Solved

Filezilla client unable to get directory listing from a Windows Filezilla Server

Posted on 2014-02-04
3
923 Views
Last Modified: 2014-02-04
I am connected from a Windows 7 workstation that has FTP Filezilla Client installed. I am connecting to a Windows Server 2003 via a Hardware Firewall VPN that has Filezilla Server installed. I am able to connect to the server but I am not able to see the directory listing of the folders. On the server the local windows firewall is not running so I am unsure what is at fault. I am able to commit to the FTP Folder, just not able to review the listing directory.
0
Comment
Question by:GenieMaster
3 Comments
 
LVL 17

Expert Comment

by:Kent Dyer
ID: 39832410
Reading this..  First immediate thought that comes to mind is permissions..  The other immediate thought is FTP and then SFTP..  What are the permissions?  What ports is the FTP/SFTP server working with?  Is it port 21 or port 22?  If it is port 22, do you have a valid ssl cert configured and setup?
0
 

Author Comment

by:GenieMaster
ID: 39832538
The port the FTP server is listening on is Port 21

I have read something about that you may need to set it up in Passive Mode in order for it to work correctly but am unsure on how to set this up.

On Filezilla it says
"Use custom PASV settings if you are operating the server from behind a NAT router or a firewall. In that case, the IP address of the server is not accessible from outside of the router, so you should fill in the correct address here. Use the port range to limit the number of ports that will need to be forwarded through the router."
0
 
LVL 16

Accepted Solution

by:
AlexPace earned 250 total points
ID: 39832812
The connection and user authentication happens on the port 21 control channel.  

To get a directory listing, the client sends the LIST verb on the control channel but then actually receives the listing on a data channel connection that is negotiated on an as needed basis by sending either the PORT or PASV command.

The PORT command is sent when the client wants an Active Mode data channel and obviously PASV for Passive Mode.

In Active Mode, your network security must be configured to allow the server to initiate an inbound connection back to the client machine.  If your client machine has a private address, for example in the 10.x.x.x or 192.168.x.x ranges, then your client either needs to send a public address or your firewall will need to snoop the control channel and replace the private address with a public address on the fly...  This used to be a high-end feature but these days consumer-grade NAT routers can do it.

In Passive Mode, your network security must be configured to allow your client machine to make an outbound connection to any port in the server's passive port range.  You don't know what port it will be until the server responds to the client's PASV request.

For either mode, the IP address and port number are represented as a set of six comma-separated numbers.  The first four numbers is the IP address.  The last 2 numbers represent the port number.  Sometimes you need to calculate the exact port for troubleshooting purposes... to do that multiply the 5th number by 256 and then add the value of the 6th number.  It will be a number higher than 1024 and less than 65536.  The administrator of the remote FTP server should be able to tell you their passive port range so you don't have to guess when you make your pinhole in the firewall.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now