No chance get into FTP

intika

New member
Joined
May 6, 2020
Messages
5
Greetings,

Second day when I'm trying to solve FTP connection issue. Tried almost everything, google it a lot, but still didn't helped any tutorials and suggestions.
Trouble is - set up all ports (probably) right, connecting to ftp, just getting stuck on "Failed to retrieve directory", and it stuck on directory "/" and shows nothing else.
Also, enabled "Active" mode on FileZilla, but strange thing either - when I'm connecting on LAN network (in example 192.168.x.x, ftplogin@domain.com, password) - connecting successfully, but when I'm outside of LAN network - can't reach FTP through domain and same logins (with external IP either).

Filezilla log:


Code:
Status:    Resolving address of domain.com
Status:    Connecting to 5.20.64.129:21...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Error:    Server sent unsorted certificate chain in violation of the TLS specifications
Status:    Verifying certificate...
Status:    TLS connection established.
Command:    USER ftpuser@domain.com
Response:    331 User ftpuser@domain.com OK. Password required
Command:    PASS *********
Response:    230-This server supports FXP transfers
Response:    230 OK. Current restricted directory is /
Command:    SYST
Response:    215 UNIX Type: L8
Command:    FEAT
Response:    211-Extensions supported:
Response:     UTF8
Response:     EPRT
Response:     IDLE
Response:     MDTM
Response:     SIZE
Response:     MFMT
Response:     REST STREAM
Response:     MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:     MLSD
Response:     PRET
Response:     AUTH TLS
Response:     PBSZ
Response:     PROT
Response:     TVFS
Response:     ESTA
Response:     PASV
Response:     EPSV
Response:     SPSV
Response:     ESTP
Response:    211 End.
Command:    OPTS UTF8 ON
Response:    504 Unknown command
Command:    PBSZ 0
Response:    200 PBSZ=0
Command:    PROT P
Response:    200 Data protection level set to "private"
Status:    Logged in
Status:    Retrieving directory listing...
Command:    PWD
Response:    257 "/" is your current location
Command:    TYPE I
Response:    200 TYPE is now 8-bit binary
Command:    PORT 192,168,0,107,148,73
Response:    200-FXP transfer: from 78.60.28.239 to 192.168.0.107
Response:    200 PORT command successful
Command:    MLSD
Response:    425 Could not open data connection to port 37961: Connection refused
Error:    Failed to retrieve directory listing
I'm just not sure why getting transfer "Response: 200-FXP transfer: from 78.60.28.239 to 192.168.0.107", is something wrong with DA config, or server?
Also, when I'm trying to connect SFTP with server admin account - getting connected properly and successfully, but what's related with DA created FTP accounts - can't get into it. Any ideas why?
Server OS - Centos 7
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,306
Location
Murfreesboro
how old is the server and did you check DNS? Does it resolve out?

if you go to intodns
put in ftp.yourdomain.com
does it resolve?

Are you really connecting from a 192.xxx?
if so those are usually blocked as unroutable since they are Private subnets.

go to google and search "whats my IP". that should show your public ip
 
Last edited:

intika

New member
Joined
May 6, 2020
Messages
5
how old is the server and did you check DNS? Does it resolve out?

if you go to intodns
put in ftp.yourdomain.com
does it resolve?

Are you really connecting from a 192.xxx?
if so those are usually blocked as unroutable since they are Private subnets.

go to google and search "whats my IP". that should show your public ip
Thanks for reply, what do you mean saying check DNS? Actually when I've installed DA into my server I've put in hostname - public IP, and DNS records goes with ns1.part.of.public.ip (same and ns2.), so maybe there's the problem?
Also, when I'm connecting from 192.168. (from local network) - all good, connecting successfully, but when I'm trying to connect from home - getting that issue (Failed to retrieve directory listing)
P.S. DA is few days old (recently installed)
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,306
Location
Murfreesboro
Thanks for reply, what do you mean saying check DNS? Actually when I've installed DA into my server I've put in hostname - public IP, and DNS records goes with ns1.part.of.public.ip (same and ns2.), so maybe there's the problem?
Also, when I'm connecting from 192.168. (from local network) - all good, connecting successfully, but when I'm trying to connect from home - getting that issue (Failed to retrieve directory listing)
P.S. DA is few days old (recently installed)
Did you set up DA on a public internet based server? Like at a Datacenter or is this server set up at your home or some private network? I can’t tell from your comments. Does everything other than ftp work?
 

