FTP from WAN
From WL-HDD Wiki
| WL-HDD Contents |
|---|
| What is the WL-HDD |
| Features |
| Pro's/con's |
| Reviews |
| Hacking |
| Inserting the HDD |
| Hacking Guides |
| Basic setup guides |
| Packages guides |
| Requests |
| Troubleshooting |
| This Wiki |
| Credits |
| Editing help |
| Contact Me |
Prerequisites
To complete this guide, the following is assumed:
| You are running Oleg's firmware (1.9.2.7-6b or later) |
| You have harddisk partitions up and running with an extended filesystem mounted to /opt |
| You have installed the Ipkg package system. |
| You have configured your partitions to automount. |
| You have setup and successfully ran VSFTP from within your LAN. |
Configuration
To enable ftp from WAN, we need to configure iptables to accept some ports. This is exactly the same as what was done to enable dropbear from WAN. Type
cd /usr/local/sbin nano post-firewall
If you want to run both dropbear and FTP over WAN, you need the following in the post-firewall file.
#!/bin/sh #SSH and FTP access from WAN iptables -D INPUT -j DROP iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 22 -j DNAT --to-destination $4:22 iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21 iptables -A INPUT -j DROP
If you only want to run FTP over WAN, you need these contents
#!/bin/sh #SSH and FTP access from WAN iptables -D INPUT -j DROP iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21 iptables -A INPUT -j DROP
Now we need to commit this to the internal flash memory of the WL-HDD. As the post-firewall script is in the /usr/local tree, this is straightforward.
flashfs save flashfs commit flashfs enable reboot
Testing
Note that you cannot connect to your FTP server by typing your WAN address into a terminal or browser.
Most ADSL/cable routers do not allow this.
To test your FTP server from WAN, you will either have to have a separate internet connection or go to somebody elses house/work etc.
Testing your FTP server can also be done with online service like web2ftp
Connect as normal but enter the WAN ip address rather than you internal LAN IP address.
To find out your WAN IP address, click here.
Note that most WAN IP addresses will change when you restart your DSL/cable router or when you disconnect and reconnect. Consider using a dynamic IP service.
Categories: FTP | Basic setup | Firewall
