no ftp connection from wan anymore

[5over12]

firmware 1.9.2.7 is working fine for accessing ftp from wan

For me it all starten as my ftp seemed not to work in original firmware..that is why I choose the 1.9.2.7 -4. and initial it WAS working fine,.. untill I starten to use telnet... ( stupid me I should have left it while it was working fine)

strange also is that when I use the hidden admin console, ftp is working for a while,.. but probably after rebooting wlan,.. I have the same probem again..

I presume that there must be another way to keep this working, without going into hidden admin console everytime I hope..

[barsju]

Why don't you post results from

Code:

iptables -t nat -L 
iptables -L

.
Run the two commands and post results here. And have you setup any post-boot, post-mount or post-firewall scripts? If so post them too!

Almost sound like you put your scripts in post-boot, and then when there is a network change, it gets lost. If this is the case, move your code to post-firewall.

S.

Edit: Rdude: Have you tried:

Code:

iptables -A INPUT 2 -p tcp --syn --dport 22 -j ACCEPT

Notice number 2 after INPUT. It means you put it at the top of the chain instead of at the bottom.. This way it will appear before the "drop all" rule..

[rdude]

Rdude: Have you tried:

Code:

iptables -A INPUT 2 -p tcp --syn --dport 22 -j ACCEPT

Notice number 2 after INPUT. It means you put it at the top of the chain instead of at the bottom.. This way it will appear before the "drop all" rule..

Code:

admin@wl500g root]$ iptables -A INPUT 2 -p tcp --syn --dport 22 -j ACCEPT
Bad argument `2'
Try `iptables -h' or 'iptables --help' for more information.

[rdude]

Code:

[admin@Gadoc root]$ iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             192.168.2.128      tcp dpt:webcache to:192.168.100.100:80
NETMAP     udp  --  anywhere             192.168.2.128      udp spt:6112 192.168.100.0/24

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
NETMAP     udp  --  192.168.100.0/24     anywhere           udp dpt:6112 192.168.2.128/32
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  192.168.100.0/24     192.168.100.0/24

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[admin@Gadoc root]$ iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere           state INVALID
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state NEW
ACCEPT     all  --  anywhere             anywhere           state NEW
ACCEPT     tcp  --  anywhere             Gadoc              tcp dpt:www
ACCEPT     icmp --  anywhere             192.168.2.128
DROP       all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT     udp  --  anywhere             anywhere           udp dpt:snmp

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere           state INVALID
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere           tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
ACCEPT     tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
ACCEPT     icmp --  anywhere             anywhere           limit: avg 1/sec burst 5 icmp echo-request
ACCEPT     udp  --  anywhere             anywhere           udp dpt:6112

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain MACS (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere           state INVALID
ACCEPT     all  --  anywhere             anywhere

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP'
DROP       all  --  anywhere             anywhere

Why are there invalid states?

[barsju]

My bad rdude! You should use -I instead of -A of course:

Code:

iptables -I INPUT 2 -p tcp --syn --dport 22 -j ACCEPT

It means you insert at posistion 2 instead of adding to the bottom. In your INPUT chain you have:

Code:

DROP       all  --  anywhere             anywhere  
ACCEPT     tcp  --  anywhere           anywhere           tcp dpt:ssh flags:SYN,RST,ACK/SYN  
ACCEPT     udp  --  anywhere             anywhere           udp dpt:snmp

Here you see that you drop all packets before your two ACCEPT statements. You stated earlier that it didn't work with the -I option, but that should have worked. So I suggest you try again with "-I 2" and if it doesn't work post your "iptables -L" again.

S.

[5over12]

ok here is my result of iptables -L -vn

Code:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID 
 4437  880K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED 
  137  8220 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          state NEW 
  557  178K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0          state NEW 
   34 12396 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp spt:67 dpt:68 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.1        tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            my wan ip      tcp dpt:7776 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            my wan ip      tcp dpt:7777 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            my wan ip      tcp dpt:21 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            my wan ip      
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            my wan ip      tcp dpt:515 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            my wan ip      tcp dpt:9100 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            my wan ip      tcp dpt:9101 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            my wan ip      tcp dpt:3838 
   21  1573 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          

Chain FORWARD (policy ACCEPT 23 packets, 1024 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  345 83772 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID 
    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02 limit: avg 1/sec burst 5 
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x17/0x04 limit: avg 1/sec burst 5 
    0     0 ACCEPT     icmp --  eth1   *       0.0.0.0/0            0.0.0.0/0          limit: avg 1/sec burst 5 icmp type 8 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.1        tcp dpt:21 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.1        udp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.1        tcp dpt:7776 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.1        udp dpt:7776 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.1        tcp dpt:20 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.1        udp dpt:20 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:6112 

Chain OUTPUT (policy ACCEPT 5825 packets, 2826K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain MACS (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID 
    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0          

Chain logaccept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          state NEW LOG flags 7 level 4 prefix `ACCEPT ' 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          state NEW LOG flags 7 level 4 prefix `DROP' 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

I have no idea what it all means,.. but probably some guys can find out, what is wrong with my settings?

[rdude]

My bad rdude! You should use -I instead of -A of course:

Code:

iptables -I INPUT 2 -p tcp --syn --dport 22 -j ACCEPT

Thank you barsju, this works.

[5over12]

and to make it complete here is my startup sequenze in de router...

Code:

Jan  1 01:00:02 kernel: zone(2): 0 pages.
Jan  1 01:00:02 kernel: Kernel command line: root=/dev/mtdblock2 noinitrd init=/linuxrc console=ttyS0,115200
Jan  1 01:00:02 kernel: CPU: BCM4710 rev 0 at 125 MHz
Jan  1 01:00:02 kernel: !unable to setup serial console!
Jan  1 01:00:02 kernel: Memory: 13920k/16384k available (1755k kernel code, 2464k reserved, 220k data, 68k init, 0k highmem)
Jan  1 01:00:02 kernel: Dentry cache hash table entries: 2048 (order: 2, 16384 bytes)
Jan  1 01:00:02 kernel: Inode cache hash table entries: 1024 (order: 1, 8192 bytes)
Jan  1 01:00:02 kernel: Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
Jan  1 01:00:02 kernel: Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
Jan  1 01:00:02 kernel: Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
Jan  1 01:00:02 kernel: Checking for 'wait' instruction...  unavailable.
Jan  1 01:00:02 kernel: Linux NET4.0 for Linux 2.4
Jan  1 01:00:02 kernel: Based upon Swansea University Computer Society NET3.039
Jan  1 01:00:02 kernel: Initializing RT netlink socket
Jan  1 01:00:02 kernel: Starting kswapd
Jan  1 01:00:02 kernel: Journalled Block Device driver loaded
Jan  1 01:00:02 kernel: devfs: v1.12c (20020818) Richard Gooch 
Jan  1 01:00:02 kernel: devfs: boot_options: 0x1
Jan  1 01:00:02 kernel: NTFS driver v1.1.22 [Flags: R/O]
Jan  1 01:00:02 kernel: pty: 256 Unix98 ptys configured
Jan  1 01:00:02 kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
Jan  1 01:00:02 kernel: loop: loaded (max 8 devices)
Jan  1 01:00:02 kernel: PPP Deflate Compression module registered
Jan  1 01:00:02 kernel: PPP BSD Compression module registered
Jan  1 01:00:02 kernel: MPPE/MPPC encryption/compression module registered
Jan  1 01:00:02 kernel:  Amd/Fujitsu Extended Query Table v1.1 at 0x0040
Jan  1 01:00:02 kernel: Physically mapped flash: Swapping erase regions for broken CFI table.
Jan  1 01:00:02 kernel: number of CFI chips: 1
Jan  1 01:00:02 kernel: Flash device: 0x400000 at 0x1fc00000
Jan  1 01:00:02 kernel: Physically mapped flash: squashfs filesystem found at block 936
Jan  1 01:00:02 kernel: Creating 5 MTD partitions on "Physically mapped flash":
Jan  1 01:00:02 kernel: 0x00000000-0x00040000 : "pmon"
Jan  1 01:00:02 kernel: 0x00040000-0x003e0000 : "linux"
Jan  1 01:00:02 kernel: 0x000ea190-0x003e0000 : "rootfs"
Jan  1 01:00:02 kernel: 0x003f0000-0x00400000 : "nvram"
Jan  1 01:00:02 kernel: 0x003e0000-0x003f0000 : "config"
Jan  1 01:00:02 kernel: sflash: chipcommon not found
Jan  1 01:00:02 kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jan  1 01:00:02 kernel: IP: routing cache hash table of 512 buckets, 4Kbytes
Jan  1 01:00:02 kernel: TCP: Hash tables configured (established 1024 bind 2048)
Jan  1 01:00:02 kernel: ip_conntrack version 2.1 (128 buckets, 1024 max) - 344 bytes per conntrack
Jan  1 01:00:02 kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jan  1 01:00:02 kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Jan  1 01:00:02 kernel: NET4: Ethernet Bridge 008 for NET4.0
Jan  1 01:00:02 kernel: FAT: bogus logical sector size 21760
