FTP Backup failing since replacing home router.

[Borreltje]

Hi all,


Ever since I replaced my old home-router (cisco RV320) with an Cisco ASA5510 I am having a problem with my off-site backups.
I had it set up to make backups to my home-server (MAC OS X server, running ftp server) this worked perfect as long as I had the RV320.
I just installed a Cisco ASA 5510 at home and set it up to accept ftp connections from the outside. This works, kinda...
It takes a long time for the directory listing to appear when using a filezilla client, but it gets there, I also tried to use the ncftp option from my directadmin server,

results below:

[****@webserver]# ncftp -u username IP_from_home_ftp_server /webserver_bu
NcFTP 3.2.5 (Feb 02, 2011) by Mike Gleason (http://www.NcFTP.com/contact/).
Connecting to IP_from_home_ftp_server...                                                                                                                                   
IP_from_home_ftp_server FTP server (tnftpd 20100324+GSSAPI) ready.
Logging in...                                                                                                                                                   
Password requested by IP_from_home_ftp_server for user "username".

    User username accepted, provide password.

Password: *********

User username logged in.
Logged in to IP_from_home_ftp_server.                                                                                                                                      
ncftp / > ls

I masked out some names and IP's for security and privacy reasons, the important stuff is there, as
you can see I can connect.

But when setting up the ftp-backup from directadmin and filling out the details I get this when trying to save:

Could not read reply from control connection -- timed out.
ncftpls: cannot open IP_from_home_ftp_server: timed out while waiting for server response.
/usr/bin/ncftpls returned error code 1
FTP information invalid.

I use the same login info as I did when testing with ncftp, so the credentials used are correct. The ftp user info has not changed since I installed the ASA5510, but backups are failing since then.

I have setup my 5510 with the needed config to allow ftp in:

access-list 100 extended permit tcp any host IP_from_local_ftp_server eq ftp
access-list 100 extended permit tcp any host IP_from_local_ftp_server eq ftp-data

policy-map global_policy
 class inspection_default
  inspect ftp 

service-policy global_policy global

It used to work just fine when I was using my old router (cisco RV320). Could this be some sort of time-out issue?
Any cisco guys here who recognize this issue?? I suspect the cisco is the culprit but I cannot seem to resolve it, any help is greatly appreciated.


Kind Regards, Borreltje.

 

[zEitEr]

Hello,

Make sure passive ports are opened on your cisco.
Related: http://help.directadmin.com/item.php?id=71

 

[Borreltje]

Hi Alex,

Thanks for the link, I read it, but I can connect from home to my direct admin server, the problem is that the connection from directadmin to home fails.
As you can see in my first post, I can connect from the command line using ncFTP, but when I schedule a directadmin backup, it fails.

 

[zEitEr]

Well, I'm not much familiar with cisco, so just a guess. When you communicate with your server through cisco it marks your server IP as trusted and allows connections from it. That's why you can establish a FTP connections. I'm not sure how much sense does it have, still try to backup a single account from directadmin by executing it manually.

 

[SeLLeRoNe]

Have you tryed to send a file via FTP command line?

Cause ok you can connect, but maybe DA can connect aswell and just doesnt send the file.

Test it, so if it doesnt work should be the passive ports as Alex suggested.

Regards

 

[Borreltje]

The inspect ftp bit in my cisco config is supposed to care of that, I tried again today and I was able to establish a connection with filezilla from my work computer, but I did have to set the time-out in filezilla client to 30 sec.
So it seems the cisco takes a long time to set up the connection, but eventually it connects.
When setting up the ftp-backup in directadmin and clicking the save button, it looks like directadmin tests the ftp credentials but does not wait long enough and gives a time-out. If I could just change the time-out setting it might just work.