Reply
New Member
Posts: 15
Registered: ‎11-14-2017

USG not allowing FTP

I have a FTP server setup. I performed all setup and config to it on my personal network. Everything worked. I took it to where it was to be installed. I went into the Unifi Controller and port forwarded ports 20-21 and 50000-50100. I am unable to access the FTP server. I have checked all settings on the server and even disabled the server firewall. Any ideas what I missed on the port forward or a way to sniff to see where the packets are being stopped.

Emerging Member
Posts: 197
Registered: ‎09-23-2018
Kudos: 18
Solutions: 9

Re: USG not allowing FTP

Can you confirm the IP of the device is the same as what's configured in the port forward rules?

New Member
Posts: 15
Registered: ‎11-14-2017

Re: USG not allowing FTP

Yes they are both 192.168.6.13.

Emerging Member
Posts: 197
Registered: ‎09-23-2018
Kudos: 18
Solutions: 9

Re: USG not allowing FTP

Can you post a screenshot of your WAN_IN rules?

Senior Member
Posts: 2,756
Registered: ‎04-26-2016
Kudos: 1027
Solutions: 284

Re: USG not allowing FTP

[ Edited ]

@kylepaddock

 

Did you test the port forward from an external network? If you test from the local network where the server is located, using your external IP, this will not work.

 

Here is an article about testing / troubleshooting port forwards:

 

https://help.ubnt.com/hc/en-us/articles/235723207-UniFi-USG-Port-Forward-Port-Forwarding-Configurati...

 

New Member
Posts: 15
Registered: ‎11-14-2017

Re: USG not allowing FTP

Sorry for the late reply. I had to get the network admin to let me in.

 

It will not let me add pictures so here is a link to them.

https://drive.google.com/open?id=1mLxCQUL1QL9JuaBRTgUIiEcxgEN7-3Qw

Highlighted
New Member
Posts: 15
Registered: ‎11-14-2017

Re: USG not allowing FTP

I test it from outside the network.
New Member
Posts: 15
Registered: ‎11-14-2017

Re: USG not allowing FTP

@jsookram

Any ideas?

New Member
Posts: 46
Registered: 4 weeks ago
Kudos: 3

Re: USG not allowing FTP


@kylepaddock wrote:

@jsookram

Any ideas?



Have you confirmed that FTP works internally after the move? Have you tried using a telnet client and telnet to the individual ports from outside? Also verify your external client is not being blocked? You could try passive mode if your client supports it:

 

https://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified

 

 

New Member
Posts: 15
Registered: ‎11-14-2017

Re: USG not allowing FTP

[ Edited ]

@blackglove9

Ive tried internal access to server with FileZillla and no luck. Ive tried Telnet with Putty and it times out. Ive also tried passive and active and no luck. How did the settings on the photos look?

New Member
Posts: 46
Registered: 4 weeks ago
Kudos: 3

Re: USG not allowing FTP


@kylepaddock wrote:

@blackglove9

Ive tried internal access to server with FileZillla and no luck. Ive tried Telnet with Putty and it times out. Ive also tried passive and active and no luck. How did the settings on the photos look?


If you can't get to the server on the LAN from a local client, is the FTP server running? That is what I was asking about internal - can some local machine on the sam LAN open an FTP connection to the local internal IP address?

New Member
Posts: 15
Registered: ‎11-14-2017

Re: USG not allowing FTP

@blackglove9

I am on my way to the server and am bringing my laptop. I can ping the machine. I will try to telnet locally and ftp locally with a differenct client when I get there. The server is running. I am using FileZilla Server.

New Member
Posts: 15
Registered: ‎11-14-2017

Re: USG not allowing FTP

@blackglove9

 

Local ip connections work. Still remote access not working. I restarted server, network, and services and still no luck.

New Member
Posts: 46
Registered: 4 weeks ago
Kudos: 3

Re: USG not allowing FTP

Could the ISP be blocking FTP? 

 

One sure way to know would be to plug server directly into cable modem instead of the USG. let it get public IP address and test FTP there. If it still fails, it is the ISP. 

 

Keep in mind that FTP is not secure - username and pwd is always plain text. A more secure solution is run SSH server and use SFTP for file transfer. 

New Member
Posts: 15
Registered: ‎11-14-2017

Re: USG not allowing FTP

@blackglove9

I am wondering if the ISP is doing something. I am unable to go directly into the moddem buy I am going to see if there is a way to disable the firewall on the USG.

 

I understand FTP is insecure. I am using it for general media file transfer and security is not an issue.

New Member
Posts: 46
Registered: 4 weeks ago
Kudos: 3

Re: USG not allowing FTP

Another idea - not conclusive, but it could help.

 

Change your port forwarding on USG and make external port 2121 and forward to port 21 on your FTP server. Then try telnet to external:2121

 

If that works, then test with your client. 

New Member
Posts: 15
Registered: ‎11-14-2017

Re: USG not allowing FTP

[ Edited ]

I tried that earlier and had no luck. I will try again.

 

I run nmap on the server and I get this:

Starting Nmap 6.40 ( http://nmap.org ) at 2018-12-09 16:56 Central Standard Time

Nmap scan report for 96-@@-@@-@@@-static.hfc.comcastbusiness.net (96.@@.@@.@@@)

Host is up (0.0050s latency).

PORT   STATE    SERVICE

21/tcp filtered ftp



Nmap done: 1 IP address (1 host up) scanned in 0.97 seconds

I run it on a client computer outside the network and get the same. Any ideas. Sounds like there still is a firewall. Our ISP is comcast and the modem is set to passthrough.

 

I've also done Telnet from outside the network to a port (8000) that the DVR is on which I know works and I get connect failed when I do:

telnet ipaddress 8000

 

 I do a nmap port check on multiple and get this: 

Not shown: 987 closed ports

PORT      STATE    SERVICE

20/tcp    filtered ftp-data

21/tcp    filtered ftp

22/tcp    filtered ssh

23/tcp    filtered telnet

53/tcp    open     domain

80/tcp    open     http

443/tcp   open     https

705/tcp   open     agentx

50000/tcp filtered ibm-db2

50001/tcp filtered unknown

50002/tcp filtered iiimsf

50003/tcp filtered unknown

50006/tcp filtered unknown
New Member
Posts: 46
Registered: 4 weeks ago
Kudos: 3

Re: USG not allowing FTP

[ Edited ]

I just created an FTP server on an Ubuntu VM. Tested internal, worked. Created a port forwarding rule and tested from another laptop tethered to my phone using external IP address - all works. I didn't test Passive as normal mode worked. The firewall rule was created automatically by the system.

 

port-forward.PNG

 

port-forward-det.PNG

 

ftp-port-firewall.jpg

 

 

New Member
Posts: 46
Registered: 4 weeks ago
Kudos: 3

Re: USG not allowing FTP

I just noticed i had the wrong port - to much ssh. The server was right, but my forwarding rule was wrong. 

 

I just changed it to port 20-21 and it worked fine. 

 

I am testing with a mac, so no FTP client of old, i have to do it via the GUI and use ftp://ip_address. It must use PASV mode by default. I also changed my forwarding rule to this, and it worked fine for ftp://ip_address:2121

 

new_port.jpg

 

 

New Member
Posts: 15
Registered: ‎11-14-2017

Re: USG not allowing FTP

[ Edited ]

I asked the Network Admin to do the 2121 to the 21 to see if that helps.

 

Any idea why nmap show that ports 20-21 are filtered? I would think they would say open.

Reply