Speedtouch DSL configuration for PASV FTP

Upgraded the firmware on my DSL router last night. Since then my blogging hasn’t been working. As Blogger uses PASV FTP I assumed that the new firmware didn’t support it. That’d be odd I thought.

Finally tracked down the problem.

My firewall is configured to accept PASV on a specified port range. By this, I mean I have NAPT entries for the range forwarding to my FTP server.

My FTP server is set to respond with an IP address to contact ‘me’ on and a port number randomly allocated from said range.

Seems the new version of the firewall was doing NAT translations in the control channel response from the FTP server to client. So when my machine was sending out a response saying ‘contact me on 82.152.42.64:port’ the router wasn’t doing anything clever and let it pass, and then my blogger tried to contact me the router didn’t pass the request through correctly.

When I changed the FTP server to respond with ‘contact me on 10.0.0.1:port’ the router was spotting this and NATting it and passing it to blogger.com, then when the request came back from blogger.com it let it through.

I’ve made quite a few presumptions in the above statement, it could be that the new firewall firmware was blocking the initial PASV response from my FTP server as it may have appeared to be sourced from the WAN IP address.

What I do know is that I can now blog again AND keep the updated version of the firmware. (Not that the firmware has anything too exciting in it, but theres more buttons, checkboxes and menus so it must be better.)

Advertisements

2 thoughts on “Speedtouch DSL configuration for PASV FTP

  1. I had the exact same problem. My ftp server (filezilla) replyed with my external IP. This worked with my old router, but not with my Speedtouch 716. Changing it back to default (internal ip) it was NATed by the speedtouch!

    Now uploading works again!

  2. For the Thompson Speedtouch 716 router you can enable NAT Loopback by activating it through telnet.

    command:
    ip config natloopback=enabled

    You will then be able to access your external ip from the inside.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s