Did you use passive-mode ?
Sounds like a firewall issue, so try to use passive / active mode (the opposite of what you use now ;-) )
I'm using WL500g with Oleg 1.9.2.7-cr6a. Yesterday, i try to set up a FTP server. Finally, i found that it can't access on Wan address. If i use internal IP, i can do everything. If i use the wan ip, i only can log in. after i type the dir. The ftp program will be hang and nothing will be shown. What's the problem for me?
*Long time ago, i also use Oleg firmware and the FTP work fine.
Did you use passive-mode ?
Sounds like a firewall issue, so try to use passive / active mode (the opposite of what you use now ;-) )
macsat
http://www.macsat.com - Tutorials and information on using ASUS WL-500G and family.
Same problem here. Exposing the pc with the ftp client as Virtual DMZ Server helps. But I don't want to do that. It worked with the older firmware releases. What changed/what can we change so those connections work again?
Don't Panic!
which ftp-server do you use stupid-ftp or vsftp orsomewhat?
If u use vsftp there could be a problem with your xinetd.conf
take a look a this thread
Read also macsat's great howto for vsftp
Greetz Fastclick
My Asus Collection (just starting):
wl-hdd (1.9.2.7-6a, with HUB, USB-HDD, CARDREADER, CAM) Asus A3878GLP Notebook 15" Centrino 2,0 , 1024MB, 80GB, WLAN built-in, DVD+-RW
In short terms:
You have to set up vsftp. Enter the only_from = 0.0.0.0/0 in the xinetd.conf.
You have to route your ftp port from your router to your wl500gx or open then ftp port on your wl500gx to wan with something like that:
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -j DROP
Greetz Fastclick
My Asus Collection (just starting):
wl-hdd (1.9.2.7-6a, with HUB, USB-HDD, CARDREADER, CAM) Asus A3878GLP Notebook 15" Centrino 2,0 , 1024MB, 80GB, WLAN built-in, DVD+-RW
um... in the Oleg firmware, it's using Stupid-ftpd.
Actually, i also tried to disable the internet firewall from the webpage(wl500g), but it doesn't work.
so, any idea... ?
How do your tables look like?
type iptables -L in telnet and post an output here
Do you have the adress of your router in the "Virtual Server List" of your router? If yes, delete it and forward with your post-firewall script and iptables.
Thomas
both can't access from wan.
so, I added 8080 & 1863 for the webcam (it's working now)
Virtual Server
8081 192.168.1.3 TCP
5900 192.168.1.3 TCP
8083 192.168.1.3 BOTH
1863 192.168.1.1 TCP
8080 192.168.1.1 TCP
80 192.168.1.3 BOTH
==== iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:1863
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
DROP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:8082 flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:5800 flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:5900 flags:SYN,RST,ACK/SYN
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1453:65535TCPMSS set 1452
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere limit: avg 1/sec burst 5 icmp echo-request
ACCEPT udp -- anywhere 192.168.1.137 udp dpt:8924
ACCEPT udp -- anywhere 192.168.1.5 udp dpt:3074
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:tproxy
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:5900
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:8083
ACCEPT udp -- anywhere 192.168.1.3 udp dpt:8083
ACCEPT tcp -- anywhere my.router tcp dpt:1863
ACCEPT tcp -- anywhere my.router tcp dpt:webcache
ACCEPT tcp -- anywhere 192.168.1.3 tcp dpt:www
ACCEPT udp -- anywhere 192.168.1.3 udp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:6112
ACCEPT all -- anywhere 192.168.1.5
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain MACS (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1453:65535TCPMSS set 1452
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP'
DROP all -- anywhere anywhere
I found the firewall table including old items such port 5800.
These items already delete at previous firmware but showing here.
so I reset the setting to default, and re-input everything, then
working now!