NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS NV (Sparc) OS Partition Full
Hi I've been doing a lot of googling and think I'm nearly at the point I can get access back to my NV Frontview. Basically, NFS started to fail, then CIFS went down, then I got all sorts of o...
Aaaaaaaagh!
I thought I now how a fully working system again, but it appears that I can't remotely write files via FTP.
I think I've narrowed this down to the FTP server on the ReadyNAS ignoring the values I've input for the passive port range, so when an FTP client issues the PASV command, the response if more often than not a port well outside the range I've specified (and opened in firewalls at each location), in this case ports 1024-1074.
This explains why for the last two days most of the files that have been written (they come from a remote IP camera periodically saving still jpegs to the ReadyNAS) have zero byte length while the odd file is sucessfully written (when the random passive port gets lucky and falls in the range opened in the firewalls.
Can anyone help me get the FTP server on the ReadyNAS to correctly use the range specified in Frontview once more? I did download the logs and in services.conf it matches what I have in frontview:
FTP_MODE=user
FTP_PASSIVE_END=1074
FTP_PASSIVE_START=1024
FTP_PORT=21
FTP_UPLOAD_RESUME=1
There are also loads of entries in daemon.log like:
Sep 20 16:29:47 MyNAS proftpd[26292]: MyNAS ((*clientexternalip*)[*clientexternalip*]) - Refused PORT 192,168,254,2,234,158 (address mismatch)
which I'm assuming is only because the FTP client on the IP camera is trying active mode since passive mode is failing?
Is my only option now to use EnableRootSSH and manually configure the ProFTPd config? (I suppose worrying about voiding the warranty on a NAS this old is a little pointless anyway).
Did the IP camera ever work?
rickwookie wrote:
Sep 20 16:29:47 MyNAS proftpd[26292]: MyNAS ((*clientexternalip*)[*clientexternalip*]) - Refused PORT 192,168,254,2,234,158 (address mismatch)
.
This is port 60062 (234*256+158). It could be an active connection.
Did the NAS IP address change? Can you give any details on the camera's FTP configuration, and/or a more complete connection log?
It's been working every weekday for the last two months, right up until I did the OS re-install that corrupted Frontview this last weekend. No IP addresses or hostnames have changed at either end and my firewall router configuration is the same.
I've actually gone ahead now and enabled the SSH access, since I figured there was no way this was going to get resolved using Frontview alone, and Telnet-ing in using the support mode was a real pain tbh.
FTP tranfers are now compleating successfully, since I've added
PassivePorts 1024 1074
to /etc/proftpd.conf
The entire file consisted of just:
Include /etc/frontview/proftpd/ftps.conf
Include /etc/frontview/proftpd/User.confand neither of those files, nor /etc/frontview/proftpd/Shares.conf that User.conf 'Include's make any reference to PassivePorts or FTP_PASSIVE_START or anything like it.
I would love to know where the link is from the frontview settings to the proftpd config files to make it all work as it should again, but for now at least I've got the FTP server configured to work as I need it.
I strongly suspect that there will be other settings from the file services page that are not making it through to the associated configs, but maybe they are working as expect with the default settings. Certainly Master Browser is suspect since the ReadyNAS doesn't seem to show up under Network in Windows Explorer anymore, but I can browser it fine if I type the hostname or IP address into the address bar.
rickwookie wrote:
Telnet-ing in using the support mode was a real pain tbh.
Well it is called tech support mode for a reason. It's intended for support and it is a low-level diagnostic mode useful for diagnosing much more serious problems than a full OS partition.
mdgm wrote:
rickwookie wrote:Telnet-ing in using the support mode was a real pain tbh.
Well it is called tech support mode for a reason. It's intended for support and it is a low-level diagnostic mode useful for diagnosing much more serious problems than a full OS partition.
Um, thanks for the heads up?
In the mean time I'll continue to find my own solutions to the problem, although I will confess I'm struggling a little here.
I'd really appreciate it if anyone could direct me where to look for the missing link that I currently have between the Frontview settings for ftp and the active proftpd configuration.
So far I've found what appears to be the default config in /etc/default/ but I still can work out why changes in the Frontview web UI are being ignored.
rickwookie wrote:
The entire file consisted of just:
Include /etc/frontview/proftpd/ftps.conf
Include /etc/frontview/proftpd/User.confand neither of those files, nor /etc/frontview/proftpd/Shares.conf that User.conf 'Include's make any reference to PassivePorts or FTP_PASSIVE_START or anything like it.
That is quite odd, because the proftpd.conf files on my v1 NAS aren't that simple and do include PassivePorts. I'm copying one below for reference (with the control port and passive port range I use for that machine XXXXXd out).
I think there is still damage from the original full OS partition issue. You could simply try to fix things as you find problems, but it might be more prudent (and simpler) to back up your data, do a factory reset, rebuild/configure the NAS and restore the data from backup..
NVNAS:/etc# cat proftpd.conf
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody/nogroup" and "ftp" for normal operation and anon.
ServerName "NETGEAR ReadyNAS"
ServerType standalone
DeferWelcome offMultilineRFC2228 on
DefaultServer on
ShowSymlinks on
AllowOverwrite on
AllowStoreRestart on
UseReverseDNS off
IdentLookups off
TimesGMT off
WtmpLog off
ServerLog /var/log/proftpd.log
SystemLog /var/log/proftpd.log
TransferLog /var/log/proftpd.log
BanLog /var/log/proftpd.log
MaxLoginAttempts 2
BanEngine on
BanTable /ramfs/ftp_ban.tbl
BanOnEvent MaxLoginAttempts 5/00:10:00 00:15:00TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200DisplayLogin welcome.msg
DisplayChdir .messageDenyFilter \*.*/
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
PersistentPasswd on# Uncomment this if you would use quota module:
#Quotas on# Port 21 is the standard FTP port.
Port XXXXXX
MasqueradeAddress NVNAS
DynMasqRefresh 7200
PassivePorts XXXXX XXXXX
AllowForeignAddress on# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30# Set the user and group that the server normally runs at.
User nobody
Group nogroup# Normally, we want files to be overwriteable.
<Directory /*>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022AllowOverwrite on
</Directory>Include /etc/frontview/proftpd/ftps.conf
Include /etc/frontview/proftpd/User.conf
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
