FTP / SFTP server Remote access

Discussion in 'OS X Mountain Lion (10.8)' started by Toby Goodbar, May 15, 2015.

  1. Toby Goodbar, May 15, 2015
    Last edited: May 15, 2015

    Toby Goodbar macrumors 6502

    Joined:
    Sep 8, 2006
    #1
    What i want to do is have a way to remotely access hard drive files on my iMac remotely over the internet. FTP seems like the best option as i can access it from a variety of OS's

    So far I've been able to enable both FTP and SFTP server built into osx 10.8. I tested them from the terminal using ftp localhost and sftp localhost respectively.

    I port FWD'd ports 20-22 inclusively through the router. (yes i know how to do it properly, I had previously done it for VNC and torrent clients)

    Im using No-IP which is working fine (vmc works remotely) for DNS server to simplify keeping track of IP address. Speaking of IP address the iMac has a static one from router.

    However, this is the point where I'm stuck. So far Ive tried from a windows machine using FireFTP a firefox ftp extension for the browser and using ftpmanager free on iOS with no success.

    Can anyone help, offer any insight?
     
  2. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #2
    Is the client doing active or passive FTP?

    If it's doing passive FTP, then you need to forward the ports the FTP server is using for its data channels. One typically opens/forwards a series of ports on the router in the ephemeral range, say 54300-54399, then configures the FTP server to use the same range. At least that's how I did it the last time I dealt with this crap a few years back.

    If the client is doing active FTP, then the ports on the remote client's router need to be opened/forwarded. This is generally much harder to accomplish when using arbitrary access points, hence the invention of passive mode.

    If your router has logs that show incoming ports for connection attempts, look there to see what port range your FTP server is using. This would also confirm whether the remote client is using active or passive mode.
     
  3. Toby Goodbar, May 17, 2015
    Last edited: May 17, 2015

    Toby Goodbar thread starter macrumors 6502

    Joined:
    Sep 8, 2006
    #3
    Depending on where I'm testing from I've tried both active and passive. My phone has an app (ios) FtpManager Free that allows you to choose between active and passive. I haven't had success with either method nor using sftp vs ftp. I use the phone to test from home so i can just use its LTE data connection. When I'm at the other location I'm using cyber duck for windows or Fireftp a mozilla browser extension

    I suspect I found the problem though. I used an online scanning tool to check ports 20,21,&22 and they are all reported as closed even though i have them FWDd in the router properly. I've rebooted, deleted and re-FWDd but no matter what i do to it the router doesn't want to cooperate with opening those ports. The only thing i can think to do is use higher range ports but I haven't figured out how to tell my iMac how to change the servers from the default port to one of my choosing....

    BTW i just want to say thanks, I feel like I recognize your screen name and may have gotten some help from you before :)
     
  4. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #4
    Don't use FTP as it's very insecure. There are free SFTP clients for Windows and for OS X. There are SFTP clients for iOS too, such as Transmit, by Panic, but it's not free.
     
  5. Toby Goodbar, May 17, 2015
    Last edited: May 17, 2015

    Toby Goodbar thread starter macrumors 6502

    Joined:
    Sep 8, 2006
    #5
    Thanks. I'm aware. Cyberduck is cross platform and i happen to use Transmit on my mac, its a great app. The issue is still getting remote access to the servers at the moment
     
  6. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #6
    You only need to open whatever port you are running SSH on, which is, by default, 22. Can you actually access ssh from another computer on your local network? It looks as if you only tested via LTE and localhost.
     
  7. Toby Goodbar thread starter macrumors 6502

    Joined:
    Sep 8, 2006
    #7
    Good question, to be honest, I didn't try. I opened 20-22 in order to try both FTP and SFTP. Basically just trying to get either one to work. When i get back there Ill try on the local network. Localhost was just to verify the server was "on". (i used wifi at other remote locations and PCs not just LTE but all failed)

    If you saw my other post, the internet based port scan is showing 20-22 closed. I tried my VNC port to make sure it wasnt an issue with the scanner and it green lighted so I think there may be a router based issue, but I'll try your suggestion on the local network and see what that yields... At least that would eliminate any problem at the host. Then I can maybe figure out how to re designate the default SFTP port to something else, maybe
     
  8. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #8
    Test with SSH if you have a client available on your phone or another computer. That may provide more detail why SFTP isn't working.
     
  9. Toby Goodbar thread starter macrumors 6502

    Joined:
    Sep 8, 2006
    #9
    Just got in. SFTP works as expected when using the local router assigned ip address. Thoughts?
     
  10. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #10
    Does your ISP block port 22?
     
