Server returned unroutable private IP address in PASV reply

[PoloNes]

Hello,

I have a NAS Synology with an FTP server enabled.

Summarizing the problem.

In my old Linksys E900 with dd-wrt, FTP server works perfectly.

Now with the Asus AC68U with merlin firmware 378.50, it is not possible to list the directories.

The FTP server is behind two NAT (modem + router + synology).

I can no longer connect via FTP or FTPS.

What's happening?

excuse me for English is not my first language.

LOG FTP

Spoiler: LOG

Warning: Selected port (2112) is not the default port (21) of the selected protocol.

Status: Resolving address of x.x.x.x

Status: Connecting to x.x.x.x

Warning: The entered address does not resolve to an IPv6 address.

Status: Connected, waiting for welcome message...

Reply: 220 DS213 FTP server ready.

Command: CLNT https://ftptest.net on behalf of x.x.x.x

Reply: 500 CLNT https://ftptest.net on behalf of x.x.x.x: command not understood.

Command: AUTH TLS

Reply: 234 AUTH SSL command successful.

Status: Performing TLS handshake...

Status: TLS handshake successful, verifying certificate...

Command: USER ftpuser

Reply: 331 Password required for ftpuser.

Command: PASS ********

Reply: 230 User ftpuser logged in, access restrictions apply.

Command: SYST

Reply: 215 UNIX Type: L8

Command: FEAT

Reply: 211- Extensions supported:

Reply: AUTH TLS

Reply: PBSZ

Reply: PROT

Reply: SIZE

Reply: MDTM

Reply: MFMT

Reply: REST STREAM

Reply: UTF8

Reply: MLST type*;modify*;size*;UNIX.mode*;UNIX.owner*;UNIX.group*;

Reply: MLSD

Reply: 211 End.

Command: PBSZ 0

Reply: 200 PBSZ command successful (PBSZ=0).

Command: PROT P

Reply: 200 Protection level set to Private.

Command: PWD

Reply: 257 "/" is current directory.

Status: Current path is /

Command: TYPE I

Reply: 200 Type set to I.

Command: PASV

Reply: 227 Entering Passive Mode (192,168,1,24,216,245)

Error: Server returned unroutable private IP address in PASV reply

 

[octopus]

I dont know what pasv range you use probably 55500-55599 your reply show port 55541
You may missing pasv firewall rule and try this;

# PASV INPUT PORT RANGE
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 55500:55599 -j ACCEPT

put that in /jffs/scripts/firewall-start and chmod a+rx /jffs/scripts/firewall-start

And you may need this rules also, not standard ftp port

iptables -A INPUT -p tcp -m tcp --dport 2112 -j ACCEPT

 

[PoloNes]

I dont know what pasv range you use probably 55500-55599 your reply show port 55541
You may missing pasv firewall rule and try this;

put that in /jffs/scripts/firewall-start and chmod a+rx /jffs/scripts/firewall-start

And you may need this rules also, not standard ftp port

Thank you very much.
Now is working perfectly .


Enviado do meu iPad Mini retina usando Tapatalk

 

[octopus]

Thank you very much.
Now is working perfectly .


Enviado do meu iPad Mini retina usando Tapatalk

Glad you get it to work now !

 

[octopus]

I dont know what pasv range you use probably 55500-55599 your reply show port 55541
You may missing pasv firewall rule and try this;
put that in /jffs/scripts/firewall-start and chmod a+rx /jffs/scripts/firewall-start
And you may need this rules also, not standard ftp port

I forgot to mention that you have to put these in "vsftpd.conf.add" program may change pasv interval and ip-table doesn't match anymore.

pasv_enable=Yes
pasv_min_port=55500
pasv_max_port=55599

 

[dipen]

# PASV INPUT PORT RANGE
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 55500:55599 -j ACCEPT


iptables -A INPUT -p tcp -m tcp --dport 2112 -j ACCEPT

Where should I add this info?
I am new to server configurations and I have the same issue on my new server.

Please guide me.