Seliyan Nallayan
asked on
FTP - Failed to retirve directory listing
I am trying to establish an FTP connection between client and server. I am able to run FTP between the client and server within local network behind NAT router as shown in config A in attached file(FTP config). I have problem establishing the data connection when running the client and server in two different networks as shown in config B.
The error message displayed in the client window and the FileZilla network configuration result is shown in the attached file(ftp problem).
The client is connected through a mobile hotspot and the server is connected to a wifi network.
I have control over the wifi router where I have configured the port forwarding.
FTP-Config.pptx
FTP-problem.PNG
The error message displayed in the client window and the FileZilla network configuration result is shown in the attached file(ftp problem).
The client is connected through a mobile hotspot and the server is connected to a wifi network.
I have control over the wifi router where I have configured the port forwarding.
FTP-Config.pptx
FTP-problem.PNG
ASKER
Currently the client is configured as depicted in your diagram. The setting is attached
Client-setting-window.png
Client-setting-window.png
Problem is simple...
You have no FTP server running on this IP port 21, from an external view.
1) Note: Only thrillseekers run FTP, as anyone can scrape FTP login data off the wire. I've had to deal with this over + over for many projects, over several decades now.
Someone will setup an FTP server, then a user will use the same user/pass for FTP as some business critical system.
Then a few days or sometimes minutes later, some business critical system will be hacked by using the scraped user/pass.
2) Based on your FTP-problem.PNG image you are able to establish a initial connection to your FTP server.
Likely this is because there's some firewall rule allowing your specific IP to connect + the firewall is incorrect.
Suggested fix:
1) Change to using SFTP server or don't ever, ever, ever allow any external connections.
Don't think a firewall ACLing your IP will save you. If the firewall rule ever drops, then you login will be scraped + used in hacks (see above).
Better to setup SFTP + Fail2Ban to block brute force password attacks.
All modern Linux Distros package mysecureshell, which provide a zero config SFTP server.
2) Login to SFTP server machine + camp/watch the logs as you connect with your client.
3) Correlate your client logs + server logs for one SFPT connection, to determine problem.
imac> sudo nmap -F 192.228.184.6
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-15 12:44 CDT
Nmap scan report for broadband.time.net.my (192.228.184.6)
Host is up (0.25s latency).
Not shown: 98 filtered ports
PORT STATE SERVICE
5000/tcp open upnp
5009/tcp open airport-adminYou have no FTP server running on this IP port 21, from an external view.
1) Note: Only thrillseekers run FTP, as anyone can scrape FTP login data off the wire. I've had to deal with this over + over for many projects, over several decades now.
Someone will setup an FTP server, then a user will use the same user/pass for FTP as some business critical system.
Then a few days or sometimes minutes later, some business critical system will be hacked by using the scraped user/pass.
2) Based on your FTP-problem.PNG image you are able to establish a initial connection to your FTP server.
Likely this is because there's some firewall rule allowing your specific IP to connect + the firewall is incorrect.
Suggested fix:
1) Change to using SFTP server or don't ever, ever, ever allow any external connections.
Don't think a firewall ACLing your IP will save you. If the firewall rule ever drops, then you login will be scraped + used in hacks (see above).
Better to setup SFTP + Fail2Ban to block brute force password attacks.
All modern Linux Distros package mysecureshell, which provide a zero config SFTP server.
2) Login to SFTP server machine + camp/watch the logs as you connect with your client.
3) Correlate your client logs + server logs for one SFPT connection, to determine problem.
In configuration B please clarify, are you saying it works through the mobile hotspot but not through your wi-fi?
Appears your ISP IP is 192.228.184.6, what is the LAN IP? If it's 192.168.0.0 change it to 192.168.25.0, FTP can sometimes have an issue when both networks are using the same IP range, for example both using 192.168.0.0.
Appears your ISP IP is 192.228.184.6, what is the LAN IP? If it's 192.168.0.0 change it to 192.168.25.0, FTP can sometimes have an issue when both networks are using the same IP range, for example both using 192.168.0.0.
Did you set the FileZilla server to ensure that it's fetching its public IP address as well?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
When you are going with scenario B, it's possible that you may need to adjust your settings so that your public IP address is properly obtained/used by FileZilla: