Solved

Cannot FTP from Internet

Posted on 2013-11-03
2
749 Views
Last Modified: 2013-11-03
Hello and thank you for your time,

Here is my setup:

Linux server/router running Shorewall
Another Linux server running ProFTPd using port 2121 for FTP
A windows server running IIS using port 21 for FTP

I do have Shorewall DNAT port 2121 to ProFTPd

I can FTP into the Windows server from both the LAN and the Internet.
I can FTP into ProFTPd from within the LAN, but not the Internet.  When I try, I get the following from Filezilla:

Command:      PASV
Response:      227 Entering Passive Mode (192,168,217,20,223,142).
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      MLSD
Error:      Connection timed out
Error:      Failed to retrieve directory listing

The log is:

2013-11-03 21:30:11 7504 3 Status: Resolving address of domain.net
2013-11-03 21:30:12 7504 3 Status: Connecting to xxx.xxx.xxx.xxx:2121...
2013-11-03 21:30:12 7504 3 Status: Connection established, waiting for welcome message...
2013-11-03 21:30:12 7504 3 Response: 220 ProFTPD 1.3.4a Server (Debian) [::ffff:192.168.217.20]
2013-11-03 21:30:12 7504 3 Command: USER userlogin
2013-11-03 21:30:12 7504 3 Response: 331 Password required for userlogin
2013-11-03 21:30:12 7504 3 Command: PASS *********
2013-11-03 21:30:12 7504 3 Response: 230 User userlogin logged in
2013-11-03 21:30:12 7504 3 Command: SYST
2013-11-03 21:30:12 7504 3 Response: 215 UNIX Type: L8
2013-11-03 21:30:12 7504 3 Command: FEAT
2013-11-03 21:30:12 7504 3 Response: 211-Features:
2013-11-03 21:30:12 7504 3 Response:  LANG en-US.UTF-8*;en-US
2013-11-03 21:30:12 7504 3 Response:  MDTM
2013-11-03 21:30:12 7504 3 Response:  MFMT
2013-11-03 21:30:12 7504 3 Response:  TVFS
2013-11-03 21:30:12 7504 3 Response:  UTF8
2013-11-03 21:30:12 7504 3 Response:  MFF modify;UNIX.group;UNIX.mode;
2013-11-03 21:30:12 7504 3 Response:  MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
2013-11-03 21:30:12 7504 3 Response:  SITE MKDIR
2013-11-03 21:30:12 7504 3 Response:  SITE RMDIR
2013-11-03 21:30:12 7504 3 Response:  SITE UTIME
2013-11-03 21:30:12 7504 3 Response:  SITE SYMLINK
2013-11-03 21:30:12 7504 3 Response:  REST STREAM
2013-11-03 21:30:12 7504 3 Response:  SITE COPY
2013-11-03 21:30:12 7504 3 Response:  SIZE
2013-11-03 21:30:12 7504 3 Response: 211 End
2013-11-03 21:30:12 7504 3 Command: OPTS UTF8 ON
2013-11-03 21:30:12 7504 3 Response: 200 UTF8 set to on
2013-11-03 21:30:12 7504 3 Status: Connected
2013-11-03 21:30:12 7504 3 Status: Retrieving directory listing...
2013-11-03 21:30:12 7504 3 Command: PWD
2013-11-03 21:30:12 7504 3 Response: 257 "/var/www" is the current directory
2013-11-03 21:30:12 7504 3 Command: TYPE I
2013-11-03 21:30:12 7504 3 Response: 200 Type set to I
2013-11-03 21:30:12 7504 3 Command: PASV
2013-11-03 21:30:12 7504 3 Response: 227 Entering Passive Mode (192,168,217,20,136,49).
2013-11-03 21:30:12 7504 3 Status: Server sent passive reply with unroutable address. Using server address instead.
2013-11-03 21:30:12 7504 3 Command: MLSD
2013-11-03 21:30:32 7504 3 Error: Connection timed out
2013-11-03 21:30:32 7504 3 Error: Failed to retrieve directory listing

Any Ideas?

Have a great day,

Don
0
Comment
Question by:GEMCC
2 Comments
 
LVL 4

Accepted Solution

by:
lindento earned 500 total points
ID: 39620741
Hi,

the problem here is that you only NATed the control port, you also have to nat the passive port range back to the ftp server.

Here is some documentation about hoe active passive ftp works:

http://slacksite.com/other/ftp.html

Here the proftpd config how-to for NAT

http://www.proftpd.org/docs/howto/NAT.html

look for PassivePorts directive

Best Regards
0
 

Author Closing Comment

by:GEMCC
ID: 39620769
Issue resolved!  Thanks!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
android secure ftp 3 68
lunix and unix command 21 111
Block file sharing site (Dropbox, Google Drive) for only some users 10 48
Linux kernel panic ext3-fs error 14 21
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intentionā€¦
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to moveā€¦
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question