1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato FTP change WAN port and allowing all IP addresses

Discussion in 'Tomato Firmware' started by Solace50, Jan 8, 2018.

  1. Solace50

    Solace50 Connected Client Member

    Two things trying to be achieved,

    Firstly WAN ftp access on a different port aside from 21, it appears if changed to something else than 21 then the directories are not listed despite a login is attempted. Port 21 seems to work fine, I guess I could edit the iptables for this?

    Second is for allowing any IP, ive tried which removes the /0. I'm fully aware of what this does and I will be having multiple dynamic ip's for a short duration and nothing crucial is on the device/network. Is the syntax different for allowing any with vsftpd? I checked the iptables for this as well and tried to manually apply the change and reload the firewall but it just corrects the entry and appears to not work.
  2. Sean B.

    Sean B. LI Guru Member

    Unable to reproduce your port issue. In the web interface under USB and NAS->FTP Server, setting "Enable FTP Server" to "Yes, WAN and LAN", and "FTP Port" to 2222 I was able to connect via remote client ( cell phone ) to my WAN IP on port 2222 and list the directory of the user. Note that there are directory options depending on what form of authentication is used. As for allowing any remote IP, simply leave the "Allowed remote address(es)" box empty.
  3. Solace50

    Solace50 Connected Client Member

    Hmm, never knew that unless an address is defined that tomato allows all, I could have sworn I left it empty initially and was unable to connect. At the moment I just use a DNS to allow access. I guess it could be nvram specific issue despite it was cleared or a conflicting configuration/port in use though the router showed nothing else bound to the port. Could i just ask what build you are currently on yourself? Ill try with a fresh install and see if something specific is causing it.

    Mine would be this for the ea6900
    1.28.0000 -2017.3b13-kille72- K26ARM USB AIO-64K
  4. Solace50

    Solace50 Connected Client Member

    Clearing the IP addresses appears to have worked for the access, will fiddle with the port setting and see if it continues as well.
  5. Solace50

    Solace50 Connected Client Member

    It appears I can establish a connection on other ports, though when reading the directory of the FTP a timeout still occurs.

    Timeout detected. (control connection)
    Could not retrieve directory listing
    Error listing directory '/'.

    The path should be /tmp/mnt/media/ being retrieved though for the specified user path, default paths should be the same as well regardless of auth type.
  6. Solace50

    Solace50 Connected Client Member

    Ah nvm, it has to do with the client and using different ports/windows defender firewall, I just realized there was a rule in place blocking the request on the affected machines. Thanks though.

    Edit: I lied it still occurs, I tried from my android device with andftp of which can also connect. In active mode I get a 500 illegal port error, in passive mode it connects but fails to list the directory. The last output message in andftp is Replacing with the WAN IP address of the ftp

    Seems fairly accurate to the situation,
    Last edited: Jan 9, 2018
  7. Sean B.

    Sean B. LI Guru Member

  8. Sean B.

    Sean B. LI Guru Member

    Are you trying to access ftp via your WAN IP with a device that is connected to your LAN?
  9. Solace50

    Solace50 Connected Client Member

    all tests were done externally, either through cell or vpn on another laptop or even rdp, I confused myself thinking it was working since I did the connection without the vpn being active once. The hostname will resolve to the lan ip since im using a DNS and not the direct ip (which was used after to avoid the confusion). Ill play around with it come the next update as I cant think of anything else to check myself at the moment.
    Last edited: Jan 16, 2018

Share This Page