FTP port forwarding failure

Ioannis_Goulas · December 15, 2023, 8:24am

Hello,

I am using RUTX10 and RUTX11 routers for some applications and I am having problems with both of them regarding the port forwarding of ftp.

The routers are connected to an OpenVpn network and I do port forwarding from the vpn network to the lan network where my plc is located with the ftp server. See picture below of the port forwarding.
When I try to get the files by filezilla, I am getting the following response.

Any other port forwarding works without an issue.

Thank you in advance for your response.

Ioannis_Goulas · December 19, 2023, 7:55am

Hello all, any idea of how to solve this problem? Thank you in advance for your replies!

anon74548148 · December 20, 2023, 7:13am

Hello,

Thanks for reaching us,

Check FTP Client Settings:
Verify Connection Details: try to ping FTP server form Teltonika router
Try Another FTP Client: Test with a different FTP client for comparison.
Check Firewall/Antivirus: Temporarily disable to check for interference.
Test Locally: Connect locally using the FTP client on the LAN.
Review Router Port Forwarding: Confirm correct setup directing FTP traffic.
Check Router Logs: Look for FTP-related entries in router logs.
Update Router Firmware: Ensure routers have the latest firmware installed.

Thanks,
Mahmoud

Ioannis_Goulas · December 20, 2023, 11:57am

Thank you for your reply.
If I use a router from another manufacturer with the same settings then the port forwarding works without issue.

I did a firmware update but still getting an error. I checked all your points above and didn’t see a problem.
Locally, I can connect to the ftp server and get the files.

I used WinSCP and then I am getting the following message. You can see that the connection is established but the router prevents the files to be shown.

Where should I look for the router logs?

Thank you in advance for your reply.

anon74548148 · December 20, 2023, 1:06pm

Hello,

Can you please provide the configuration for port forwarding?

cat /etc/config/firewall

Thanks,
Mahmoud

Ioannis_Goulas · December 20, 2023, 1:41pm

Hello Mahmoud,

Below the configuration.

config defaults ‘1’
option flow_offloading ‘1’
option syn_flood ‘1’
option output ‘ACCEPT’
option drop_invalid ‘0’
option auto_helper ‘1’
option input ‘ACCEPT’
option forward ‘ACCEPT’

config zone ‘2’
option name ‘lan’
list network ‘lan’
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘ACCEPT’
option masq ‘0’
option mtu_fix ‘0’

config zone ‘3’
option name ‘wan’
option input ‘REJECT’
option output ‘ACCEPT’
option forward ‘REJECT’
option masq ‘1’
option mtu_fix ‘1’
option network ‘wan wan6 mob1s1a1 mob1s2a1’

config forwarding ‘4’
option src ‘lan’
option dest ‘wan’

config rule ‘5’
option name ‘Allow-DHCP-Renew’
option src ‘wan’
option proto ‘udp’
option dest_port ‘68’
option target ‘ACCEPT’
option family ‘ipv4’
option priority ‘1’

config rule ‘6’
option name ‘Allow-Ping’
option src ‘wan’
option proto ‘icmp’
option icmp_type ‘echo-request’
option family ‘ipv4’
option target ‘ACCEPT’
option priority ‘2’

config rule ‘7’
option name ‘Allow-IGMP’
option src ‘wan’
option proto ‘igmp’
option family ‘ipv4’
option target ‘ACCEPT’
option priority ‘3’

config rule ‘8’
option name ‘Allow-DHCPv6’
option src ‘wan’
option proto ‘udp’
option src_ip ‘fc00::/6’
option dest_ip ‘fc00::/6’
option dest_port ‘546’
option family ‘ipv6’
option target ‘ACCEPT’
option priority ‘4’

config rule ‘9’
option name ‘Allow-MLD’
option src ‘wan’
option proto ‘icmp’
option src_ip ‘fe80::/10’
list icmp_type ‘130/0’
list icmp_type ‘131/0’
list icmp_type ‘132/0’
list icmp_type ‘143/0’
option family ‘ipv6’
option target ‘ACCEPT’
option priority ‘5’

