FTP over Internet problem NSA210

Oxnas 810 based
nicklarry
Posts: 16
Joined: Mon Feb 11, 2013 6:26 pm

Re: FTP over Internet problem NSA210

Post by nicklarry » Wed Feb 13, 2013 7:00 pm

I think I've erased all traces of my ip now, oops!
Yes, I'm trying to reach it from my ip using my internet ip. I suppose it doesn't support loopback as you suggested cuz I can't find any option for that. So, the log you posted is what you got trying to login here. What do you suggest I can do about this error? -> 500 This security scheme is not implemented

Mijzelf
Posts: 6196
Joined: Mon Jun 16, 2008 10:45 am

Re: FTP over Internet problem NSA210

Post by Mijzelf » Wed Feb 13, 2013 7:25 pm

What do you suggest I can do about this error? -> 500 This security scheme is not implemented
Just ignore it. It's not an error, it's a respons to some command of my ftp client. I have no idea what the command could be, but I suppose it tried to negotiate about some security option which is not supported by pure-ftpd.

nicklarry
Posts: 16
Joined: Mon Feb 11, 2013 6:26 pm

Re: FTP over Internet problem NSA210

Post by nicklarry » Wed Feb 13, 2013 7:40 pm

so, it worked ok for you?

Mijzelf
Posts: 6196
Joined: Mon Jun 16, 2008 10:45 am

Re: FTP over Internet problem NSA210

Post by Mijzelf » Wed Feb 13, 2013 8:08 pm

I wanted to say I can't test further as I don't have a login. But you didn't disable anonymous login, so yes I can acknowledge it works:

Code: Select all

ftp *.*.*.* 9059
Connected to *.*.*.*
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 1 of 5 allowed.
220-Local time is now 21:56. Server port: 9059.
220 You will be disconnected after 15 minutes of inactivity.
500 This security scheme is not implemented
Name (*.*.*.*:user): anonymous
331 Any password will work
Password:
230 Any password will work
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (*,*,*,*,35,105)
150 Accepted data connection
drwxrwxrwx    7 0        0            1024 Feb 13 19:56 .
drwxrwxrwx    7 0        0            1024 Feb 13 19:56 ..
drwxrwxrwx   12 0        0            4096 Feb 11 15:19 admin
drwxrwxrwx    2 0        0               6 Dec 20 13:30 music
drwxrwxrwx    2 0        0               6 Dec 20 13:30 photo
drwxrwxrwx    3 0        0              32 Dec 20 14:25 public
drwxrwxrwx    2 0        0               6 Dec 20 13:30 video
226-Options: -a -l 
226 8 matches total
ftp> 
I strongly encourage you to disable anonymous access. Or at least don't expose the admin share that way. (By changing some files in the zy-pkgs folder I can own your box)

nicklarry
Posts: 16
Joined: Mon Feb 11, 2013 6:26 pm

Re: FTP over Internet problem NSA210

Post by nicklarry » Wed Feb 13, 2013 8:27 pm

ah great! Yes, I'll change the rights asap! Many thx for your help man! :)

EDIT:

Just to let you know that after talking with my ISP, they upgraded my router's firmware and everything is running smoothly now: Others can connect from outside, I can connect locally or using my public IP. Many many thx for your help again man! :)

Mijzelf
Posts: 6196
Joined: Mon Jun 16, 2008 10:45 am

Re: FTP over Internet problem NSA210

Post by Mijzelf » Thu Feb 14, 2013 7:01 pm

Mijzelf wrote:
Disabling/reenabling the ftp server resets "pure-ftpd.arg"
Yeah. I think I have a fix for that, but let's first find out why the base doesn't work for you.
And here is the fix: zyxel_utils-0.2-arm-1.txz
This package contains one script, which can do:

Code: Select all

# - Change homedir for any user
# - Change shell for any user
# - Inject clean shutdown code in /etc/init.d/rc.shutdown
# - Change http port of firmware webserver
# - Change https port of firmware webserver
# - Hook nfs. Use /ffp/etc/exports instead of /etc/exports
# - Hook ftp to force an external ip address
# - Hook readonly directories to make them read-write
For your purpose, this script modifies /usr/local/sbin/vsftp_start.sh and ../vsftp_start_silent.sh to adapt the arguments before passing them to pure-ftpd.

To get it working:
  • Install the package (duh)
  • Set the execute bit of /ffp/start/zyxel_utils.sh
  • Edit the script. In the function zyxel_utils() (the first function in the script) remove the # before the line

    Code: Select all

         # hook_ftp myname.dyndns.com
    and exchange myname.dyndns.com by your ip address
  • Execute the script

    Code: Select all

    /ffp/start/zyxel_utils.sh start
    or reboot the box.

nicklarry
Posts: 16
Joined: Mon Feb 11, 2013 6:26 pm

Re: FTP over Internet problem NSA210

Post by nicklarry » Thu Feb 14, 2013 10:53 pm

great stuff, thx for the fix m8! :)

sqdfsqdf
Posts: 9
Joined: Sun Apr 05, 2015 2:46 pm

Re: FTP over Internet problem NSA210

Post by sqdfsqdf » Sun Apr 05, 2015 2:52 pm

Hi,

I just bougth a Zyxel NSA 310S. I want secure FTP access from the internet.
I installed FFP and ran the zyxel utils, to deal with the "unroutable address" issue.
Now Filezilla and WinSCP get a different error, connecting to the NAS from a local network or the internet:

Code: Select all

Status:	Connecting to 192.168.0.114:21...
Status:	Connection established, waiting for welcome message...
Response:	220---------- Welcome to Pure-FTPd [TLS] ----------
Response:	220-You are user number 1 of 10 allowed.
Response:	220-Local time is now 22:50. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	500 This security scheme is not implemented
Command:	AUTH SSL
Response:	500 This security scheme is not implemented
Error:	Critical error
Error:	Could not connect to server
Can someone help out?
I don't rightaway find a way to find the cause, or how I make the change to the FPT server since I figure I can't make changes directly to the configuration.
Often this error isn't fatal for connecting, but to me it is.

sqdfsqdf
Posts: 9
Joined: Sun Apr 05, 2015 2:46 pm

Re: FTP over Internet problem NSA210

Post by sqdfsqdf » Sun Apr 05, 2015 9:25 pm

i'll create a topic in the NSA310 forum

Post Reply