nexisvi
asked on
FTP server not responding to LIST command in Passive Mode
I'm having problems with my Linux proftpd server I recently set up. From my internal network, I can connect to my ftp server fine in passive mode. Externally, I can establish a connection in passive mode and log in, then it displays the welcome message, then my ftp program will try to get a directory listing by sending the command: LIST. This is where it will just sit there and do nothing. I can also connect directly (without being in passive move) and it will log in, display the welcome message, but when it tries to do the LIST command, I get this
Command: LIST
Response: 425 Can't build data connection: Connection refused
Error: Could not retrieve directory listing
I think this means that my client computer won't let my ftp server establish a direct connection to send the directory listing...so this is probably the client computer's fault? But in passive mode, I don't get the error message at all, it just sits there at
Command: LIST
Like I said, if I do it internally it works fine. If I use the external address to connect..no dice. I should mention that the ftp server is running on a non-standard port (ie. not 21) and is sitting behind a firewall. My firewall has rules that forward incoming traffic to a certain port to my ftp server, and the inside his unlimited access to the outside.
my current thoughs: the ftp server is opening a new port for the data transfers (ex. results of the LIST command) which will send out fine, but incoming data to this new port is being blocked by my firewall, which only allows certain ports such as the main one the ftp server is listening to through.
Any thoughts or suggestions are grealy appreciated.
Command: LIST
Response: 425 Can't build data connection: Connection refused
Error: Could not retrieve directory listing
I think this means that my client computer won't let my ftp server establish a direct connection to send the directory listing...so this is probably the client computer's fault? But in passive mode, I don't get the error message at all, it just sits there at
Command: LIST
Like I said, if I do it internally it works fine. If I use the external address to connect..no dice. I should mention that the ftp server is running on a non-standard port (ie. not 21) and is sitting behind a firewall. My firewall has rules that forward incoming traffic to a certain port to my ftp server, and the inside his unlimited access to the outside.
my current thoughs: the ftp server is opening a new port for the data transfers (ex. results of the LIST command) which will send out fine, but incoming data to this new port is being blocked by my firewall, which only allows certain ports such as the main one the ftp server is listening to through.
Any thoughts or suggestions are grealy appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ended up getting it working by setting the server on the default port 21. For some reason, even if I configure my firewall to translate incoming ftp requests to port 1107 or whatever to private port 21, then set my ftp client to connect to 1107, it will connect but will get stuck on the LIST command, as described above. If it's port 21 to 21, it works fine. Weird.
Thanks for your help
Thanks for your help
Maybe Proftpd allows a specific passive port range so that you can forward those in your nat, instead of a random port like what its doing.
You still need port 20 open through the firewall.