config rule ‘10’
option name ‘Allow-ICMPv6-Input’
option src ‘wan’
option proto ‘icmp’
list icmp_type ‘echo-request’
list icmp_type ‘echo-reply’
list icmp_type ‘destination-unreachable’
list icmp_type ‘packet-too-big’
list icmp_type ‘time-exceeded’
list icmp_type ‘bad-header’
list icmp_type ‘unknown-header-type’
list icmp_type ‘router-solicitation’
list icmp_type ‘neighbour-solicitation’
list icmp_type ‘router-advertisement’
list icmp_type ‘neighbour-advertisement’
option limit ‘1000/sec’
option family ‘ipv6’
option target ‘ACCEPT’
option priority ‘6’

config rule ‘11’
option name ‘Allow-ICMPv6-Forward’
option src ‘wan’
option dest ‘*’
option proto ‘icmp’
list icmp_type ‘echo-request’
list icmp_type ‘echo-reply’
list icmp_type ‘destination-unreachable’
list icmp_type ‘packet-too-big’
list icmp_type ‘time-exceeded’
list icmp_type ‘bad-header’
list icmp_type ‘unknown-header-type’
option limit ‘1000/sec’
option family ‘ipv6’
option target ‘ACCEPT’
option priority ‘7’

config rule ‘12’
option name ‘Allow-IPSec-ESP’
option src ‘wan’
option dest ‘lan’
option proto ‘esp’
option target ‘ACCEPT’
option priority ‘8’

config rule ‘13’
option name ‘Allow-ISAKMP’
option src ‘wan’
option dest ‘lan’
option dest_port ‘500’
option proto ‘udp’
option target ‘ACCEPT’
option priority ‘9’

config include ‘14’
option path ‘/etc/firewall.user’

config rule ‘15’
option dest_port ‘22’
option proto ‘tcp’
option name ‘Enable_SSH_WAN’
option target ‘ACCEPT’
option src ‘wan’
option enabled ‘0’
option priority ‘10’

config rule ‘16’
option dest_port ‘80’
option proto ‘tcp’
option name ‘Enable_HTTP_WAN’
option target ‘ACCEPT’
option src ‘wan’
option enabled ‘0’
option priority ‘11’

config rule ‘17’
option dest_port ‘443’
option proto ‘tcp’
option name ‘Enable_HTTPS_WAN’
option target ‘ACCEPT’
option src ‘wan’
option enabled ‘0’
option priority ‘12’

config rule ‘18’
option dest_port ‘4200-4220’
option proto ‘tcp’
option name ‘Enable_CLI_WAN’
option target ‘ACCEPT’
option src ‘wan’
option enabled ‘0’
option priority ‘13’

config rule ‘19’
option src_port ‘5353’
option src ‘lan’
option name ‘Allow-mDNS’
option target ‘ACCEPT’
list dest_ip ‘224.0.0.251’
option dest_port ‘5353’
list proto ‘udp’
option priority ‘14’

config include ‘pscan’
option port_scan ‘0’
option type ‘script’
option reload ‘1’
option path ‘/usr/bin/attack_prevention’

config include ‘miniupnpd’
option type ‘script’
option path ‘/usr/share/miniupnpd/firewall.include’
option family ‘any’
option reload ‘1’

config zone ‘20’
option name ‘openvpn’
option device ‘tun_+’
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘ACCEPT’
option mtu_fix ‘0’
option masq ‘0’

config forwarding ‘21’
option dest ‘lan’
option src ‘openvpn’

config forwarding ‘22’
option dest ‘openvpn’
option src ‘lan’

config rule ‘23’
option src ‘wan’
option name ‘Allow-openvpn-traffic’
option target ‘ACCEPT’
option vpn_type ‘openvpn’
option proto ‘tcp udp’
option family ‘ipv4’
option dest_port ‘1194’
option priority ‘15’

