bartoszbruhn
New Around Here
Hello,
I have just config my first NAS. Evrything is working perfect in ma LAN/WIFI network. But when I creaete domin and try hit FTP server from external, I have a problem. (I'm using filezilla software).
First case:
When I hit FTP server without TLS, I have a access to FTP server. List of folders is presented.
Secend case:
When I try to hit FTP server with TLS, I have connection, and also TLS is OK, but whent try to list folders, then I have:
Server sent passive reply with unroutable address. Using server address instead.
I'm prety sure that issue is releted with:
This is indeed NAT-related.
The FTP protocol doesn't support NAT at all. In active mode, the client explicitly tells the server to open a secondary connection to the client's IP address, which will not work if the client is behind NAT. Conversely, in passive mode the server tells the client to open a secondary connection to the server's IP address, which will fail if the server is behind NAT.
The solution has traditionally been to implement FTP-aware ALGs (Application Layer Gateways) in NAT routers and firewalls. The router/firewall will monitor the commands sent over the control connection and will open the relevant firewall ports, and actually alter FTP PORT commands to make them refer to the right IP address if NAT is involved.
However, using ALGs will not work in some scenarios:
But I still dont know what to change, to get TLS connection. Also, I reach max connections (10) because info about discconection is not hit client<->server FTP. Before I think that someone break into my FTP server (xD).
It was working if I had FTP server on Ruter USB port.
I have just config my first NAS. Evrything is working perfect in ma LAN/WIFI network. But when I creaete domin and try hit FTP server from external, I have a problem. (I'm using filezilla software).
First case:
When I hit FTP server without TLS, I have a access to FTP server. List of folders is presented.
Secend case:
When I try to hit FTP server with TLS, I have connection, and also TLS is OK, but whent try to list folders, then I have:
Server sent passive reply with unroutable address. Using server address instead.
I'm prety sure that issue is releted with:
This is indeed NAT-related.
The FTP protocol doesn't support NAT at all. In active mode, the client explicitly tells the server to open a secondary connection to the client's IP address, which will not work if the client is behind NAT. Conversely, in passive mode the server tells the client to open a secondary connection to the server's IP address, which will fail if the server is behind NAT.
The solution has traditionally been to implement FTP-aware ALGs (Application Layer Gateways) in NAT routers and firewalls. The router/firewall will monitor the commands sent over the control connection and will open the relevant firewall ports, and actually alter FTP PORT commands to make them refer to the right IP address if NAT is involved.
However, using ALGs will not work in some scenarios:
- If the FTP control connection uses a TCP port other than 21, the ALG may not detect that it's FTP traffic.
- If the control connection is encrypted, a router/firewall haa no way of inspecting or altering the data stream.
But I still dont know what to change, to get TLS connection. Also, I reach max connections (10) because info about discconection is not hit client<->server FTP. Before I think that someone break into my FTP server (xD).
It was working if I had FTP server on Ruter USB port.