Hi everyone.
This is on an AS3304T
My issue is pretty much as the title really. FTP has been working for ages without any issues. But for the last few weeks it's playing up. If I an connected to my local network (iPhone on WIFI) I can access FTP via the local IP address and the WAN IP address. However, if I connect to the 4G/5G network I can not access FTP.
I have rebooted everything, double checked my port forward on the router (Virgin Media Hub 4.0). Tried two different iPhone Apps. I've cleared the blacklist in ADM Defender (The last auto blacklist entry was on 1st May. I normally have one new entry every couple of days!!)
I have created a support ticket but thought I would try here as well. Can't add pictures as the board quota ras been reached!!
Can anyone help?
Sean
FTP working locally but not remote
-
- Posts: 3
- youtube meble na wymiar Warszawa
- Joined: Fri Feb 25, 2022 1:30 am
- Nazar78
- Posts: 2084
- Joined: Wed Jul 17, 2019 10:21 pm
- Location: Singapore
- Contact:
Re: FTP working locally but not remote
As an advise, FTP is totally insecure to be used over the WAN. If you were to access your NAS from a public access point which has been compromised, or even your house Wi-Fi with a rogue device connected, the clear text username/password can be clearly seen from a MITM (man-in-the-middle) attacks like ARP poisoning. Another is net bots trying to gain access to your FTP using dictionary attacks, ADM Defender might get unlucky at certain point. The least is use VPN to access your local network.
Back to the topic. The NAS is not the issue here since you can access it locally.
1. Try using static IP instead of DHCP? Assign a static IP to the NAS and use this IP for the port forwarding.
2. On the same network, test your FTP port external access using https://canyouseeme.org/. It would also possibly your mobile network is blocking the FTP port access, try testing a plain HTTP port 80 if that works.
Back to the topic. The NAS is not the issue here since you can access it locally.
1. Try using static IP instead of DHCP? Assign a static IP to the NAS and use this IP for the port forwarding.
2. On the same network, test your FTP port external access using https://canyouseeme.org/. It would also possibly your mobile network is blocking the FTP port access, try testing a plain HTTP port 80 if that works.
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
-
- Posts: 3
- Joined: Fri Feb 25, 2022 1:30 am
Re: FTP working locally but not remote
Hi Nazar,
I have just set up the SFTP to try that. Again it works via the WAN IP if connected to the local network. But not if connected to 4G/5G
I have a static IP assigned to the NAS and the port forwards for FTP and SFTP are set correctly.
I have checked the ports 21 and 2222 with canyouseeme.org and they can both be seen OK.
How would I go about testing port 80? Would I need to configure the web server in Web Center?
I am going to try putting the Virgin Media Router in Modem mode in a couple of days and add a separate router, just to rule out the Virgin Hub 4.0
Thanks for your reply.
Sean
I have just set up the SFTP to try that. Again it works via the WAN IP if connected to the local network. But not if connected to 4G/5G
I have a static IP assigned to the NAS and the port forwards for FTP and SFTP are set correctly.
I have checked the ports 21 and 2222 with canyouseeme.org and they can both be seen OK.
How would I go about testing port 80? Would I need to configure the web server in Web Center?
I am going to try putting the Virgin Media Router in Modem mode in a couple of days and add a separate router, just to rule out the Virgin Hub 4.0
Thanks for your reply.
Sean
- Nazar78
- Posts: 2084
- Joined: Wed Jul 17, 2019 10:21 pm
- Location: Singapore
- Contact:
Re: FTP working locally but not remote
There's the proof your 4G/5G mobile network provider is blocking connecting to the ftp port. Nothing wrong with the NAS or router setup because canyouseeme.org can connect to your ports 21/2222. Think your mobile provider will only allow to connect to standard HTTP ports 80/443, you'll need to check with them. I've encountered this sometimes when travelling. So instead of using FTPS/SFTP, I use WebDAV HTTPS via reverse proxy using the port 443.Sean Pocock wrote:I have checked the ports 21 and 2222 with canyouseeme.org and they can both be seen OK.
Yes, setup a simple website then forward the port 80 from your router to the NAS.Sean Pocock wrote:How would I go about testing port 80? Would I need to configure the web server in Web Center?
AS5304T - 16GB DDR4 - ADM-OS modded on 2GB RAM
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
Internal:
- 4x10TB Toshiba RAID10 Ext4-Journal=Off
External 5 Bay USB3:
- 4x2TB Seagate modded RAID0 Btrfs-Compression
- 480GB Intel SSD for modded dm-cache (initramfs auto update patch) and Apps
When posting, consider checking the box "Notify me when a reply is posted" to get faster response
- father.mande
- Posts: 1818
- Joined: Sat Sep 12, 2015 2:55 am
- Location: La Rochelle (France)
Re: FTP working locally but not remote
Hi,
For my own usage (travel, multiples sites, different provider, I use a tailscale network (apkg tailscale-native)
A tailnet is like a private IP LAN, so your device (Windows, Android, Linux (I never tests IOS and Mac) are view as a local LAN, so I can use FTP, SMB (share), etc. EVEN without encryption or HTTPS because tailnet is completely encrypted by wireguard from end to end.
Tailscale can have a private DNS support, tailnet use NAT traversal or relay (without decryption), so no need to open port, nor for the server no more for the client ... and know ports are not used, so I can pass though all my provider. each connection is direct.
I use also it as a site to site connection (with access for non tailscale node to the others nodes (routing).
It's easy to manage (administration) and other lot of other possibilities (sh, service provider, etc.
and you are alone to manage your node, client, server, keys expiration (or not) etc. etc.
Philippe.
For my own usage (travel, multiples sites, different provider, I use a tailscale network (apkg tailscale-native)
A tailnet is like a private IP LAN, so your device (Windows, Android, Linux (I never tests IOS and Mac) are view as a local LAN, so I can use FTP, SMB (share), etc. EVEN without encryption or HTTPS because tailnet is completely encrypted by wireguard from end to end.
Tailscale can have a private DNS support, tailnet use NAT traversal or relay (without decryption), so no need to open port, nor for the server no more for the client ... and know ports are not used, so I can pass though all my provider. each connection is direct.
I use also it as a site to site connection (with access for non tailscale node to the others nodes (routing).
It's easy to manage (administration) and other lot of other possibilities (sh, service provider, etc.
and you are alone to manage your node, client, server, keys expiration (or not) etc. etc.
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T