Solved

Cannot FTP from Internet

Posted on 2013-11-03
2
763 Views
Last Modified: 2013-11-03
Hello and thank you for your time,

Here is my setup:

Linux server/router running Shorewall
Another Linux server running ProFTPd using port 2121 for FTP
A windows server running IIS using port 21 for FTP

I do have Shorewall DNAT port 2121 to ProFTPd

I can FTP into the Windows server from both the LAN and the Internet.
I can FTP into ProFTPd from within the LAN, but not the Internet.  When I try, I get the following from Filezilla:

Command:      PASV
Response:      227 Entering Passive Mode (192,168,217,20,223,142).
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      MLSD
Error:      Connection timed out
Error:      Failed to retrieve directory listing

The log is:

2013-11-03 21:30:11 7504 3 Status: Resolving address of domain.net
2013-11-03 21:30:12 7504 3 Status: Connecting to xxx.xxx.xxx.xxx:2121...
2013-11-03 21:30:12 7504 3 Status: Connection established, waiting for welcome message...
2013-11-03 21:30:12 7504 3 Response: 220 ProFTPD 1.3.4a Server (Debian) [::ffff:192.168.217.20]
2013-11-03 21:30:12 7504 3 Command: USER userlogin
2013-11-03 21:30:12 7504 3 Response: 331 Password required for userlogin
2013-11-03 21:30:12 7504 3 Command: PASS *********
2013-11-03 21:30:12 7504 3 Response: 230 User userlogin logged in
2013-11-03 21:30:12 7504 3 Command: SYST
2013-11-03 21:30:12 7504 3 Response: 215 UNIX Type: L8
2013-11-03 21:30:12 7504 3 Command: FEAT
2013-11-03 21:30:12 7504 3 Response: 211-Features:
2013-11-03 21:30:12 7504 3 Response:  LANG en-US.UTF-8*;en-US
2013-11-03 21:30:12 7504 3 Response:  MDTM
2013-11-03 21:30:12 7504 3 Response:  MFMT
2013-11-03 21:30:12 7504 3 Response:  TVFS
2013-11-03 21:30:12 7504 3 Response:  UTF8
2013-11-03 21:30:12 7504 3 Response:  MFF modify;UNIX.group;UNIX.mode;
2013-11-03 21:30:12 7504 3 Response:  MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
2013-11-03 21:30:12 7504 3 Response:  SITE MKDIR
2013-11-03 21:30:12 7504 3 Response:  SITE RMDIR
2013-11-03 21:30:12 7504 3 Response:  SITE UTIME
2013-11-03 21:30:12 7504 3 Response:  SITE SYMLINK
2013-11-03 21:30:12 7504 3 Response:  REST STREAM
2013-11-03 21:30:12 7504 3 Response:  SITE COPY
2013-11-03 21:30:12 7504 3 Response:  SIZE
2013-11-03 21:30:12 7504 3 Response: 211 End
2013-11-03 21:30:12 7504 3 Command: OPTS UTF8 ON
2013-11-03 21:30:12 7504 3 Response: 200 UTF8 set to on
2013-11-03 21:30:12 7504 3 Status: Connected
2013-11-03 21:30:12 7504 3 Status: Retrieving directory listing...
2013-11-03 21:30:12 7504 3 Command: PWD
2013-11-03 21:30:12 7504 3 Response: 257 "/var/www" is the current directory
2013-11-03 21:30:12 7504 3 Command: TYPE I
2013-11-03 21:30:12 7504 3 Response: 200 Type set to I
2013-11-03 21:30:12 7504 3 Command: PASV
2013-11-03 21:30:12 7504 3 Response: 227 Entering Passive Mode (192,168,217,20,136,49).
2013-11-03 21:30:12 7504 3 Status: Server sent passive reply with unroutable address. Using server address instead.
2013-11-03 21:30:12 7504 3 Command: MLSD
2013-11-03 21:30:32 7504 3 Error: Connection timed out
2013-11-03 21:30:32 7504 3 Error: Failed to retrieve directory listing

Any Ideas?

Have a great day,

Don
0
Comment
Question by:GEMCC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
lindento earned 500 total points
ID: 39620741
Hi,

the problem here is that you only NATed the control port, you also have to nat the passive port range back to the ftp server.

Here is some documentation about hoe active passive ftp works:

http://slacksite.com/other/ftp.html

Here the proftpd config how-to for NAT

http://www.proftpd.org/docs/howto/NAT.html

look for PassivePorts directive

Best Regards
0
 

Author Closing Comment

by:GEMCC
ID: 39620769
Issue resolved!  Thanks!
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question