Satellite [SOLVED] Zgemma H7S and external access to the box through Vsftpd

[Burroughs70]

Good evening, friends, and, once again, thanks for accepting me in this wonderful forum.
I have a strange networking problem on my brand new Zgemma H7S; in a nutshell, I've installed OpenATV 6.4, with just the essential plugins.
Everything is working really flawlessly now and I'm quite happy with the purchase I've done.
My only problem is about the FTP service: I'd like to access the decoder from the Internet (out of the box), just like I've done with other services, i.e. SSH, but there's something not working.
First of all, I've decided to enable the passive connection, editing vsftpd.conf this way (most relevant part of it):

chroot_local_user=YES
#
allow_writeable_chroot=YES
#
tcp_wrappers=NO

# Enable FXP
pasv_promiscuous=YES
port_promiscuous=YES

# Allow users w/o shell access
check_shell=NO

# Start directory for non-chrooted users
local_root=/

# Enable directory listing
dirlist_enable=YES

# Change FTP default listening ports
listen_port=880
ftp_data_port=881

# Additional settings
pasv_enable=YES
pasv_max_port=64221
pasv_min_port=64000
port_enable=YES
pasv_address=my_public_ip_address

All these ports (880, 881 and the passive port range between 64000 and 64221) have already been opened and forwarded on my router.
I can connect without a problem on my LAN/WLAN, from the outside instead, something different happens: I can enter in just a few seconds, but when I try to get the directory listing, everything gets stuck:

ftp> dir
229 Entering Extended Passive Mode (|||64184|)
ftp: Can't connect to `public_ip_address': Operation timed out
200 EPRT command successful. Consider using EPSV.
150 Here comes the directory listing.
drwxr-xr-x    2 0        0            4096 Mar 30 17:59 bin
drwxr-xr-x    2 0        0           16384 Jan 01  1970 boot
drwxr-xr-x   13 0        0           13760 Mar 30 22:39 dev
drwxr-xr-x   46 0        0            4096 Mar 30 22:41 etc
lrwxrwxrwx    1 0        0               9 Mar 30 18:00 hdd -> media/hdd
drwxr-xr-x    3 0        0            4096 Mar 30 17:59 home
drwxr-xr-x    8 0        0            4096 Mar 30 17:59 lib
drwxrwxrwt    4 0        0              80 Mar 30 22:39 media
lrwxrwxrwx    1 0        0               5 Mar 30 18:00 mnt -> media
dr-xr-xr-x  149 0        0               0 Jan 01  1970 proc
drwxr-xr-x    4 0        0            4096 Mar 30 22:08 run
drwxr-xr-x    2 0        0            4096 Mar 30 17:59 sbin
lrwxrwxrwx    1 0        0              10 Mar 30 18:00 share -> /usr/share
dr-xr-xr-x   12 0        0               0 Mar 30 22:39 sys
lrwxrwxrwx    1 0        0              17 Mar 30 18:00 tmp -> /var/volatile/tmp
drwxr-xr-x   11 0        0            4096 Mar 30 18:00 usr
drwxr-xr-x    7 0        0            4096 Mar 30 18:00 var
226 Directory send OK.

I'm quite sure the problem is about the passive ports, which should be enabled on the box, but, as we all know very well, OpenATV has no integrated firewall and the support to iptables is quite partial and faulty.
What really makes me upset is that the same service on a second decoder of mine (Zgemma H2S, with Italysat installed) works like a charm since 2012...
Any ideas, boys?

 

[Jamie Lee spice]

Good evening, friends, and, once again, thanks for accepting me in this wonderful forum.
I have a strange networking problem on my brand new Zgemma H7S; in a nutshell, I've installed OpenATV 6.4, with just the essential plugins.
Everything is working really flawlessly now and I'm quite happy with the purchase I've done.
My only problem is about the FTP service: I'd like to access the decoder from the Internet (out of the box), just like I've done with other services, i.e. SSH, but there's something not working.
First of all, I've decided to enable the passive connection, editing vsftpd.conf this way (most relevant part of it):

chroot_local_user=YES
#
allow_writeable_chroot=YES
#
tcp_wrappers=NO

# Enable FXP
pasv_promiscuous=YES
port_promiscuous=YES

# Allow users w/o shell access
check_shell=NO

# Start directory for non-chrooted users
local_root=/

# Enable directory listing
dirlist_enable=YES

# Change FTP default listening ports
listen_port=880
ftp_data_port=881

# Additional settings
pasv_enable=YES
pasv_max_port=64221
pasv_min_port=64000
port_enable=YES
pasv_address=my_public_ip_address

