Log in

Bekijk de volledige versie : FTP Problem


smallkeung
28-06-2005, 10:08
I'm using WL500g with Oleg 1.9.2.7-cr6a. Yesterday, i try to set up a FTP server. Finally, i found that it can't access on Wan address. If i use internal IP, i can do everything. If i use the wan ip, i only can log in. after i type the dir. The ftp program will be hang and nothing will be shown. What's the problem for me?

*Long time ago, i also use Oleg firmware and the FTP work fine.
macsat
28-06-2005, 11:13
Did you use passive-mode ?

Sounds like a firewall issue, so try to use passive / active mode (the opposite of what you use now ;-) )
Death
28-06-2005, 16:13
Same problem here. Exposing the pc with the ftp client as Virtual DMZ Server helps. But I don't want to do that. It worked with the older firmware releases. What changed/what can we change so those connections work again?
fastclick
29-06-2005, 08:51
which ftp-server do you use stupid-ftp or vsftp orsomewhat?

If u use vsftp there could be a problem with your xinetd.conf


take a look a this thread (http://wl500g.info/showthread.php?t=2743&highlight=config+xinetd)

Read also macsat's great howto for vsftp (http://www.macsat.com/vsftpdGuide.php)

Greetz Fastclick
fastclick
29-06-2005, 09:03
In short terms:

You have to set up vsftp. Enter the only_from = 0.0.0.0/0 in the xinetd.conf.
You have to route your ftp port from your router to your wl500gx or open then ftp port on your wl500gx to wan with something like that:



iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -j DROP


Greetz Fastclick
smallkeung
30-06-2005, 03:57
um... in the Oleg firmware, it's using Stupid-ftpd.

Actually, i also tried to disable the internet firewall from the webpage(wl500g), but it doesn't work.

so, any idea... ?
tim
30-06-2005, 08:11
How do your tables look like?

type iptables -L in telnet and post an output here
samoht
30-06-2005, 17:27
Do you have the adress of your router in the "Virtual Server List" of your router? If yes, delete it and forward with your post-firewall script and iptables.

Thomas
kuen
11-07-2005, 14:14
both can't access from wan.
so, I added 8080 & 1863 for the webcam (it's working now)

Virtual Server
8081 192.168.1.3 TCP
5900 192.168.1.3 TCP
8083 192.168.1.3 BOTH
1863 192.168.1.1 TCP
8080 192.168.1.1 TCP
80 192.168.1.3 BOTH

==== iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:1863
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
DROP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:8082 flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:5800 flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:5900 flags:SYN,RST,ACK/SYN

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1453:65535TCPMSS set 1452
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere limit: avg 1/sec burst 5 icmp echo-request
ACCEPT udp -- anywhere 192.168.1.137 udp dpt:8924
ACCEPT udp -- anywhere 192.168.1.5 udp dpt:3074
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:tproxy
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:5900
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:8083
ACCEPT udp -- anywhere 192.168.1.3 udp dpt:8083
ACCEPT tcp -- anywhere my.router tcp dpt:1863
ACCEPT tcp -- anywhere my.router tcp dpt:webcache
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:www
ACCEPT udp -- anywhere 192.168.1.3 udp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:6112
ACCEPT all -- anywhere 192.168.1.5

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain MACS (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1453:65535TCPMSS set 1452
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT all -- anywhere anywhere

Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP'
DROP all -- anywhere anywhere
kuen
16-07-2005, 17:05
I found the firewall table including old items such port 5800.
These items already delete at previous firmware but showing here.

so I reset the setting to default, and re-input everything, then
working now! :)