config redirect ‘24’
option dest_port ‘6002’
option proto ‘tcp udp’
option name ‘scrubber hmi 1’
option src_dport ‘26051’
option dest ‘lan’
option dest_ip ‘172.19.181.51’
option target ‘DNAT’
option enabled ‘1’
option reflection ‘1’
option src ‘openvpn’
option priority ‘18’

config rule ‘25’
option dest_port ‘23’
option proto ‘tcp udp’
option name ‘Enable_TELNET_WAN’
option target ‘ACCEPT’
option src ‘wan’
option priority ‘16’

config rule ‘26’
option name ‘hmi 1’
option target ‘ACCEPT’
option src ‘openvpn’
option dest ‘lan’
option enabled ‘1’
option utc_time ‘0’
option proto ‘all’
option priority ‘17’

config redirect ‘27’
option dest_port ‘1105’
option proto ‘tcp udp’
option src_dport ‘25011’
option dest ‘lan’
option dest_ip ‘172.19.181.11’
option target ‘DNAT’
option enabled ‘1’
option reflection ‘1’
option src ‘openvpn’
option name ‘scrubber plc 1 somachine’
option priority ‘19’

config redirect ‘28’
option proto ‘tcp udp’
option name ‘scrubber plc 1 ftp’
option dest ‘lan’
option dest_ip ‘172.19.181.11’
option target ‘DNAT’
option enabled ‘1’
option reflection ‘1’
option src ‘openvpn’
option priority ‘20’
option src_dport ‘2100’
option dest_port ‘21’

config redirect ‘29’
option dest_port ‘502’
option proto ‘tcp udp’
option name ‘scrubber plc 1 modbus’
option src_dport ‘25511’
option dest ‘lan’
option target ‘DNAT’
option enabled ‘1’
option reflection ‘1’
option src ‘openvpn’
option dest_ip ‘172.19.181.11’
option priority ‘21’

config redirect ‘30’
option dest_port ‘502’
option proto ‘tcp udp’
option name ‘n2 generator plc 1’
option src_dport ‘25541’
option dest ‘lan’
option dest_ip ‘172.19.181.41’
option target ‘DNAT’
option enabled ‘1’
option reflection ‘1’
option src ‘openvpn’
option priority ‘22’

config redirect ‘32’
option proto ‘tcp udp’
option dest ‘lan’
option target ‘DNAT’
option enabled ‘1’
option src_dport ‘25351’
option dest_ip ‘172.19.181.51’
option reflection ‘1’
option src ‘openvpn’
option name ‘hmi 1 data port’
option dest_port ‘13777’
option priority ‘23’

config rule ‘33’
option src ‘openvpn’
option name ‘ftp’
option target ‘ACCEPT’
option priority ‘18’
option dest ‘lan’
option enabled ‘1’
list proto ‘tcp’
list proto ‘udp’

config rule ‘34’
option src ‘lan’
option name ‘ftp 2’
option target ‘ACCEPT’
option priority ‘19’
option dest ‘openvpn’
option enabled ‘1’
list proto ‘tcp’
list proto ‘udp’

config rule ‘35’
option target ‘ACCEPT’
option priority ‘20’
list dest_port ‘2100’
list proto ‘tcp’
list proto ‘udp’
option src ‘lan’
option dest ‘openvpn’
option enabled ‘1’
option name ‘FTP 3’

anon74548148 · December 24, 2023, 11:36am

Hello,

Could you please update your device’s firmware. The latest version is RUTX_R_00.07.06 . You can find the firmware update at this link: RUTX_R_00.07.06_WEBUI.bin

Awaiting your feedback in case you are still encountering the same issue.

Thanks,

system · December 30, 2023, 8:25am

This topic was automatically closed after 15 days. New replies are no longer allowed.