Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FTP server not responding to LIST command in Passive Mode

Posted on 2003-11-12
4
Medium Priority
?
2,324 Views
Last Modified: 2013-11-29
I'm having problems with my Linux proftpd server I recently set up.  From my internal network, I can connect to my ftp server fine in passive mode.  Externally, I can establish a connection in passive mode and log in, then it displays the welcome message, then my ftp program will try to get a directory listing by sending the command: LIST.  This is where it will just sit there and do nothing.  I can also connect directly (without being in passive move) and it will log in, display the welcome message, but when it tries to do the LIST command, I get this

Command:      LIST
Response:      425 Can't build data connection: Connection refused
Error:      Could not retrieve directory listing

I think this means that my client computer won't let my ftp server establish a direct connection to send the directory listing...so this is probably the client computer's fault?  But in passive mode, I don't get the error message at all, it just sits there at
Command:      LIST

Like I said, if I do it internally it works fine.  If I use the external address to connect..no dice.  I should mention that the ftp server is running on a non-standard port (ie. not 21) and is sitting behind a firewall.  My firewall has rules that forward incoming traffic to a certain port to my ftp server, and the inside his unlimited access to the outside.  

my current thoughs:  the ftp server is opening a new port for the data transfers (ex.  results of the LIST command) which will send out fine, but incoming data to this new port is being blocked by my firewall, which only allows certain ports such as the main one the ftp server is listening to through.

Any thoughts or suggestions are grealy appreciated.
0
Comment
Question by:nexisvi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 9733378
In addition to port 21 (or whichever port the server is listening on), you need TCP port 20 open on the firewall. This is the data channel.
The other option is to try using passive FTP vs Active FTP. Your client should give you the option.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9733384
DOH! Just saw that you are trying both active and passive.
You still need port 20 open through the firewall.
0
 

Author Comment

by:nexisvi
ID: 9735891
I ended up getting it working by setting the server on the default port 21.  For some reason, even if I configure my firewall to translate incoming ftp requests to port 1107 or whatever to private port 21, then set my ftp client to connect to 1107, it will connect but will get stuck on the LIST command, as described above.  If it's port 21 to 21, it works fine.  Weird.

Thanks for your help
0
 

Expert Comment

by:taxdodger
ID: 9753707
Maybe Proftpd allows a specific passive port range so that you can forward those in your nat, instead of a random port like what its doing.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question