Solved

FTP server not responding to LIST command in Passive Mode

Posted on 2003-11-12
4
2,304 Views
Last Modified: 2013-11-29
I'm having problems with my Linux proftpd server I recently set up.  From my internal network, I can connect to my ftp server fine in passive mode.  Externally, I can establish a connection in passive mode and log in, then it displays the welcome message, then my ftp program will try to get a directory listing by sending the command: LIST.  This is where it will just sit there and do nothing.  I can also connect directly (without being in passive move) and it will log in, display the welcome message, but when it tries to do the LIST command, I get this

Command:      LIST
Response:      425 Can't build data connection: Connection refused
Error:      Could not retrieve directory listing

I think this means that my client computer won't let my ftp server establish a direct connection to send the directory listing...so this is probably the client computer's fault?  But in passive mode, I don't get the error message at all, it just sits there at
Command:      LIST

Like I said, if I do it internally it works fine.  If I use the external address to connect..no dice.  I should mention that the ftp server is running on a non-standard port (ie. not 21) and is sitting behind a firewall.  My firewall has rules that forward incoming traffic to a certain port to my ftp server, and the inside his unlimited access to the outside.  

my current thoughs:  the ftp server is opening a new port for the data transfers (ex.  results of the LIST command) which will send out fine, but incoming data to this new port is being blocked by my firewall, which only allows certain ports such as the main one the ftp server is listening to through.

Any thoughts or suggestions are grealy appreciated.
0
Comment
Question by:nexisvi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 9733378
In addition to port 21 (or whichever port the server is listening on), you need TCP port 20 open on the firewall. This is the data channel.
The other option is to try using passive FTP vs Active FTP. Your client should give you the option.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9733384
DOH! Just saw that you are trying both active and passive.
You still need port 20 open through the firewall.
0
 

Author Comment

by:nexisvi
ID: 9735891
I ended up getting it working by setting the server on the default port 21.  For some reason, even if I configure my firewall to translate incoming ftp requests to port 1107 or whatever to private port 21, then set my ftp client to connect to 1107, it will connect but will get stuck on the LIST command, as described above.  If it's port 21 to 21, it works fine.  Weird.

Thanks for your help
0
 

Expert Comment

by:taxdodger
ID: 9753707
Maybe Proftpd allows a specific passive port range so that you can forward those in your nat, instead of a random port like what its doing.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question