|
I've set up a D-Link DNS-323 NAS box on my home network, and I'm unable to access it from outside the LAN. I think I have everything configured properly, and the tale is kind of long, so bear with me and see if you can find my error. I'm a complete newbie to this stuff, so bear with me if I sound like a putz at some point... The setup is thus: -Charter HSI, Motorola SurfBoard cable modem -Linksys BEFSR81 8-port wired router, version 3.0 (originally tried LinkSys WRT54G V.8 with similar results) -The clients consist of Two PCs, Two TiVos, a Sprint AirRave hotspot, a Vonage VoIP phone adapter, and the afore-mentioned D-Link NAS box. Inside the network, I am able to map the NAS box to the PCs without an issue. The NAS box is set up with a fixed IP of 192.168.1.125 and is set to run an FTP server. The NAS box is also set to update DynDNS of the WAN IP, and does so properly. In the router, I've set it to forward incoming requests from port 21 to the NAS's IP address, as well as to log incoming and outgoing requests. Now here's where it gets interesting. From outside the network, entering ftp://{mynetwork}.dyndns.org results in a timeout error. Pinging that same address results in a connection to the proper WAN IP for my network, and no packet loss. Entering the FTP address from INSIDE the LAN results in the prompt for the username and password from the NAS box. However, entering a proper username and password results in another time-out error. The fact that it prompts for a username and password at al from within the LAN leads me to believe that DynDNS is forwarding the request correctly, and because I'm inside the firewall, it connects me with the NAS. Several notes from the last few days: -The incoming request log in the router never shows anything heading to port 21. -The results were the same with the WRT54G router, with the exception that the proper username and password from within the LAN granted access to the NAS box as it should. -I contacted Charter, and they stated that their modem does not block any ports or requests. So, on one hand, it would seem that the requests from outside are being routed properly. On the other hand, it would seem that the firewall is blocking the requests, despite the fact that it's not showing them, and even though it should be forwarding them to the NAS. I'm absolutely and completely lost on what else I can try. Anybody got any ideas? I'm all ears! Thanks! |
|
Thanks for the tip on answering... I was simply posting a comment because that's what the little pop-up box said to do. I haven't been around long enough to learn the ways of the board yet. :) And again, thanks for the help. I made some headway last week before I left for vacation. I used the tool you suggested to find an open port, and despite port 21 being set up to forward, it was clearly not. When I changed the FTP setting and router to forward port 21021, attempting to access the NAS from outside using that port worked at least insofar as it prompted for a username and password. However, it still wouldn't grant the user access. So, I tinkered some more. In the FTP settings on the NAS, there is a section for 'Passive Mode' with two options: One is "Use default port range (55536-55663)" and the other is "Use the following port range: (with two boxes to fill in)". There is also a check-box that says, "Report external IP in Passive Mode" that allows you to fill in a specific IP (Not sure what this does exactly, and the instructions are severely lacking). But I digress... After setting the default port range to also forward to the NAS's IP address, it began working fine (or so I thought). That was last Wednesday. I left for vacation over the holiday weekend, and when I returned, it wasn't working again. I tried changing ports, I tried changing IP addresses, everything I could think of, and still no beans from outside. As before, requests from this side of the network work fine, so I'm sure DynDNS has the proper IP address for the network, and is making the connection, but nobody from outside seems to be able to get through. The hostname is ftp://camfam.dyndns.org:21021 at the moment, though I'm playing around with it again at this moment. (Got my mom trying to access it from outside right now) I'm all ears.... I have no idea where to go from here... Thanks again for the help! |
|
You definitely went into the right direction while playing with these parameters. Btw, this "Report external IP in Passive Mode" means that the client gets a different IP address reported by the FTP Server (NAS) than what it actually is. This is sometimes useful for firewall operations. The value would be your public IP address, but the field is of no use for dynamic IP addresses, as it is static, so you always had to change it when your IP address changed. So, not the way to go for... Go to the Wikipedia article I linked to and try to understand the active and passive FTP modes and what happens in either case with the data port. Having understood these principles will definitely help you to also use the related device parameters and consequences for port forwarding in the right way. Also, if I'm going to your FTP site, I'm prompted for user ID and password, as should be. So, the control channel is working fine. Data channel can only be tested after being logged in. Directory listings and uploads/downloads are the activities the data port is needed for. |
|
I agree the forwarding appears to work properly as it connects me from inside the firewall. It definitely appears to be a FTP server issue on the NAS box, or some remaining port issue on the router blocking outgoing data somehow...... Here's the screen dump I received from a friend of mine who tried to access it with filezilla last night: Status: Resolving address of http://camfam.dyndns.org Can you make heads or tails of what's happening from that? He entered the proper username and password, it just times out. Again, thanks a million for your help! |
|
Well done!
That's the key phrases from your FileZilla session log showing the problem. The server requests the client to connect to data port 192.168.1.125:3526 for directory listing, which is indeed not routable over the public internet. The NAS box simply uses its private IP address 192.168.1.125. Therefore you really must make use of the feature mentioned before: |
|
Interesting... I'm wondering if the setting in the NAS box for reporting the IP in passive mode changed? (Actually, I think the reported network IP address probably changed as we had a power outage over the weekend that may have caused the cable modem to pull a new IP address from the server) The NAS box will automatically update dynDNS of the network IP change (and it did), but it doesn't update the one it reports, and doesn't appear to be able to be configured to do so. I'm consulting with some folkd on the D-link forums for further guidance on the matter, though I don't have a whole lot of confidence in this setup. It would certainly be a LOT easier to test this if I could somehow be both outside and inside my network simultaneously... Thanks again for the help! |
1 2 next page »
Closing the question, as the user has not chosen an accepted answer and approx. one month has passed.