intika

New member
Joined
May 6, 2020
Messages
5
Did you set up DA on a public internet based server? Like at a Datacenter or is this server set up at your home or some private network? I can’t tell from your comments. Does everything other than ftp work?
On DA license there's a public IP, when installed DA - installed on LAN, but on router configured all port forwardings and etc to required ports (80,22,21,2222,25 and etc.) and installed correctly. Everything is working, including mysql, php and etc. Now installed Wordpress website, everything works nicely. Thing is - I can't see my website (which is in server) from local network (via lan), but I can on other (except local) network, but that's different topic maybe, thing is - can't reach my FTP server with account created on DA.
Also, when I tried to SFTP connect into server using admin account (not root) credentials - logged in successfully, so probably something mismatched on DA at my side
P.S. Server installed at my office which has internet connection (ethernet), cable goes to router, and one cable goes to server rj45 jack hole from router port, and port configured for server, which could be reached for public.
 
Last edited:

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,287
Location
Maastricht
Could not open data connection to port 37961: Connection refused
Sounds to me like as passive FTP issue.
Normally on DA ports 35000-35999 are opened for passive ftp. This is port 37961 refusing connection, not sure if that is your local port or DA port.
Anyway, you have to be sure that the passive ports configured are open in the firewalls incoming and outgoing.

Don't forget to open port 20 on your server too if not opened yet as this is the ftp data port.
 

toml

Verified User
Joined
Oct 3, 2003
Messages
1,204
Location
Scottsdale, AZ
FTP is an odd protocol and it looks like you are attempting to do it over NAT. FTP uses two completely different connections, one is the control connection (on port 21) and the other connection is where it gets tricky. When the FTP client says to use active mode, the FTP client sends to the server the client IP address followed by a specified port and the server will connect to that address:port to send data (directory listings or transfer data). In passive mode the server sends the server IP address and a port number and waits for the client to connect to that port. When you have NAT in between, your router needs to know about FTP so that it can intercept the command that states the IP address/port number, replace the IP address with the NAT'd address and then forward the specified port. In your case the server is on a non-routable IP address, so your client was told that the port to connect to is 192.168.0.107 port 37961. Obviously that won't work since your server is behind a router and it really needed to have the external IP address instead of the local NAT'd IP address. BTW, sftp works because all communications is over a single port and no need to create a second connection. Click here to see a better explanation of your issue.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,306
Location
Murfreesboro
Sounds to me like as passive FTP issue.
Normally on DA ports 35000-35999 are opened for passive ftp. This is port 37961 refusing connection, not sure if that is your local port or DA port.
Anyway, you have to be sure that the passive ports configured are open in the firewalls incoming and outgoing.

Don't forget to open port 20 on your server too if not opened yet as this is the ftp data port.
Beat me to it..
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
1,306
Location
Murfreesboro
FTP is an odd protocol and it looks like you are attempting to do it over NAT. FTP uses two completely different connections, one is the control connection (on port 21) and the other connection is where it gets tricky. When the FTP client says to use active mode, the FTP client sends to the server the client IP address followed by a specified port and the server will connect to that address:port to send data (directory listings or transfer data). In passive mode the server sends the server IP address and a port number and waits for the client to connect to that port. When you have NAT in between, your router needs to know about FTP so that it can intercept the command that states the IP address/port number, replace the IP address with the NAT'd address and then forward the specified port. In your case the server is on a non-routable IP address, so your client was told that the port to connect to is 192.168.0.107 port 37961. Obviously that won't work since your server is behind a router and it really needed to have the external IP address instead of the local NAT'd IP address. BTW, sftp works because all communications is over a single port and no need to create a second connection. Click here to see a better explanation of your issue.
Yep this to
 

intika

New member
Joined
May 6, 2020
Messages
5
Thank you fellas for replies, appreciate!
So in conclusion, as long as my server will run through router, there isn't any chance to make that FTP connection to work properly, right?
 

intika

New member
Joined
May 6, 2020
Messages
5
Thank you all for your time and comments! Solved it. I made all port forwarding (20,21 and etc.) but didn’t set up port triggering to 35000-35999, now works all good.
Thank you, appreciate! ❤
 
Top