Jan  1 01:00:02 kernel: FAT: bogus logical sector size 21760
Jan  1 01:00:02 kernel: NTFS: Unable to set blocksize 512.
Jan  1 01:00:02 kernel: VFS: Mounted root (squashfs filesystem) readonly.
Jan  1 01:00:02 kernel: Mounted devfs on /dev
Jan  1 01:00:02 kernel: Freeing unused kernel memory: 68k freed
Jan  1 01:00:02 kernel: Warning: unable to open an initial console.
Jan  1 01:00:02 kernel: PCI: Enabling device 01:02.0 (0004 -> 0006)
Jan  1 01:00:02 kernel: eth2: Broadcom BCM4320 802.11 Wireless Controller 3.90.7.0
Jan  1 01:00:02 kernel: device eth0 entered promiscuous mode
Jan  1 01:00:02 kernel: device eth2 entered promiscuous mode
Jan  1 01:00:02 kernel: br0: port 2(eth2) entering listening state
Jan  1 01:00:02 kernel: br0: port 1(eth0) entering listening state
Jan  1 01:00:02 kernel: br0: port 2(eth2) entering learning state
Jan  1 01:00:02 kernel: br0: port 1(eth0) entering learning state
Jan  1 01:00:02 kernel: br0: port 2(eth2) entering forwarding state
Jan  1 01:00:02 kernel: g
Jan  1 01:00:02 kernel: br0: port 1(eth0) entering forwarding state
Jan  1 01:00:02 kernel: br0: topology change detected, propagating
Jan  1 01:00:03 kernel: usb.c: registered new driver usbdevfs
Jan  1 01:00:03 kernel: usb.c: registered new driver hub
Jan  1 01:00:03 kernel: usb-ohci.c: USB OHCI at membase 0xb8004000, IRQ 2
Jan  1 01:00:03 kernel: usb-ohci.c: usb-00:04.0, PCI device 14e4:4715
Jan  1 01:00:03 kernel: usb.c: new USB bus registered, assigned bus number 1
Jan  1 01:00:03 kernel: hub.c: USB hub found
Jan  1 01:00:03 kernel: hub.c: 2 ports detected
Jan  1 01:00:04 kernel: hub.c: new USB device 00:04.0-1, assigned address 2
Jan  1 01:00:04 dnsmasq[52]: DHCPDISCOVER(br0) 192.168.1.150 my mac 
Jan  1 01:00:04 dnsmasq[52]: DHCPOFFER(br0) 192.168.1.150 my mac 
Jan  1 01:00:04 kernel: hub.c: USB hub found
Jan  1 01:00:04 kernel: hub.c: 7 ports detected
Jan  1 01:00:04 dnsmasq[52]: DHCPDISCOVER(br0) 192.168.1.150 my mac 
Jan  1 01:00:04 dnsmasq[52]: DHCPOFFER(br0) 192.168.1.150 my mac 
Jan  1 01:00:04 kernel: usb.c: registered new driver usblp
Jan  1 01:00:04 kernel: printer.c: v0.13: USB Printer Device Class driver
Jan  1 01:00:05 kernel: hub.c: new USB device 00:04.0-1.1, assigned address 3
Jan  1 01:00:05 kernel: usb.c: USB device 3 (vend/prod 0x1058/0x401) is not claimed by any active driver.
Jan  1 01:00:06 kernel: hub.c: new USB device 00:04.0-1.2, assigned address 4
Jan  1 01:00:06 kernel: printer.c: usblp0 Device ID string [36]='^B^P$ßÀ*'
Jan  1 01:00:07 kernel: hub.c: new USB device 00:04.0-1.3, assigned address 5
Jan  1 01:00:07 kernel: SCSI subsystem driver Revision: 1.00
Jan  1 01:00:07 kernel: usb.c: USB device 5 (vend/prod 0x41e/0x4011) is not claimed by any active driver.
Jan  1 01:00:07 USB webcam: attached
Jan  1 01:00:08 kernel: usb.c: registered new driver usb-storage
Jan  1 01:00:08 kernel: scsi0 : SCSI emulation for USB Mass Storage devices
Jan  1 01:00:08 kernel: hub.c: new USB device 00:04.0-1.6, assigned address 6
Jan  1 01:00:08 kernel: usb.c: USB device 6 (vend/prod 0xb39/0x102) is not claimed by any active driver.
Jan  1 01:00:08 dnsmasq[52]: DHCPDISCOVER(br0)  
Jan  1 01:00:08 dnsmasq[52]: DHCPOFFER(br0) 
Jan  1 01:00:08 dnsmasq[52]: DHCPREQUEST(br0) 
