Running an FTP/FTPS on Merlin firmware Recommendations

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Makaveli

Very Senior Member
Hello all,

I have an FTP setup on Merlin and everything is working fine but looking to see what are the best recommendations when setting one up. And maybe this post maybe useful for someone considering it. Also want to touch on FTP / FTPS.

I'm currently using FileZilla Server to run the FTP.



My setup in the firmware is this.




So first question is Port Forwarding the a choice then Port Trigger?

Now onto FTPS

If I enable it are the x.590 certificate a requirement?

Also based on the 990 default port does that require another port forward?

 

ColinTaylor

Part of the Furniture
So first question is Port Forwarding the a choice then Port Trigger?
I can't think why anyone would use Port Trigger for this, but I suppose it depends on your use case.

If I enable it are the x.590 certificate a requirement?
Yes

Also based on the 990 default port does that require another port forward?
Yes
 

Makaveli

Very Senior Member
Last edited:

Makaveli

Very Senior Member

Decado

Occasional Visitor
I like that you are using DU meter I haven't used that app in like 10+ years, I may readd it to my list of utilities installed.
LOL Guilty as charged. Once you are up around the 60 y.o. mark the chase for the latest and greatest eases off and the appreciation for the tried, true and working is enhanced. That said, show me something better and I’m still all over it hence my recent discovery and adoption of RMerlin. :)
 

Makaveli

Very Senior Member
These days I just use the task manager since it doesn't require me to install anything.

 

Decado

Occasional Visitor
These days I just use the task manager since it doesn't require me to install anything.

I use DUMeter mostly for the network traffic totals and review data in bound and out bound to get an idea of anything odd that might be going on.
 

M95D

New Around Here
Hi.
I use filezilla behind a router too, but I don't have a fixed IP and I need to use a DDNS.
I have a problem with passive FTP. The server needs to know my WAN IP for the PASV reply. There are two options in filezilla:
- Ask the DNS (router) for the IP of DDNS name. This doesn't work because the router replies with local address of the server.
- Ask a remote web server that sends back the IP address of the incomming connection.

Is there any method to get the WAN IP from Merlin fw as the sole content of a web page?
 

ColinTaylor

Part of the Furniture
Is there any method to get the WAN IP from Merlin fw as the sole content of a web page?
Why not use the option that's already in the Filezilla Server Options?

See @Decado's image here with the option to "Retrieve external IP address from".
 

ColinTaylor

Part of the Furniture
You mean filezilla's server?
Yes.

My server would depend on theirs.
You're dependent on their servers for software updates anyway. Likewise you're dependent on your DDNS provider for associating your dynamic IP address.

But to answer your original question; no, there isn't a router URL that just returns the WAN IP address. Maybe your DDNS provider has a suitable URL you could use?
 

Makaveli

Very Senior Member
Hi.
I use filezilla behind a router too, but I don't have a fixed IP and I need to use a DDNS.
I have a problem with passive FTP. The server needs to know my WAN IP for the PASV reply. There are two options in filezilla:
- Ask the DNS (router) for the IP of DDNS name. This doesn't work because the router replies with local address of the server.
- Ask a remote web server that sends back the IP address of the incomming connection.

Is there any method to get the WAN IP from Merlin fw as the sole content of a web page?
I was just checking this and I am able to recreate your issue.

The server has been configured to use the DDNS instead of IP.



If I go to https://ftptest.net and test it.

 

ColinTaylor

Part of the Furniture
The server has been configured to use the DDNS instead of IP.
The main problem the OP was having was that the router's DNS server was returning the router's internal IP address instead of the external IP address when querying his DDNS name. That doesn't appear to be a problem for you because I'm assuming that's why you blanked out the IP address in the second line of your test log image.


If I go to https://ftptest.net and test it.

I don't find this (PASV returning a private address) to be a problem because all the clients I use are aware of the problems with NAT and work around it. Filezilla client for example:
Code:
Command:    PASV
Response:   227 Entering Passive Mode (192,168,1,10,215,35).
Status:     Server sent passive reply with unroutable address. Using server address instead.
Trace:       Reply: 192.168.1.10, peer: 80.xx.yy.zz
 
Last edited:

Makaveli

Very Senior Member
Hi.
The main problem the OP was having was that the router's DNS server was returning the router's internal IP address instead of the external IP address when querying his DDNS name. That doesn't appear to be a problem for you because I'm assuming that's why you blanked out the IP address in the second line of your test log image.



I don't find this (PASV returning a private address) to be a problem because all the clients I use are aware of the problems with NAT and work around it. Filezilla client for example:
Code:
Command:    PASV
Response:   227 Entering Passive Mode (192,168,1,10,215,35).
Status:     Server sent passive reply with unroutable address. Using server address instead.
Trace:       Reply: 192.168.1.10, peer: 80.xx.yy.zz
I have a problem with passive FTP. The server needs to know my WAN IP for the PASV reply. There are two options in filezilla:
- Ask the DNS (router) for the IP of DDNS name. This doesn't work because the router replies with local address of the server.
- Ask a remote web server that sends back the IP address of the incomming connection.

Is there any method to get the WAN IP from Merlin fw as the sole content of a web page?
You are correct I see my mistake.

And yes after testing in the filezilla client I get in without the error from the test site.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top