Unable to get passive ftp working behind LEDE. nf_conntrack_ftp included?

Installing and Using OpenWrt Network and Wireless Configuration
1

I had this working before with OpenWrt Chaos Calmer.

Have an ftp server on a machine network behind LEDE - with port 21 forwarded to the server.

PSV ftp isn't working - from a machine external to the network - it did before using ip_conntrack_ftp or nf_conntrack_ftp on openwrt.

Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /somedir/ ... done.
==> SIZE somefile ... 16384
==> PASV ... couldn't connect to 192.168.1.3 port 38839: Network is unreachable

Linux wdr4300 4.4.71 #0 Wed Jun 7 19:24:41 2017 mips GNU/Linux
Running LEDE 17.01.2 on WDR4300

I couldn't see any ip_conntrack_ftp/nt_conntrack_ftp module loaded - is it built in or is it just missing ? (which would explain why it doesn't work).

2

I found a reference to kmod-nf-nathelper - which I have now installed. I no longer get the connection refused, but it seems to sit there as though firewalled now. Will dig further.

Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) somedir ... done.
==> SIZE somefile ... 16384
==> PASV ... (sat here)
1 Like
3

I have this working now - I had to change the firewall on the machine with FTP also (even though that worked before using the ip_conntrack_ftp module also. I ended up forcing a passive port range and allowing connections from any source for it.

4

Thank you so much for 'kmod-nf-nathelper'

Confirm that ftp server on my dvr (that work in passive mode) did not worked for access from wan despite on port 21 was properly forwarded until I installed this packet.
With OpenWRT 15.05 - that worked from the box, but on LEDE 17.01.4 - NOT

1 Like
5

Thanks I can confirm this fixed a problem for me with ftps to the WAN from a Raspberry Pi.

1 Like