

Thanks so much in advance.

Chris

7 REPLIES 7
Highlighted
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 5,811
Registered: ‎09-24-2008

Pre-check list for allowing user from the net to connect you:

 

#1 The Default Gateway on your computer is the same IP Address as the Westell A90-9100EM​15-10?

 

For example, if on Windows XP

 

a) Go to Start -> Run.

 

b) Type in cmd and press enter.

 

c) In the new window, called the command prompt, type in ipconfig /all and press enter.

 

#2 In the router go to Advanced -> Private LAN

 

#3 What is the Starting and Ending IP Address?

 

#4 In the router go to Advanced -> Universal Plug and Play

 

#5 If you do not have at least two game consoles behind this two router, turn off UPnP in the router.

 

By game console, a special type of computer with no keyboard or mouse (and it/they are usually connected to a TV).

 

#6 In the router go to System Monitoring  -> Gateway Status

 

#7 With another web browser Window OR Tab, go to https://www.grc.com/x/ne.dll?bh0bkyd2

 

#8 Below the text that says The text below might uniquely identify you on the Internet is an IP Address.

 

#9 In the web browser window or tab, that is still looking in the router, you should see that same IP Address.

If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.


 

Highlighted
Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 2,153
Registered: ‎11-10-2009
Message 3 of 8
(9,291 Views)

You need to forward more than port 21 as passive mode (PASV) uses random ports for setting up the transfer sockets.

You'd find it easier to use something like FileZilla server where you can specify a range for the passive mode ports to be used.  Then you would need to forward the ports in that range to the same destination client as port 21.  Personally I would also not use port 21 as you will find you will have dozens of robotic sign on users trying to break into the server on that port.  It's also quite likely that port 21 is blocked in your area (it is in some) however from your log it appears that the initial connection was accepted.

 

Before anybody else mentions it, remember/or read your TOS about running servers.  Your interpretation of what they say is up to you but might not agree with the way Verizon interprets it.

Highlighted
Contributor
Contributor
Posts: 4
Registered: ‎12-10-2010

Hi

Thanks for suggestions but still have the same problem.

 

I checked default gateway and is ok (192.168.1.1)

Private LAN range: 192.168.1.2-192.168.1.254

Gateway status: address is correctly displayed

Disabled upnp.

Also tried to telnet to port 21 of public address and reports ok if that helps at all.

No luck so far.

Security log still shows:

 

  • Dec 11 17:50:48 2010 Outbound Traffic Blocked - Advanced Filter Rule First packet in connection
  • is not a SYN packet:
  • TCP 192.168.1.120:21->#.#.#.#:55859 on eth1
  • Dec 11 17:50:44 2010 Outbound Traffic Blocked - Packet invalid in connection TCP 192.168.1.120:21
  • >#.#.#.#:55859 on eth1
  • Dec 11 17:50:48 2010 Outbound Traffic Blocked - Advanced Filter Rule First packet in connection
  • is not a SYN packet: TCP 192.168.1.120:21->#.#.#.#:55859 on eth1
  • Dec 11 17:50:44 2010 Outbound Traffic Blocked - Packet invalid in connection TCP 192.168.1.120:21
  • >#.#.#.#:55859 on eth1

 

 

Anything else I could try?

 

Thanks

Chris

Highlighted
Contributor
Contributor
Posts: 4
Registered: ‎12-10-2010

@ viafax999

I basically want to use ftp server of my NAS to access business files remotely, so it's not really in my hand to chose the software to use. Noramally used port 8010 but changed it to default to help me identify the problem. Yes initial connection is made. From what the log says it's the data connection on the different port that's not happening.

Highlighted
Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 2,153
Registered: ‎11-10-2009

@Ripperor wrote:

@ viafax999

I basically want to use ftp server of my NAS to access business files remotely, so it's not really in my hand to chose the software to use. Noramally used port 8010 but changed it to default to help me identify the problem. Yes initial connection is made. From what the log says it's the data connection on the different port that's not happening.


What are you using for client software?

At a minimum you should be forwarding port 20 and 21.

If you are going to use passive mode you will need to forward ports 1024 - 5000 to the server address in addition to port 21.

You could use standard mode ftp, you would then have to have the client manually send the PORT commands to initiate the transfer

You may want to read these

http://support.microsoft.com/kb/323446

http://www.nsftools.com/tips/RawFTP.htm

http://www.securitypronews.com/it/networksystems/spn-21-20030917UnderstandingtheFTPPORTCommand.html

Also googling ftp port command might help you.

 

I browsed the user manual for the device and it appears to say that the normal method of access is via http.  Have you tried that approach.

 

I think an easier approach for you would be to use rdp to get to a machine on your network and then access the nas device from that machine.  You should be able to have the machine WOL via the nic and then connect via rdp onces it wakes up.

Highlighted
Contributor
Contributor
Posts: 4
Registered: ‎12-10-2010

I use cuteftp pro

as i mentioned originally i tried setting the ftp server address in dmz host which provides port forwarding for all ports and bypasses firewall so i don't see how setting individual ports to be forwarded whould be any better.

 

About the Blackarmor 440 NAS, yes it supports access via http but you have to create an account on their site (seagate global access) and i'm usually hesitant to use these methods 

Highlighted
Platinum Contributor III
Platinum Contributor III
Posts: 6,819
Registered: ‎08-23-2008
Message 8 of 8
(9,193 Views)

 


@Ripperor wrote:

I use cuteftp pro

as i mentioned originally i tried setting the ftp server address in dmz host which provides port forwarding for all ports and bypasses firewall so i don't see how setting individual ports to be forwarded whould be any better.

 

About the Blackarmor 440 NAS, yes it supports access via http but you have to create an account on their site (seagate global access) and i'm usually hesitant to use these methods 


Try port forwarding. It could be that the filter rule is overiding the DMZ setting. DMZ should be DMZ, but if the forward rule is not there it may not understand you want everything inbound to go to that IP. Not a good thing so it may ignore the DMZ which defeats the purpose wouldn't you say? With the features on the STB and VZ support for all the TV, CID and other options inbound everything to a single IP would break it all.

 

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Covid19


Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.