Solved

Cannot FTP from Internet

Posted on 2013-11-03
2
755 Views
Last Modified: 2013-11-03
Hello and thank you for your time,

Here is my setup:

Linux server/router running Shorewall
Another Linux server running ProFTPd using port 2121 for FTP
A windows server running IIS using port 21 for FTP

I do have Shorewall DNAT port 2121 to ProFTPd

I can FTP into the Windows server from both the LAN and the Internet.
I can FTP into ProFTPd from within the LAN, but not the Internet.  When I try, I get the following from Filezilla:

Command:      PASV
Response:      227 Entering Passive Mode (192,168,217,20,223,142).
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      MLSD
Error:      Connection timed out
Error:      Failed to retrieve directory listing

The log is:

2013-11-03 21:30:11 7504 3 Status: Resolving address of domain.net
2013-11-03 21:30:12 7504 3 Status: Connecting to xxx.xxx.xxx.xxx:2121...
2013-11-03 21:30:12 7504 3 Status: Connection established, waiting for welcome message...
2013-11-03 21:30:12 7504 3 Response: 220 ProFTPD 1.3.4a Server (Debian) [::ffff:192.168.217.20]
2013-11-03 21:30:12 7504 3 Command: USER userlogin
2013-11-03 21:30:12 7504 3 Response: 331 Password required for userlogin
2013-11-03 21:30:12 7504 3 Command: PASS *********
2013-11-03 21:30:12 7504 3 Response: 230 User userlogin logged in
2013-11-03 21:30:12 7504 3 Command: SYST
2013-11-03 21:30:12 7504 3 Response: 215 UNIX Type: L8
2013-11-03 21:30:12 7504 3 Command: FEAT
2013-11-03 21:30:12 7504 3 Response: 211-Features:
2013-11-03 21:30:12 7504 3 Response:  LANG en-US.UTF-8*;en-US
2013-11-03 21:30:12 7504 3 Response:  MDTM
2013-11-03 21:30:12 7504 3 Response:  MFMT
2013-11-03 21:30:12 7504 3 Response:  TVFS
2013-11-03 21:30:12 7504 3 Response:  UTF8
2013-11-03 21:30:12 7504 3 Response:  MFF modify;UNIX.group;UNIX.mode;
2013-11-03 21:30:12 7504 3 Response:  MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
2013-11-03 21:30:12 7504 3 Response:  SITE MKDIR
2013-11-03 21:30:12 7504 3 Response:  SITE RMDIR
2013-11-03 21:30:12 7504 3 Response:  SITE UTIME
2013-11-03 21:30:12 7504 3 Response:  SITE SYMLINK
2013-11-03 21:30:12 7504 3 Response:  REST STREAM
2013-11-03 21:30:12 7504 3 Response:  SITE COPY
2013-11-03 21:30:12 7504 3 Response:  SIZE
2013-11-03 21:30:12 7504 3 Response: 211 End
2013-11-03 21:30:12 7504 3 Command: OPTS UTF8 ON
2013-11-03 21:30:12 7504 3 Response: 200 UTF8 set to on
2013-11-03 21:30:12 7504 3 Status: Connected
2013-11-03 21:30:12 7504 3 Status: Retrieving directory listing...
2013-11-03 21:30:12 7504 3 Command: PWD
2013-11-03 21:30:12 7504 3 Response: 257 "/var/www" is the current directory
2013-11-03 21:30:12 7504 3 Command: TYPE I
2013-11-03 21:30:12 7504 3 Response: 200 Type set to I
2013-11-03 21:30:12 7504 3 Command: PASV
2013-11-03 21:30:12 7504 3 Response: 227 Entering Passive Mode (192,168,217,20,136,49).
2013-11-03 21:30:12 7504 3 Status: Server sent passive reply with unroutable address. Using server address instead.
2013-11-03 21:30:12 7504 3 Command: MLSD
2013-11-03 21:30:32 7504 3 Error: Connection timed out
2013-11-03 21:30:32 7504 3 Error: Failed to retrieve directory listing

Any Ideas?

Have a great day,

Don
0
Comment
Question by:GEMCC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
lindento earned 500 total points
ID: 39620741
Hi,

the problem here is that you only NATed the control port, you also have to nat the passive port range back to the ftp server.

Here is some documentation about hoe active passive ftp works:

http://slacksite.com/other/ftp.html

Here the proftpd config how-to for NAT

http://www.proftpd.org/docs/howto/NAT.html

look for PassivePorts directive

Best Regards
0
 

Author Closing Comment

by:GEMCC
ID: 39620769
Issue resolved!  Thanks!
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question