FTP Server using VPN

[alk630]

I run an FTP server from one of the PCs on my LAN which I use to connect from outside (WAN) to download private files.

After setting up OpenVPN client on my RT-N66U flashed with the latest Merlin firmware, I am now unable to connect to the FTP server from outside my LAN.

Would it be possible to someone to provide a SIMPLE guide as to how this can be achieved please?

 

[TeHashX]

Give us more details, do you have static, dinamic ip?

Sent from my HTC One S using Tapatalk 2

 

[alk630]

Give us more details, do you have static, dinamic ip?

Sent from my HTC One S using Tapatalk 2

Yes, sorry static IP....is there anything else you need to know?

 

[TeHashX]

Are you using port 21? try to change it.

 

[alk630]

Are you using port 21? try to change it.

Yes, was using port 21, but on your request changed to port 5001. Here are the results:

With the OpenVPN client turned off:

Test log
Status: Resolving address of x2.x7.x5.x01
Status: Connecting to x2.x7.x5.x01
Status: Connected, waiting for welcome message
Reply: 220 Hello, welcome to xxxxxx private home server...enjoy
Command: CLNT http://ftptest.net on behalf of x2.x7.x5.x01
Reply: 200 Don't care
Command: USER xxxx
Reply: 331 Password required for xxxx
Command: PASS ********
Reply: 230 Logged on
Command: SYST
Reply: 215 UNIX emulated by FileZilla
Command: FEAT
Reply: 211-Features:
Reply: MDTM
Reply: REST STREAM
Reply: SIZE
Reply: MLST type*;size*;modify*;
Reply: MLSD
Reply: UTF8
Reply: CLNT
Reply: MFMT
Reply: 211 End
Command: PWD
Reply: 257 "/" is current directory.
Status: Current path is /
Command: TYPE I
Reply: 200 Type set to I
Command: PASV
Reply: 227 Entering Passive Mode (x2,x7,x5,x01,195,84)
Command: MLSD
Reply: 150 Connection accepted
Reply: 226 Transfer OK
Listing: type=dir;modify=20130113033656; A
Status: Success

Results
Congratulations! Your server is working and assorted routers/firewalls have been correctly configured for plain basic FTP.
Feel free to test another one of your servers by entering its details below.

With the OpenVPN client turned on:

Test log
Status: Resolving address of x2.x7.x5.x01
Status: Connecting to x2.x7.x5.x01
Error: Connection attempt timed out
Results
Error: Connection attempt timed out
Timeouts are usually caused by some router and/or firewall that is interrupting the connection.
Try uninstalling all firewalls and plug your computer directly into your modem, thus bypassing the router.

The internet and VPN both appear to be working perfectly and passing DNS leaktests.

 

[TeHashX]

Did you oppened the port 5001 under Virtual Server / Port Forwarding?

 

[alk630]

Did you oppened the port 5001 under Virtual Server / Port Forwarding?

Yes...the FTP result with the VPN client turned off (above) wouldn't have connected otherwise.

Edit: One side note, and I don't know whether this is an intended feature, but if I make any changes to Port Forwarding with the VPN client turned off and apply them, the VPN client is automatically turned back on...is this supposed to happen?

 

[Mistermoonlight]

Did you try to reset to factory default settings and then reconfigure the feature you need?

 

[alk630]

Did you try to reset to factory default settings and then reconfigure the feature you need?

Yes have tried this too!

Edit: It seems someone else is asking a similar question:

http://forums.smallnetbuilder.com/showthread.php?p=63808#post63808

 

[s4mb4]

here is what to do.

enable SSH via the Merlin web interface.

log into the router with Putty via SSH. (use the account you use to access the web interface)

type in commands like this to open the ports;

iptables -t nat -I PREROUTING -p tcp --dport 8090 -j DNAT --to 192.168.1.80:8090
iptables -I FORWARD -p tcp -d 192.168.1.90 --dport 8090 -j ACCEPT

iptables -t nat -I PREROUTING -p tcp --dport 8443 -j DNAT --to 192.168.1.80:8443
iptables -I FORWARD -p tcp -d 192.168.1.90 --dport 8443 -j ACCEPT

iptables -t nat -I PREROUTING -p tcp --dport 57723 -j DNAT --to 192.168.1.115:57723
iptables -I FORWARD -p tcp -d 192.168.1.115 --dport 57723 -j ACCEPT

iptables -t nat -I PREROUTING -p tcp --dport 5109 -j DNAT --to 192.168.1.90:5109
iptables -I FORWARD -p tcp -d 192.168.1.90 --dport 5109 -j ACCEPT

iptables -t nat -I PREROUTING -p tcp --dport 32400 -j DNAT --to 192.168.1.90:32400
iptables -I FORWARD -p tcp -d 192.168.1.90 --dport 32400 -j ACCEPT

 

[alk630]

Does each one of those commands open a separate port over VPN? So if say my FTP server was running on port 21 on a LAN PC with IP address 192.168.1.61, what would the correct syntax be please? Is it possible to provide a bit of an explanation as to what these commands actually mean too please?