ftp question...

[gballard]

I set up an ftp server on one of my machines yesterday and was able to ftp to it from my machine connecting to its dynamic dns name as well as from my shell account. I tried from work today and get this...

Status: Connecting to bleh.servepics.com...
Status: Connected with bleh.servepics.com. Waiting for welcome message...
Response: 220 Welcome to my ftp server....play nice or you will get kicked...
Command: USER bleh
Response: 331 Password required for bleh
Command: PASS *******
Response: 230 Logged on
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: PORT x,x,x,x,x,xxx
Response: 200 Port command successful
Command: TYPE A
Response: 200 Type set to A
Command: LIST
Response: 150 Opening data channel for directory list.
Response: 425 Can't open data connection.
Error: Could not retrieve directory listing

After getting this...I logged into my shell account and was able to get right into it and navigate around and so forth. I tried different modes on my ftp client here but still no go...any ideas?
Some names and IP addresses were changed for security sake.

 

[LeeJend]

Guessing here but when we (gaming clan) have this problem it is usually with access priveleges for the hard disk. When you log in from work you are on a different domain/work group/etc.

You would have to set the shared folder permissions to all and depend on the ftp to provide security.

 

[Enyo]

Enable Passive Mode on your client and retry.

 

[gballard]

I am fairly sure its not a priveleges problem....since I am not using the FTP service in IIS. I am using FileZilla Server. I am fairly sure that would be an issue using the FTP service in IIS since it relies on username and group membership as it relates to the local computer or domain.

 

[gballard]

i did enable passive mode on the client...I tried every mode there was and still got the same thing...just puzzles me why it works fine using a unix command line ftp client.

 

[LeeJend]

You have to have the file access privileges set ON on the Hard Disk.

Xp only allows access to files by the person who owns the account that created them (and someone logged in with admin priveleges).

You are not logging into XP when using the FTP you are bypassing it so the files have to be opened up. Right click the folder - properties - sharing - check share this folder on the network.

 

[gballard]

I have to disagree with you on that....I can ftp into my server from my unix shell account and I can get in with no problems...so its not a file access problem...I have done some reading and I think I to forward port 20 as well.

 

[Zedric]

No, port 20 isn't needed. This is what you need:

- Forward 21 (you did this apparently)
- Forward a passive range (say 20100-20199)
- Set the FTP server to use this range for passive (PASV) and to listen to you external IP (not 192.168.*.*).

That should be it. Just make sure to use passive mode in the client!

 

[gballard]

Well I forwarded port 20 just to see and it still isn't working correctly. I did forward a passive range...I used 10000 thru 10020...to the IP address of the box on my LAN running the ftp server. I did set the ftp server to use this range for PASV and I put my external IP address in there. I also used passive mode on the client and still no go. But like I said...I can ssh to my unix shell account and then ftp to my server and get in and actually get the directory listing and navigate with no problem...this is what is so confusing to me...why does it work with a unix ftp client and not a windows ftp client?

 

[Zedric]

Good question. The shell server is outside the LAN right?

My suggestion should have worked, I use it here. However, you won't be able to connect to the server from inside the network unless you connect to the external IP.

 

[gballard]

Yeah the shell server is outside my LAN. When I am at home...I can ftp to my external IP address and get in fine. But here at work...I am not able to do so. It is certainly frustrating.

 

[Xie]

I think your reason might be your firewall at work. I did a quick search for your error code and it comfirmed it

425 Can't open data connection. Try changing from PASV to PORT mode. Check your firewall settings.

 

[gballard]

hmmm...never thought of that...will get a friend of mine to try from his house and see what happens...will advise the results.

 

[gballard]

my router is a D-Link 614+ and I decided to look on their website for this problem and this is what they had in their knowledge base:

FTP Server
If you are hosting a FTP server behind your router, you will need to open port 20 and 21 on the router to allow traffic from the Internet in.

Step 1 Enter 192.168.0.1 in your browser and press enter. Enter username (admin) and password (blank by default).

Step 2 Click on Advanced and click on Virtual Server.

Step 3 Under the Virtual Servers List, the 1st entry should be:

Virtual Server FTP 0.0.0.0 TCP 21/21 always

Step 4 Click on the Edit button on the right side. The line will turn yellow and the information should fill in at the top.

Step 5 Click Enabled. Next to Private IP, enter the IP address of your computer that your are running the FTP server from (IE 192.168.0.100). Enter any scheduling options (Always).

Step 6 Click Apply and then Continue.

Users from the Internet will need to enter the WAN IP address of the router to get to your FTP server, not the private IP address.

Note: If you are on your LAN and enter the WAN IP address to test your FTP server, it may not work. It is best to have a friend or family member try to connect using the WAN IP address.

If for some reason users can connect but cannot view directories, you may need to open port 20 also. Just create a new entry and enter port 20 (TCP).


--------------------------------------------------------------------------------

 

[Xie]

So did that work?

 

[gballard]

well that is what i did originally...so..I would say their documentation is wrong

 

[Xie]

well it could be that your firewall at work is blocking traffic? And there docs look fine ... they don't take into account that you might be accessing this FTP server that is behind there router from an outside location behind yet another possible firewall setup.

 

[gballard]

their docs say to forward port 20 when I told by a few folks that was not needed...oh well...will work on it when i get home...

 

[Zedric]

Originally posted by gballard
their docs say to forward port 20 when I told by a few folks that was not needed...oh well...will work on it when i get home...

Well it's not. It's what the old FTP protocol used instead of the passive range, before PASV and PORT was introduced. But that not used anymore afaik (I don't, and it works). I thought maybe some firewall at your work was blocking, but since you're running passive that shouldn't be a problem (in the example you gave, you didn't run passive though).

Do you have a software firewall on the FTP server by any chance?

 

[gballard]

yes there is a firewall on the machine with the ftp server...Sygate Personal Firewall...but I can still access the ftp server from my shell which is outside the LAN...so it has to be something about the firewall at work I am guessing....anyone willing to try and log in...lemme know..i have a test account set up...