Jan  1 01:00:08 dnsmasq[52]: DHCPACK(br0) 192.168.1.150 my mac Joco2
Jan  1 01:00:08 kernel: hub.c: new USB device 00:04.0-1.7, assigned address 7
Jan  1 01:00:08 kernel: usb.c: USB device 7 (vend/prod 0xb39/0x103) is not claimed by any active driver.
Jan  1 01:00:10 kernel:   Vendor: WD Model: 1200BB External   
Jan  1 01:00:10 kernel:   Type:   Direct-Access  ANSI SCSI revision: 02
Jan  1 01:00:10 kernel: Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
Jan  1 01:00:10 kernel: SCSI device sda: 234441648 512-byte hdwr sectors 
Jan  1 01:00:10 kernel: Partition check:
Jan  1 01:00:10 kernel:  p1
Jan  1 01:00:10 kernel: USB Mass Storage support registered.
Jan  1 01:00:11 kernel: Installing knfsd (copyright (C) 1996 
Jan  1 01:00:11 portmap[94]: user rpc not found, reverting to user bin
Jan  1 01:00:12 dnsmasq[52]: DHCPREQUEST(br0) 192.168.1.150 my mac 
Jan  1 01:00:12 dnsmasq[52]: DHCPACK(br0) 192.168.1.150 my mac  Joco2
Jan  1 01:00:12 udhcpc[104]: udhcpc (v0.9.9-pre) started
Jan  1 01:00:13 kernel: neg fail
Jan  1 01:00:13 dnsmasq[52]: read /etc/hosts - 5 addresses
Jan  1 01:00:13 dnsmasq[52]: reading /tmp/resolv.conf
Jan  1 01:00:13 dhcp client: deconfig: lease is lost
Jan  1 01:00:15 kernel: printer.c: usblp0 Device ID string [36/max 1552]='^B^P$ßÀ*'
Jan  1 01:00:15 kernel: printer.c: Parsing USBLPID...
Jan  1 01:00:15 dnsmasq[52]: DHCPINFORM(br0) 192.168.1.150 my mac 
Jan  1 01:00:15 dnsmasq[52]: DHCPACK(br0) 192.168.1.150 my mac  Joco2
Jan  1 01:00:16 udhcpc[104]: Lease of wan IP adress obtained, lease time 481826
Jan  1 01:00:16 dnsmasq[52]: read /etc/hosts - 5 addresses
Jan  1 01:00:16 dnsmasq[52]: reading /tmp/resolv.conf
Jan  1 01:00:16 dnsmasq[52]: using nameserver 195.162.196.3#53
Jan  1 01:00:16 dnsmasq[52]: using nameserver 212.142.28.69#53
Jan  1 01:00:17 kernel: lp driver: get device ID
Jan  1 01:00:17 kernel: neg fail
Jan  1 01:00:17 kernel: neg fail
Jan  1 01:00:17 dhcp client: bound IP : wan IP adress from @@.@@.@.@.@
Jan  1 01:00:18 dnsmasq[52]: DHCPINFORM(br0) 192.168.1.150 my mac 
Jan  1 01:00:18 dnsmasq[52]: DHCPACK(br0) 192.168.1.150 my mac  Joco2
Apr  3 19:44:01 kernel: VFS: Can't find ext3 filesystem on dev sd(8,1).
Apr  3 19:44:01 kernel: MSDOS FS: Using codepage 950
Apr  3 19:44:01 kernel: MSDOS FS: IO charset cp950
Apr  3 19:44:01 kernel: pwc Philips PCA645/646 + PCVC675/680/690 + PCVC730/740/750 webcam module version 8.12 loaded.
Apr  3 19:44:01 kernel: pwc Also supports the Askey VC010, various Logitech Quickcams, Samsung MPC-C10 and MPC-C30,
Apr  3 19:44:01 kernel: pwc the Creative WebCam 5, SOTEC Afina Eye and Visionite VCS-UC300 and VCS-UM100.
Apr  3 19:44:01 kernel: usb.c: registered new driver Philips webcam
Apr  3 19:44:01 kernel: pwc Creative Labs Webcam Pro Ex detected.
Apr  3 19:44:01 kernel: pwc Registered as /dev/video0.
Apr  3 19:44:02 kernel: pwc This Creative Labs Webcam Pro Ex camera is equipped with a unknown type of sensor (-32).
Apr  3 19:44:02 kernel: pwc Failed to set LED on/off time.
Apr  3 19:44:02 USB storage: vfat fs mounted to /tmp/harddisk 
Apr  3 19:44:04 FTP server: daemon is started
Apr  3 19:44:13 ntp client: Synchronizing time with time.nist.gov ...
Apr  3 19:45:05 kernel: printer.c: usblp0 Device ID string [36/max 1552]='^B^P$ßÀ*'
Apr  3 19:45:05 kernel: printer.c: Parsing USBLPID...