All these ports (880, 881 and the passive port range between 64000 and 64221) have already been opened and forwarded on my router.
I can connect without a problem on my LAN/WLAN, from the outside instead, something different happens: I can enter in just a few seconds, but when I try to get the directory listing, everything gets stuck:

ftp> dir
229 Entering Extended Passive Mode (|||64184|)
ftp: Can't connect to `public_ip_address': Operation timed out
200 EPRT command successful. Consider using EPSV.
150 Here comes the directory listing.
drwxr-xr-x    2 0        0            4096 Mar 30 17:59 bin
drwxr-xr-x    2 0        0           16384 Jan 01  1970 boot
drwxr-xr-x   13 0        0           13760 Mar 30 22:39 dev
drwxr-xr-x   46 0        0            4096 Mar 30 22:41 etc
lrwxrwxrwx    1 0        0               9 Mar 30 18:00 hdd -> media/hdd
drwxr-xr-x    3 0        0            4096 Mar 30 17:59 home
drwxr-xr-x    8 0        0            4096 Mar 30 17:59 lib
drwxrwxrwt    4 0        0              80 Mar 30 22:39 media
lrwxrwxrwx    1 0        0               5 Mar 30 18:00 mnt -> media
dr-xr-xr-x  149 0        0               0 Jan 01  1970 proc
drwxr-xr-x    4 0        0            4096 Mar 30 22:08 run
drwxr-xr-x    2 0        0            4096 Mar 30 17:59 sbin
lrwxrwxrwx    1 0        0              10 Mar 30 18:00 share -> /usr/share
dr-xr-xr-x   12 0        0               0 Mar 30 22:39 sys
lrwxrwxrwx    1 0        0              17 Mar 30 18:00 tmp -> /var/volatile/tmp
drwxr-xr-x   11 0        0            4096 Mar 30 18:00 usr
drwxr-xr-x    7 0        0            4096 Mar 30 18:00 var
226 Directory send OK.

I'm quite sure the problem is about the passive ports, which should be enabled on the box, but, as we all know very well, OpenATV has no integrated firewall and the support to iptables is quite partial and faulty.
What really makes me upset is that the same service on a second decoder of mine (Zgemma H2S, with Italysat installed) works like a charm since 2012...
Any ideas, boys?

Have you set up your password on the box?
It won't connect without the password setup.

 

[Burroughs70]

Have you set up your password on the box?
It won't connect without the password setup.

All my connections (Samba, SSH, FTP, NFS) have their own credentials (username and password)...

 

[Jamie Lee spice]

All my connections (Samba, SSH, FTP, NFS) have their own credentials (username and password)...

I had a problem connecting to my box using ATV until i set up the the password through the box. After that was setup usual root & password works for everything.

 

[pabloescaban]

Openatv 6.4 has to have its own password set up during flashing, unlike other openatv versions.
You can still set it up afterwards

 

[Burroughs70]

Openatv 6.4 has to have its own password set up during flashing, unlike other openatv versions.
You can still set in up afterwards

Thank you, Pablo (and Jamie).
Where can I find the (let's say so) system password?

 

[Willo3092]

Try flashing OpenViX to one of the other multiboot partitions and see if that works.
It would show if it's an ATV 6.4 issue or something to do with E2 or the network.

 

[Jamie Lee spice]

Menu~setup-network -password setup.

 

[Burroughs70]

Menu~setup-network -password setup.

Thank you, Jamie!

 

[Jamie Lee spice]

Thank you, Jamie!

No problem your welcome

 

[Burroughs70]

Good morning, lads, I've made some further checks but nothing has changed...
First of all, I've set the network password up (even though I'm quite sure it was the root user password, so it was something I had already done before), changed the range of ports to be used and, in the end, installed openvix in the second slot of the box, but the issue still persists.
Honestly speaking, I don't think it may depend on my provider policy (Virgin Media), even because I'm using not-well known ports for other services as well, I think it might be a bug related to the vsftpd package.
Any repositories to suggest, maybe I could install some older versions???
Remember, my box is a Zgemma H7S and my image is OpenATV 6.4

 

[garyth]

Good morning, lads, I've made some further checks but nothing has changed...
First of all, I've set the network password up (even though I'm quite sure it was the root user password, so it was something I had already done before), changed the range of ports to be used and, in the end, installed openvix in the second slot of the box, but the issue still persists.
Honestly speaking, I don't think it may depend on my provider policy (Virgin Media), even because I'm using not-well known ports for other services as well, I think it might be a bug related to the vsftpd package.
Any repositories to suggest, maybe I could install some older versions???
Remember, my box is a Zgemma H7S and my image is OpenATV 6.4

try 6.3 and see how you go

 

[Burroughs70]

try 6.3 and see how you go

Yes, I've installed OpenATV 6.3 and PurE2 but nothing has changed, that's why I was considering to try with an old vsftpd package.
The same configuration file (dating back to 2012) works perfectly on a Zgemma H2S with Italysat on.

 

[Burroughs70]

Well, I've not really fixed this issue, but I've used a workaround instead: the problem in itself was impossible to solve as I needed to install a working version of iptables and open the passive ports range adding it to the INPUT chain, which was impossible to do, as Enigma2 still lacks a working version of iptables.
I've decided instead to uninstall dropbear, install the openssh-sftp package and configure an SFTP server, using, in this case, a different port.
It took me five minutes to do this, now everything is working flawlessly.