Using DD-WRT for FTP Backups
Knowing how and why to backup your data is extremely important in today’s technology-driven world. Anybody who has used a computer at school or university (which should be just about everyone these days) understands how valuable backups can be. If you weren’t the most unfortunate person in your class, we have all run into people that lost entire projects and gigabytes of valuable data when their computer crashed.
Though in some cases it is possible for an expert to recover data from the hard drive of a crashed computer, there are far easier and simpler methods to ensure that you don’t run into these problems. Whether you need backups for school, work, or personal reasons, implementing backup tools will save you a lot of time, money, and headaches.
For example, on your local network it is always a great idea to take advantage of Network Attached Storage for your data backup needs. But there is just one problem. You can’t access your NAS device unless you are connected to your home network. Fortunately, if you create a VPN tunnel back to your home network, there are ways to configure access. However, for those of you that don’t want to configure a VPN tunnel solely for the access to a NAS device, you have another option. Essentially, you can turn your DD-WRT device into a publicly accessible FTP server. However, it is recommended that you setup your own VPN server on your DD-WRT router to transfer files from your home network securely.
Setting Up DD-WRT to Accept FTP Connections
It is pretty easy to setup FTP on DD-WRT. You should note, however, that an FTP connection is not encrypted by default. If the data you are downloading is inconsequential in the event that it gets intercepted, you may not care about encryption. For example, if you are downloading a video file of Dora the Explorer to keep your kids distracted when you are away from home, you likely don’t care if anyone intercepts your data. However, most personal files should be encrypted.
Setting Up FTP
- First things first, your will need to browse to the Services tab and then click on the USB sub-tab. Now you will want to enable ‘core USB support,’ ‘USB storage support,’ as well as ‘automatic drive mount.’ After you have enabled these settings, simply save and apply your configuration settings.
- You will want to plug in your storage device with a USB cable and wait until you see it register under ‘disk info.’ If you don’t, you may need to reboot your router.
- Now browse to the NAS section under the Services tab.
- Allow ProFTPD to be enabled and change the port to one you find appropriate.
- Next, you will want to check that WAN Access is enabled.
- At your own discretion you can allow Anonymous Login, though it isn’t likely a good idea. The RADIUS feature is much more secure.
- Enter a username as well as a password. Remember to make these complex to increase security. Now save all of your configuration changes and apply them.
- Now you will need to browse to the Administration page and browse to Commands. Enter the following code:
- wanf=`nvram get wan_iface`
- iptables -I INPUT 2 -i $wanf -p tcp –dport 21 -j logdrop
- iptables -I INPUT 2 -i $wanf -p tcp -m state –state NEW –dport 21 -m limit –limit A/minute –limit-burst B -j logaccept
You will want to change the parameters to increase security as you see fit. In particular, you will want to edit the ‘A’ parameter to limit the number of connection attempts per minute. Also, by changing the ‘B’ parameter, you will also be able to control the quantity of unsuccessful login attempts. This will help stymy a potential attacker from initiating a brute force or other type of password attack.
- Save these settings to your startup configuration, apply your settings, and reboot your DD-WRT router.
- Your FTP configuration for remote file downloads should now be complete.
Testing Access to Your New FTP Server
- You will want to download an FTP client, and the good news is that there are many free clients of high quality. Try clients such as Filezilla (Mac), WinSCP (Windows), ESFileExplorer (Android), or FTPManager (iOS).
- Duplicate the settings in your FTP client to mirror the configuration of what you had configured on your router.
- Enter the IP address of your router to initiate a connection to log in. If you want to see your IP address, simply Google “what is my ip address” from your home network. You likely have a dynamic IP address from your ISP, so you will need to monitor this information to make future connections as it is likely subject to change. There are ways to create a hostname that always points to your Internet router, but they are outside the scope of this demonstration. Essentially, you would want to use No-IP or another free dynamic DNS service.
- Log in and test downloading a file.
Summary
Your DD-WRT router is jam-packed with tons of valuable features, and I would recommend taking advantage of the FTP features. However, a VPN back to your private home network is a more secure option because your traffic will be encrypted. If you don’t want to create a VPN tunnel to your home network, you can add some security by downloading files from your FTP server through your VPN tunnel service provider, but there will be portions of the public Internet that your data travels across without being encrypted.