Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 782
  • Last Modified:

Cannot FTP from Internet

Hello and thank you for your time,

Here is my setup:

Linux server/router running Shorewall
Another Linux server running ProFTPd using port 2121 for FTP
A windows server running IIS using port 21 for FTP

I do have Shorewall DNAT port 2121 to ProFTPd

I can FTP into the Windows server from both the LAN and the Internet.
I can FTP into ProFTPd from within the LAN, but not the Internet.  When I try, I get the following from Filezilla:

Command:      PASV
Response:      227 Entering Passive Mode (192,168,217,20,223,142).
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      MLSD
Error:      Connection timed out
Error:      Failed to retrieve directory listing

The log is:

2013-11-03 21:30:11 7504 3 Status: Resolving address of domain.net
2013-11-03 21:30:12 7504 3 Status: Connecting to xxx.xxx.xxx.xxx:2121...
2013-11-03 21:30:12 7504 3 Status: Connection established, waiting for welcome message...
2013-11-03 21:30:12 7504 3 Response: 220 ProFTPD 1.3.4a Server (Debian) [::ffff:192.168.217.20]
2013-11-03 21:30:12 7504 3 Command: USER userlogin
2013-11-03 21:30:12 7504 3 Response: 331 Password required for userlogin
2013-11-03 21:30:12 7504 3 Command: PASS *********
2013-11-03 21:30:12 7504 3 Response: 230 User userlogin logged in
2013-11-03 21:30:12 7504 3 Command: SYST
2013-11-03 21:30:12 7504 3 Response: 215 UNIX Type: L8
2013-11-03 21:30:12 7504 3 Command: FEAT
2013-11-03 21:30:12 7504 3 Response: 211-Features:
2013-11-03 21:30:12 7504 3 Response:  LANG en-US.UTF-8*;en-US
2013-11-03 21:30:12 7504 3 Response:  MDTM
2013-11-03 21:30:12 7504 3 Response:  MFMT
2013-11-03 21:30:12 7504 3 Response:  TVFS
2013-11-03 21:30:12 7504 3 Response:  UTF8
2013-11-03 21:30:12 7504 3 Response:  MFF modify;UNIX.group;UNIX.mode;
2013-11-03 21:30:12 7504 3 Response:  MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
2013-11-03 21:30:12 7504 3 Response:  SITE MKDIR
2013-11-03 21:30:12 7504 3 Response:  SITE RMDIR
2013-11-03 21:30:12 7504 3 Response:  SITE UTIME
2013-11-03 21:30:12 7504 3 Response:  SITE SYMLINK
2013-11-03 21:30:12 7504 3 Response:  REST STREAM
2013-11-03 21:30:12 7504 3 Response:  SITE COPY
2013-11-03 21:30:12 7504 3 Response:  SIZE
2013-11-03 21:30:12 7504 3 Response: 211 End
2013-11-03 21:30:12 7504 3 Command: OPTS UTF8 ON
2013-11-03 21:30:12 7504 3 Response: 200 UTF8 set to on
2013-11-03 21:30:12 7504 3 Status: Connected
2013-11-03 21:30:12 7504 3 Status: Retrieving directory listing...
2013-11-03 21:30:12 7504 3 Command: PWD
2013-11-03 21:30:12 7504 3 Response: 257 "/var/www" is the current directory
2013-11-03 21:30:12 7504 3 Command: TYPE I
2013-11-03 21:30:12 7504 3 Response: 200 Type set to I
2013-11-03 21:30:12 7504 3 Command: PASV
2013-11-03 21:30:12 7504 3 Response: 227 Entering Passive Mode (192,168,217,20,136,49).
2013-11-03 21:30:12 7504 3 Status: Server sent passive reply with unroutable address. Using server address instead.
2013-11-03 21:30:12 7504 3 Command: MLSD
2013-11-03 21:30:32 7504 3 Error: Connection timed out
2013-11-03 21:30:32 7504 3 Error: Failed to retrieve directory listing

Any Ideas?

Have a great day,

Don
0
GEMCC
Asked:
GEMCC
1 Solution
 
lindentoCommented:
Hi,

the problem here is that you only NATed the control port, you also have to nat the passive port range back to the ftp server.

Here is some documentation about hoe active passive ftp works:

http://slacksite.com/other/ftp.html

Here the proftpd config how-to for NAT

http://www.proftpd.org/docs/howto/NAT.html

look for PassivePorts directive

Best Regards
0
 
GEMCCAuthor Commented:
Issue resolved!  Thanks!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now