  11. Toby Goodbar thread starter macrumors 6502

    Joined:
    Sep 8, 2006
    #11
    Just checked their list. They do not
     
  12. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #12
    Exactly which servers are you running on your iMac? Is it ftpd and sshd? Which versions? How are they being started?

    There are man pages for ftpd and sshd. Did you read them? Are you following some other guide or tutorial?

    Without details of what you actually did, all anyone can do is guess.


    If you have some command-line skills, you might try the 'traceroute' command from the remote client. It's also available in "Network Utility.app".

    If basic traceroute works, change the protocol to TCP and the port to 20, 21, or 22 and see what happens.
     
  13. Toby Goodbar, May 18, 2015
    Last edited: May 18, 2015

    Toby Goodbar thread starter macrumors 6502

    Joined:
    Sep 8, 2006
    #13
    I am running the built in servers OSX 10.8. FTP and SFTP (SFTP to my understanding also doubles to handle SSH requests).

    System Preferences>Sharing>Remote Login after ticking the box, added my user profile to the list

    SFTP was enabled and I verified this by using the command line "sftp localhost"

    FTP had to be enabled as their is no GUI for it. I used the command line "sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist". I verified it by using the command line "ftp localhost"

    The connections also work device to device on the local network (same wifi). But remotely from somewhere else is no dice.

    I know of no manuals or what is ftpd or sshd are. I've never heard of a version of those with a "d" on the end?

    Using Traceroute in the Network Utility GUI the dynamic dns address goes through and resolves the IP but if I add :20, :21, or :22 to the address it just hangs. Although I'm not entirely sure thats how you use it lol. Ive always had an easier time using external web page based scanners, which verify my VNC port is open (plus it works) but that ports 20-22 are closed.

    My Mac firewall is NOT on. The modem firewall is not on and the router doesn't seem to have one although I did contact the manufacturer to make sure. Still waiting to hear back but I combed through category one page of options at a time and found nothing.
     
  14. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #14
    ftpd is the FTP server. The 'd' on the end usually implies a daemon.

    You can see that ftpd is the command by opening the plist you used, or listing it in a Terminal window:
    Code:
    cat /System/Library/LaunchDaemons/ftp.plist
    
    Here's its online man page:
    https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/ftpd.8.html

    Be sure to also read the man pages it links to, to learn where it gets its passive port range, and its main port to listen on.

    If you've never managed an FTP server before, you'd probably be better off to find a tutorial on it, rather than trying to puzzle it out from man pages.

    When I google tnftpd mac tutorial it shows several results that apply to OS X 10.4 Tiger. That seems to be the same FTP server that's present by default on 10.8, so you could look at those and try some simple things on your LAN. For example, see if you can reconfigure it to listen on a different port. If that works on the LAN, then try configuring your router and see what happens.

    Or you could pay $20 and get OS X Server, and use that to manage the FTP server. I think the version for 10.8 is still available in the app store, but I could be wrong. There are also some other FTP servers in the App Store that are less than $20.
     
  15. Toby Goodbar thread starter macrumors 6502

    Joined:
    Sep 8, 2006
    #15
    Thanks for the lesson the "d's" at the end. I didn't realize it was a daemon designator. I guess that makes sense.

    I looked over the link you sent me and after perusing through and using the find function to view relevant info, I think i'll give the OSX Server package a try. You make it seem much easier to manage that way. Ill post back with an update
     
  16. Toby Goodbar thread starter macrumors 6502

    Joined:
    Sep 8, 2006
    #16
    Sooo I think I just wasted $20 lol. Even though it really is a nice program and i might use it in the future for more complex things…

    Anyway it didn't work. So I got the idea to check firewalls again and still couldn't find anything on, to make a long story short I ended up on the modem page and realized I had had this problem before when i set up my VNC ports because lo and behold on my cisco modem (which apparently doubles as a router) i found that i had fwd'd the vnc port on the port forwarding page. So i FWDd port 22 to the router and voila! Everything started working.

    So I guess my next question is, since i can recognize someone more knowledgable than myself…should the DHCP server on the cisco modem be turned off? If it were, then I wouldn't have to forward ports at the modem AND the router correct? Which would probably make the extender connected to the router handle the port requests automatically when a device changes from the primary router to the extender yea?
     
  17. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #17
    You really only want one device acting as a router on a typical home network, so yes, you should shut off DHCP and NAT on one of the two devices. There should be something called bridge mode or similar which is how you should configure one of the two.
    Again, don't use FTP, so shut that off on your computer. SSH/SFTP will do fine.
     

Share This Page