Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Shlyahten2020-05-21 22:25:51
FTP
Shlyahten, 2020-05-21 22:25:51

How to open access to FTP on OpenWRT from the Internet?

Greetings.
Such a seemingly simple task, but for some reason I can not do it.
There is a Xiaomi R3P router on OpenWRT 19.07.3 firmware r11063-85e04e9f46 with vsftpd 3.0.3-3 installed.
Everything works fine on the local network, but my task is to open access to the flash drive via FTP outside the local network.

I'm not an expert on setting up iptables, but I managed to forward ports to local devices, but I can't open a port on the router itself. For some reason, only 21 ports open through port forwarding, 20 is shown closed. Through "Firewall - Traffic Rules" for some reason, the ports do not open for me at all, although as I understand it, in this case, you need to configure this tab.

If you enable port 21 forwarding to a router with a local address, then in active mode the client connects to the server for a very long time and eventually sees an empty folder.

vsftpd.conf file:

background=YES
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
check_shell=NO
session_support=NO
local_root=/mnt/sda1
listen_port=21


firewall:
config rule
  option src 'wan'
  option name 'FTP'
  option target 'ACCEPT'
  option src_port '20-21'
  option family 'ipv4'
  list proto 'tcp'

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Shlyahten, 2020-05-23
@Shlyahten

In general, I solved the issue as follows, it turned out that by default for requests with wan to "reject" (not to the local network), there is a ban on incoming connections. Setting on the main page of the firewall, if you allow requests - everything works. Even in traffic rules, the port does not need to be opened, apparently the nat-helper package is working or the port is taken from the vsftpd config. Passive mode works just fine too.
The question remains only whether such a setting will affect security.

Report
D
Drno, 2020-05-22
@Drno

You just need to allow port 21 (or whatever you have for ftp) to enter. Without forwarding
All)

Similar questions
S
sandwarrior2013-11-15 14:10:09
Universal file manager for Mac? FTP, searching within files, comparing files? 3Reply
W
web_dev2016-02-27 01:17:02
Is Kibana a simple (lightweight) alternative? 1Reply
Y
YoooDA2013-11-18 17:52:16
How to make a render farm yourself? 2Reply
B
blabs2016-03-02 09:57:36
Which FTP/SFTP/SSH client do you recommend for MacOS? 8Reply
I
Ilya Rodionov2018-07-30 18:31:05
Ftp access to only one directory? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question