• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

FTP issues... help?

Homerboy

Homerboy

Lifer
When I try to log into one of my friends FTPs (actual 2 different friends) I can log in, but it does NOT list dirs. The FTPs on their ends are also on internal IPs (192.168.0.X) (not port 21)

I currently use a NetGear 431RT router to share my DSL connection at home. On one of my internal machines (192.168.0.3) I run a FTP server, and it is setup in the "DMZ". My friends can log into my FTP without any problems...

I can NOT figure this one out... Why can I NOt get a list on their dir? If I log into a FTP that has its own external IP (routable IP) I have no problems at all. Its just these internal to internal connections that simply don't list for me.

I mainly use FlashFXP as my FTP client.



 
Passive versus active FTP. Typical to NATed systems.

Make your FTP client use "Passive FTP" or somehing similar...
 
Also check to see if there is an FTP fixup option on your router (like on Cisco PIXs).

See if port 20 (ftp-data) is opened.
netstat -a should give you a quick answer.

Try using a command line ftp client as well.
ls -la
Sometypes of hidden directories will not show up unless you
do the minus a.
 
Are you trying to connect to your external ip or your internal ip. If you try to connect to your external ip, your router will probably block it. I never could explain the EXACT reason why, but I couldn't connect to my external domain name from my network so I just edited all my hosts files in Windows to accept my domain name... Try to connect to your computer's ip address and not the address of your router.....
 
Greets All:

Homerboy and I have been working on this on another forum.. let me see if I can add more info.

So far if anyone logs into my ftp server from behind a firewall, they will not get a directory listing, unless I DMZ (remove the IP from the firewall basically) the ftp server ip. Everyone that is not behind a firewall logs into my FTP with no problems what so ever.

I am behind a Linksys 1-port Router, which is uplinked to a HUB, whos ports are being used by two machines. One is the FTP Server machine.
I have port-forwarding enabled, and it obviously works... everyone at least logs into the ftp server, just those behind a firewall of their own do not get a directory listing.

Tried having the firewall users use PASV and this IP Masq/NAT/Ip Not-Routeable options, no luck. I have disabled 'Block WAN Request', did not fix problem.

Tried enableing IPSec Pass Through and PPTP Pass Through (I don't know what they do, but they didn't fix the problem either).

Only thing I haven't been able to play with is the 'Static Routing' option ... I tried once, but obviously did not configure the setup correctly because the values I loaded were not put in the table.

This is not a problem with just one FTP Client, or FTP Server App -- tried 3 server apps, and 4 clients.

Hopefully this gives someone enough information to see the problem, it is driving us nuts 🙂

Thank you,

 
You didn't answer about port 20 (ftp-data). FTP uses 2 Ports. 20 is for DATA like directory listings. That seems to be the one everyone always forgets to open up on firewalls.
 
I was just going to ask the same thing as barebottoms. Make sure you're opening up port 20 (ftp-data) as well.
 
I'm having almost the exact same problem with my setup using a netgear 311.
But i'm trying to use a nonstandard port (666 :Q) so do I still need to open up port 20?
or would I use 665?
 
I opened port 20, still did not work -- here is what my server logs if that helps: (i have censored out login/realname/ip)

(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > logged in.
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > 230 User xxxxxxx logged in.
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > REST 1
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > 350 REST supported. Ready to resume at byte offset 1.
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > REST 0
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > 350 REST supported. Ready to resume at byte offset 0.
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > SYST
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > 215 UNIX Type: L8
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > PWD
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > 257 "/" is current directory.
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > PORT 192,168,1,100,4,41
(000003) 9/21/00 7:29:09 PM - Joe Bob (xxx.xxx.xxx.xxx) > 200 Port command successful.
(000003) 9/21/00 7:29:10 PM - Joe Bob (xxx.xxx.xxx.xxx) > TYPE A
(000003) 9/21/00 7:29:10 PM - Joe Bob (xxx.xxx.xxx.xxx) > 200 Type set to A.
(000003) 9/21/00 7:29:10 PM - Joe Bob (xxx.xxx.xxx.xxx) > LIST
(000003) 9/21/00 7:29:10 PM - Joe Bob (xxx.xxx.xxx.xxx) > 150 Opening data connection for directory list.
(000003) 9/21/00 7:29:11 PM - Joe Bob (xxx.xxx.xxx.xxx) > 426 Cannot retrieve.
(000003) 9/21/00 7:29:31 PM - Joe Bob (xxx.xxx.xxx.xxx) > disconnected. (00:00:22)


as for PASV mode:

(000008) 9/21/00 11:05:23 PM - Joe Bob (xxx.xxx.xxx.xxx) > PASV
(000008) 9/21/00 11:05:23 PM - Joe Bob (xxx.xxx.xxx.xxx) > 227 Entering Passive Mode (192,168,1,100,7,248).
(000008) 9/21/00 11:05:23 PM - Joe Bob (xxx.xxx.xxx.xxx) > TYPE A
(000008) 9/21/00 11:05:23 PM - Joe Bob (xxx.xxx.xxx.xxx) > 200 Type set to A.
(000008) 9/21/00 11:05:23 PM - Joe Bob (xxx.xxx.xxx.xxx) > LIST
(000008) 9/21/00 11:05:23 PM - Joe Bob (xxx.xxx.xxx.xxx) > 150 Opening data connection for directory list.
(000008) 9/21/00 11:05:24 PM - Joe Bob (xxx.xxx.xxx.xxx) > 426 Cannot retrieve.Aborting.
(000008) 9/21/00 11:05:24 PM - Joe Bob (xxx.xxx.xxx.xxx) > disconnected. (00:00:02)

When using passive Joe Bob reports a 'socket error' when LIST is sent.

Joe Bob is behind a Linksys 4-port Router.

Joe Bob logging in from a UNIX Shell outside his firewall:

(000011) 9/21/00 11:15:25 PM - Joe Bob (xxx.xxx.xxx.xxx) > logged in.
(000011) 9/21/00 11:15:25 PM - Joe Bob (xxx.xxx.xxx.xxx) > 230 User xxxxxxx logged in.
(000011) 9/21/00 11:15:26 PM - Joe Bob (xxx.xxx.xxx.xxx) > SYST
(000011) 9/21/00 11:15:26 PM - Joe Bob (xxx.xxx.xxx.xxx) > 215 UNIX Type: L8
(000011) 9/21/00 11:15:29 PM - Joe Bob (xxx.xxx.xxx.xxx) > PORT ***,***,***,***,58,206 - blocked his ip.
(000011) 9/21/00 11:15:29 PM - Joe Bob (xxx.xxx.xxx.xxx) > 200 Port command successful.
(000011) 9/21/00 11:15:29 PM - Joe Bob (xxx.xxx.xxx.xxx) > LIST
(000011) 9/21/00 11:15:29 PM - Joe Bob (xxx.xxx.xxx.xxx) > 150 Opening data connection for directory list.
(000011) 9/21/00 11:15:29 PM - Joe Bob (xxx.xxx.xxx.xxx) > 226 File sent ok.
(000011) 9/21/00 11:16:43 PM - Joe Bob (xxx.xxx.xxx.xxx) > PORT ***,***,***,***,58,207 - I blocked my friends IP, but it was his not mine.
(000011) 9/21/00 11:16:43 PM - Joe Bob (xxx.xxx.xxx.xxx) > 200 Port command successful.
(000011) 9/21/00 11:16:43 PM - Joe Bob (xxx.xxx.xxx.xxx) > LIST
(000011) 9/21/00 11:16:43 PM - Joe Bob (xxx.xxx.xxx.xxx) > 150 Opening data connection for directory list.
(000011) 9/21/00 11:16:43 PM - Joe Bob (xxx.xxx.xxx.xxx) > 226 File sent ok.


So we have figured it out we think -- the FTP server is using my internal IP (192.168.1.100) as the joining parties IP -- but when the unix machine logs in (or a machine not behind a firewall) PORT reads the joiners IP as in example of UNIX machine.

So we just need to figure out how to make the FTP Server get the correct IP from the users behind firewalls? --- Thoughts? 🙂


Thanks for all you help, please keep the ideas coming!
 
I have recently tried using about 10+ FTP Servers, and they all do the same thing. So I do not think it is the FTP Server software.

Thanks again
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top