Can ftp to remote site from local router but not local PC

Hi,

I'm trying to get passive ftp running between my local PC and a remote PC running an ftp server. My configuration is as follows:

I have two routers both running LEDE 17.01.4, one is local and the other is remote.

The remote router has a Linux PC attached with an ftp server running.

The local router also has a Linux PC attached, and lftp is installed on both local PC and local router.

The remote router is accessed via 'mydomain.com' (ip address 109.150.123.456) and the attached remote PC is on 192.168.1.12.

I have correctly forwarded ports for passive ftp on the remote router to the attached PC

I can successfully ftp from the local router to the remote PC:

lftp -e 'debug 10: ls *.jpg; bye;' -p 'control-port' -u username,pwd mydomain.com

---- Successfully logged on etc
---- Entering extended passive mode
---- Connecting data socket to (109.150.123.456) port 'data-port'
---- Files listed
---- Connection closed

When I try the same command from the attached PC to the remote PC, it fails with:

lftp -e 'debug 10: ls *.jpg; bye;' -p control-port -u username,pwd mydomain.com

---- Successfully logged on etc
---- Entering passive mode
---- Connecting data socket to (192.168.1.12) port 'data-port'
**** Data socket error (No route to host)
---- Connection closed

lftp from the local router correctly connects to the data port using the remote router's ip address, but from the local PC it attempts to connect to the data port using the remote PC's local ip address

I suspect this is something to do with address translation in the local router, but I only have a very basic understanding of this.

Can anyone help?

Thanks in advance

Kevin

Options:

  • Install the necessary packages.
  • Get rid of NAT.
  • Replace that ancient artifact known as FTP.
1 Like

Does FTP from the "problem" machine work from a browser?

If so, then make sure your command-line client supports "passive" mode.

See its man page or https://lftp.yar.ru/lftp-man.html for configuration options, if that is what you are using

Are you trying in both cases to connect to the wan public IP of the remote router or in the second case you are trying to the server IP directly?

Does "mydomain.com" resolve to a local IP address at the computer? Why?

Thanks to all who replied to my request for help.

I eventually solved the problem by setting the FTP Server 'Masquerade address' to the public ip address of the remote router. Seems that FTP was passing back the internal ip address for data connections rather than the public ip address of the server.

Kevin

This is consistent with the (ancient, dating back to at least 1972) FTP protocol, as the server only knows its own IP address. The use of dual control/data channels and their original directions of establishment was partially resolved by the use of "passive" mode, but FTP remains a fragile protocol. Use of scp or SSH-based methods, such as rsync is now common practice for file transfer among hosts.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.