NAS + DDNS + FTP + Port Forwarding = Your Advice Please

[superjim]

Trying to setup FTP to my Synology NAS (in sig). Router is the popular Dlink DIR-655. Here are the steps I took:

1. Gave NAS a static internal IP (192.168.0.190) from router
2. Added port forwarding to my NAS (from router), port 21, specificed 192.168.0.190 as redirect IP for both TCP and UDP
3. Started FTP service on my NAS (literally one click)(instructions) with existing admin user
4. Setup DDNS using Synology's service (xxxx.synology.me), verified it updated my external IP by resetting my router twice/received new IP from ISP
5. Opened port 21 from NAS firewall
6. Verified port 21 was open from canyouseeme.org

Got to work, fired up Filezilla, punched in my home's IP, admin username and password, connection timed out. Tried using the hostname (xxxx.synology.me) and got the "could not resolve hostname" error. I logged into synology's site to verify my home IP hadn't changed.

I've read and re-read Synology's documentation and am fairly certain I dotted every I and crossed every T here. Is there a glaring hole I missed here or can someone suggest troubleshooting tips? Do I need to open up other ports (80, 5000, 5001) also? I might try to "borrow" a neighbor's unsecured wireless to see if I can connect from it because it wouldn't surprise me to learn my work intranet is blocking (corporate America and all).

 

[alienb]

work is probably blocking your FTP and dynamic DNS.

 

[xSauronx]

work is probably blocking your FTP and dynamic DNS.

also possible that his isp blocks standard ports

 

[yinan]

Doesnt he need to open port 20 as well?

 

[alkemyst]

you will need other ports too...I can't remember which they are but there is other traffic going across the pipe. 5000 is definitely needed, http://www.synology.com/support/faq_show.php?q_id=233

Also from here:
http://forum.synology.com/wiki/index.php/How_to_Access_Synology_Services_Remotely_via_the_Internet

Port Protocol Description Notes
20 TCP FTP-Data
21 TCP FTP
22 TCP SSH/Encrypted Network Backup
23 TCP Telnet
25 TCP Mail Station SMTP
53 TCP Domain Name Service Name Resolution
67 UDP DHCP Client So the NAS can get an IP, normally not needed
80 TCP PhotoStation 2 + Video, Web Service Other ports can be added, in case 80 is not available.
110 TCP Mail Station POP3
111 TCP/UDP NFS
123 UDP Network Time Protocol NTP Server
137 UDP NetBIOS
138 UDP NetBIOS-Datagram
143 TCP Mail Station IMAP
139 UDP NetBIOS-ssn
389 TCP/UDP LDAP For ADS Connection
443 TCP HTTPS Secured Web Service
445 TCP/UDP Microsoft-ds Also named CIFS or mentioned as Samba (shares of the NAS)
537 Network Media Streaming Protocol
548 TCP Apple Filing Protocol
554 TCP/UDP Real Time Stream Protocol
873 TCP Encrypted/Network Backup Rsync
892 TCP/UDP NFS
989 TCP FTP-Data over TLS/SSL
990 TCP FTP over TLS/SSL
993 TCP Mail Station IMAP over SSL/TLS
995 TCP Mail Station POP3 over SSL/TLS
2049 TCP/UDP NFS
3260 TCP iSCSI
3306 TCP/UDP MySQL Service
3689 TCP DAAP Digital Audio Access Protocol used by Apple’s iTunes
4662 TCP eMule
4672 UDP eMule
5000 TCP Synology Management Console, File Station, Audio Station
5001 TCP Secured Synology Management Console, File Station, Audio Station
5432 TCP/UDP Download Redirector
5353 iTunes Media Service
6881-6890 TCP BitTorrent (before firmware v2.0.1-3.0401 you also need the ports 6891-6999)
9997-9999 UDP Various Synology Client Utilities, such as Synology Assistant, Download Redirector, Data Replicator, USB Assistant
55536-56559 TCP Default Passive FTP Range
55736-55863 TCP Surveillance Station

 

[JackMDS]

Do not use port 21 over the Internet, set the server to a port in the 50000 range.

Then access it as xxxx.synology.me:50000

FTP Active/Passive?

Make sure first that it is working locally from a LAN computer, then try from a friend house or any other regular Network (I.e., not work, or public networks that might have settings unbeknown to you).

 

[imagoon]

FTP needs at least 20 and 21 open. If you want PASV support (you need that to connect behind a remote NAT device, IE work / the coffee hothouse) there is a quite a bit more involved and the NAS may not support it.

If the NAS supports PASV over NAT, you will need to tell the NAS the external IP, the NAT range assigned for PASV, and then route all those ports to the NAS.

Typical PASV command looks like:

PASV 192,168,0,190,0,250 meaning: FTP client connect to 192.168.0.190 port 250. Obviously this will fail on the net. It will also fail with the external IP if the PASV port range is not restricted to a set of forwarded ports.

 

[superjim]

Turns out my work was blocking access. I was able to "borrow" a neighbors wireless signal to troubleshoot. Had to setup Filezilla to use Active FTP. I configured the FTP to only allow secure connections (SSL/TLS). I did also open up 5005/5006 for the Synology WebDAV.

@imagoon
I figured this out after seeing the logs in Filezilla. I opened the ports Filezilla was trying to use and it worked.

Appreciate the tips/responses.

 

[imagoon]

Turns out my work was blocking access. I was able to "borrow" a neighbors wireless signal to troubleshoot. Had to setup Filezilla to use Active FTP. I configured the FTP to only allow secure connections (SSL/TLS). I did also open up 5005/5006 for the Synology WebDAV.

@imagoon
I figured this out after seeing the logs in Filezilla. I opened the ports Filezilla was trying to use and it worked.

Appreciate the tips/responses.

Just remember that PORT (active) won't work for people behind NAT devices.

 

[fburdet]

Hello,

I am trying to setup a secure ftp connection to my synology (DSM4.1) and am unsuccessful.

Would you be so kind to give me exactly the parameters you put in the ftp settings (there are actually quite a lot and couldn't find explanations for the latest DSM version), AND all the ports you opened on your router?

Can you confirm it works on your LAN with filezilla? Apparently this should work without opening the ports, as it is internal, would divide the problem into 2 parts... first need to make sure the ftp itself is working before checking if my router blocks it...

Thanks in advance for your help, getting really annoyed here as I think I tried everything...