Unable to connect to FTP Server connected to Merlin 384.17 (ECONNREFUSED)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Jo Sidarta

Occasional Visitor
Hi,

Currently using Asus RT-AC68U with Merlin 384.17 (192.168.1.1)
I have FTP with SSL/TLS (explicit) server on QNAP TS-453be (192.168.1.26)

External IP > Asus (192.168.1.1) port 2021 > QNAP (192.168.1.26) port 1025

I have disabled FTP server on the Asus router:
FTP Disabled.png

Asus Port forwarding configuration:
FTP Port Forwarding.png

QNAP FTP setup:
QNAP FTP Setting.png


1. When I tried to login from internal network using WAN IP address - it throws ECONNREFUSED error
Code:
Status:          Connecting to MASKED_PUBLIC_IP:2021...
Status:          Connection established, waiting for welcome message...
Status:          Initializing TLS...
Status:          Verifying certificate...
Status:          TLS connection established.
Status:          Logged in
Status:          Retrieving directory listing...
Command:    PWD
Response:     257 "/" is the current directory
Command:    TYPE I
Response:     200 Type set to I
Command:    PASV
Response:     227 Entering Passive Mode (MASKED_PUBLIC_IP,219,61).
Command:    MLSD
Error:            The data connection could not be established: ECONNREFUSED - Connection refused by server

Asus Log:
Code:
Jun 13 21:53:56 kernel: ACCEPT IN=br0 OUT=br0 SRC=SOURCE_IP DST=192.168.1.26 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=49259 DPT=1025 SEQ=2364610297 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B4010303050101080A07D5F96D0000000004020000) MARK=0x1

2. When I tried to login from external network - it just times out during 'retrieving directory listing'
Code:
Status:          Connecting to MASKED_PUBLIC_IP:2021...
Status:          Connection established, waiting for welcome message...
Status:          Initializing TLS...
Status:          Verifying certificate...
Status:          TLS connection established.
Status:          Logged in
Status:          Retrieving directory listing...
Command:    PWD
Response:     257 "/" is the current directory
Command:    TYPE I
Response:     200 Type set to I
Command:    PASV
Response:     227 Entering Passive Mode (MASKED_PUBLIC_IP,220,191).
Command:    MLSD
Error:            Connection timed out after 20 seconds of inactivity

Asus log stated:
Code:
Jun 13 21:41:20 kernel: ACCEPT IN=eth0 OUT=br0 SRC=SOURCE_IP DST=192.168.1.26 LEN=64 TOS=0x08 PREC=0x20 TTL=51 ID=0 DF PROTO=TCP SPT=3357 DPT=1025 SEQ=1181126840 ACK=0 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 OPT (0204058C010303050101080A07CAA4880000000004020000)

QNAP stated it logins successfully:
QNAP FTP LOG.png


I have a suspicion this have been caused by Asus?

Thanks
 

ColinTaylor

Part of the Furniture
The issue is caused by using SSL/TLS and switching to passive mode. Passive mode needs the router to forward additional ports which are randomly created. Because the traffic is encrypted the router has no way of knowing what ports are needed.

Look at the advanced options for the FTP server and see if it has anything related to passive mode ports. Sometimes there's an option to either use UPnP to open the ports, or restrict the range to something manageable that can be forwarded manually on the router.

EDIT: According to this QNAP document there are passive port settings under the advanced options. The default passive ports are 55536-56559 so these are the ports you need to forward on your router. To my mind a port range of 1024 is excessive. Merlin's FTPS server uses 30 ports by comparison, which is more sensible (unless you expect to have many users connected concurrently).
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top