Solved

FTP server not responding to LIST command in Passive Mode

Posted on 2003-11-12
4
2,289 Views
Last Modified: 2013-11-29
I'm having problems with my Linux proftpd server I recently set up.  From my internal network, I can connect to my ftp server fine in passive mode.  Externally, I can establish a connection in passive mode and log in, then it displays the welcome message, then my ftp program will try to get a directory listing by sending the command: LIST.  This is where it will just sit there and do nothing.  I can also connect directly (without being in passive move) and it will log in, display the welcome message, but when it tries to do the LIST command, I get this

Command:      LIST
Response:      425 Can't build data connection: Connection refused
Error:      Could not retrieve directory listing

I think this means that my client computer won't let my ftp server establish a direct connection to send the directory listing...so this is probably the client computer's fault?  But in passive mode, I don't get the error message at all, it just sits there at
Command:      LIST

Like I said, if I do it internally it works fine.  If I use the external address to connect..no dice.  I should mention that the ftp server is running on a non-standard port (ie. not 21) and is sitting behind a firewall.  My firewall has rules that forward incoming traffic to a certain port to my ftp server, and the inside his unlimited access to the outside.  

my current thoughs:  the ftp server is opening a new port for the data transfers (ex.  results of the LIST command) which will send out fine, but incoming data to this new port is being blocked by my firewall, which only allows certain ports such as the main one the ftp server is listening to through.

Any thoughts or suggestions are grealy appreciated.
0
Comment
Question by:nexisvi
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
Comment Utility
In addition to port 21 (or whichever port the server is listening on), you need TCP port 20 open on the firewall. This is the data channel.
The other option is to try using passive FTP vs Active FTP. Your client should give you the option.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
DOH! Just saw that you are trying both active and passive.
You still need port 20 open through the firewall.
0
 

Author Comment

by:nexisvi
Comment Utility
I ended up getting it working by setting the server on the default port 21.  For some reason, even if I configure my firewall to translate incoming ftp requests to port 1107 or whatever to private port 21, then set my ftp client to connect to 1107, it will connect but will get stuck on the LIST command, as described above.  If it's port 21 to 21, it works fine.  Weird.

Thanks for your help
0
 

Expert Comment

by:taxdodger
Comment Utility
Maybe Proftpd allows a specific passive port range so that you can forward those in your nat, instead of a random port like what its doing.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now