What's new

NAS and ASUS RT-AC68u external (WAN) access.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

bartoszbruhn

New Around Here
Hello,
I have just config my first NAS. Evrything is working perfect in ma LAN/WIFI network. But when I creaete domin and try hit FTP server from external, I have a problem. (I'm using filezilla software).
First case:
When I hit FTP server without TLS, I have a access to FTP server. List of folders is presented.
Secend case:
When I try to hit FTP server with TLS, I have connection, and also TLS is OK, but whent try to list folders, then I have:
Server sent passive reply with unroutable address. Using server address instead.

I'm prety sure that issue is releted with:

This is indeed NAT-related.

The FTP protocol doesn't support NAT at all. In active mode, the client explicitly tells the server to open a secondary connection to the client's IP address, which will not work if the client is behind NAT. Conversely, in passive mode the server tells the client to open a secondary connection to the server's IP address, which will fail if the server is behind NAT.

The solution has traditionally been to implement FTP-aware ALGs (Application Layer Gateways) in NAT routers and firewalls. The router/firewall will monitor the commands sent over the control connection and will open the relevant firewall ports, and actually alter FTP PORT commands to make them refer to the right IP address if NAT is involved.

However, using ALGs will not work in some scenarios:
  1. If the FTP control connection uses a TCP port other than 21, the ALG may not detect that it's FTP traffic.
  2. If the control connection is encrypted, a router/firewall haa no way of inspecting or altering the data stream.
In the first scenario, it's often possible to get around the problem by explicitly telling the gateway router/firewall let the FTP ALG inspect traffic on one or more alternate ports. In the second scenario, however, there's no way to get around the encryption. After all, that's the whole point of using encryption in the first place.

But I still dont know what to change, to get TLS connection. Also, I reach max connections (10) because info about discconection is not hit client<->server FTP. Before I think that someone break into my FTP server (xD).
It was working if I had FTP server on Ruter USB port.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top