[5over12]

I left some parts out,.. which were to my opinion not inportant and make it that it fit in one reply.. ;

[barsju]

Hmm. Well this line in INPUT-chain:

Code:

   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            my wan ip      tcp dpt:21

Indicates that request to your ip on port 21 should be accepted. Which is good.

These lines however:

Code:

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.1        tcp dpt:21       
0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.1        udp dpt:21

Indicates that you're trying to forward port 21 to 192.168.1.1 (Which is your local adress of your router?). This is not necessary. Have you set it up as a virtual server? If so delete the entry, and try that.

S.

[5over12]

I really apreciate that you are trying to help me barsju, so thank you for that.

As I feel my self more and more a real noob I keep having questions..

I took out the line in my virtual server part in forwarding port 21 to my internal router IP adres. What I was afriad of happend.. it still did not work.

to have a short resume of what my problem is ;
after trying to change parts with telnet my FTP did not function anymore.
installing later releases of firmware did not help me to get everything working again.
going back to original firmwares did not help either..
so I installed the 1.9.2.7-4 firmware again.
seems I cant enter my router from wan site anymore.
seems I cant enter FTP from wan site when firewall is up.
seems I cant enter webcam from wan site anymore when wan site is up
seems router is also very slow.aswell in the embedded websites as in trafic..
maybe my router is broken? or about to break maybe?

how can I get my original settings back in the way I bought my router. Could it be that I changed certain parts with telnet which stay in the router eventhough resetting it and going back to original firmware?
I WAS really happy with my new toy,.. but I have been busy now for such a long time to get it up the way it is supposed to work,.. that I get really desperate...
I am almost thinking about a new one....

[barsju]

how can I get my original settings back in the way I bought my router.

Have you tried to reset to factory defaults? (System setup->Factory defaults) That should get your settings back.

If it works here is the relevant settings I have:
Internet firewall: ON
WAN - LAN filter: OFF
LAN - WAN filter: OFF
FTP server: ON
FTP port: 21
etc.

Try setting just these settings. To check if port is open from home try: https://grc.com/x/ne.dll?bh0bkyd2 (Shieldsup), and scan for common ports. Port 21 should be marked as open.

If the restore factory defaults doesn't work, you can try by holding the button in the back for a few seconds. (Check manual/search forum).

S.

PS: If Oleg is reading this - Shouldn't there be an option in FTP server for "Enable access from WAN? Yes, No."

[5over12]

Thank you barsju

Seems FTP is accesable again from WAN,.. I am not shure if it is becuase of deleting the lines in virtual server or not. But I am happy!!! (though it worked before with the virtual server settings )

I wont touch settings anymore untill I have a good grip on what I am actually typing..
Bought myself some good books about Linux and will first learn this langgauge a bit more...

Thanks again!!!

ps.. wouldn't it be nice to have also built in a list of ftp users telling what activity they have? maybe even with a mac adress control list?

[barsju]

The built in ftp server is called stupid_ftp and is quite stupid. But keep reading this forum and do some careful testing. You should look into the unslung packages. There is a better ftp server there that has a lot more capabilities when it comes to access control.

S.

[roque69]

Hi.

I have a Zoom 5551X4 ADSL modem connected to my WL-500g router (to one lan port as I can't connect with the modem in the wan port!) but I can't enable the FTP or even the web server from outside the lan! The lan computers can access the web server and the ftp but from the outside nothing!

I've tried to put the router IP in the DMZ of the modem but nothing! If I disable NAT in the Zoom modem I can't connect to internet! I've tried also placing port 21 in the virtual server of the modem bot it doesn't work!

I've checked in https://grc.com/x/ne.dll?bh0bkyd2 (Shieldsup) but it allways shows port 21 as stealth.

Any ideas?

Thanks,
Miguel