Filezilla client unable to get directory listing from a Windows Filezilla Server

Posted on 2014-02-04
Last Modified: 2014-02-04
I am connected from a Windows 7 workstation that has FTP Filezilla Client installed. I am connecting to a Windows Server 2003 via a Hardware Firewall VPN that has Filezilla Server installed. I am able to connect to the server but I am not able to see the directory listing of the folders. On the server the local windows firewall is not running so I am unsure what is at fault. I am able to commit to the FTP Folder, just not able to review the listing directory.
Question by:GenieMaster
LVL 17

Expert Comment

by:Kent Dyer
ID: 39832410
Reading this..  First immediate thought that comes to mind is permissions..  The other immediate thought is FTP and then SFTP..  What are the permissions?  What ports is the FTP/SFTP server working with?  Is it port 21 or port 22?  If it is port 22, do you have a valid ssl cert configured and setup?

Author Comment

ID: 39832538
The port the FTP server is listening on is Port 21

I have read something about that you may need to set it up in Passive Mode in order for it to work correctly but am unsure on how to set this up.

On Filezilla it says
"Use custom PASV settings if you are operating the server from behind a NAT router or a firewall. In that case, the IP address of the server is not accessible from outside of the router, so you should fill in the correct address here. Use the port range to limit the number of ports that will need to be forwarded through the router."
LVL 16

Accepted Solution

AlexPace earned 250 total points
ID: 39832812
The connection and user authentication happens on the port 21 control channel.  

To get a directory listing, the client sends the LIST verb on the control channel but then actually receives the listing on a data channel connection that is negotiated on an as needed basis by sending either the PORT or PASV command.

The PORT command is sent when the client wants an Active Mode data channel and obviously PASV for Passive Mode.

In Active Mode, your network security must be configured to allow the server to initiate an inbound connection back to the client machine.  If your client machine has a private address, for example in the 10.x.x.x or 192.168.x.x ranges, then your client either needs to send a public address or your firewall will need to snoop the control channel and replace the private address with a public address on the fly...  This used to be a high-end feature but these days consumer-grade NAT routers can do it.

In Passive Mode, your network security must be configured to allow your client machine to make an outbound connection to any port in the server's passive port range.  You don't know what port it will be until the server responds to the client's PASV request.

For either mode, the IP address and port number are represented as a set of six comma-separated numbers.  The first four numbers is the IP address.  The last 2 numbers represent the port number.  Sometimes you need to calculate the exact port for troubleshooting purposes... to do that multiply the 5th number by 256 and then add the value of the 6th number.  It will be a number higher than 1024 and less than 65536.  The administrator of the remote FTP server should be able to tell you their passive port range so you don't have to guess when you make your pinhole in the firewall.

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
what is the performance monitor? How can we use it? 3 82
AD user acount change history 4 75
User wants to log with Username or Email 4 84
SSIS Paramater on start 2 25
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question