Cannot connect via FTP
-
Hi all,
I have configured pfSense (2.3.4) on a MiniPC and installed OpenVPN to connect to my VPN provider. All is working great except I cannot FTP to one FTP Server. Others are fine. I'm using CuteFTP Pro as the client and below are the logs of one that connects and one that does not.
*** CuteFTP 9.0 - build Nov 9 2012 *** STATUS:> [5/10/2017 10:02:44 AM] Getting listing "downloads"... STATUS:> [5/10/2017 10:02:44 AM] Connecting to FTP server... 5.79.98.171:21 (ip = 5.79.98.171)... STATUS:> [5/10/2017 10:02:45 AM] Socket connected. Waiting for welcome message... [5/10/2017 10:02:45 AM] 220 ProFTPD 1.3.5rc3 Server (Debian) [::ffff:5.79.98.171] STATUS:> [5/10/2017 10:02:45 AM] Connected. Authenticating... COMMAND:> [5/10/2017 10:02:45 AM] USER dp [5/10/2017 10:02:45 AM] 331 Password required for dp COMMAND:> [5/10/2017 10:02:45 AM] PASS ***** [5/10/2017 10:02:45 AM] 230 User dp logged in STATUS:> [5/10/2017 10:02:45 AM] Login successful. COMMAND:> [5/10/2017 10:02:45 AM] SYST [5/10/2017 10:02:46 AM] 215 UNIX Type: L8 STATUS:> [5/10/2017 10:02:46 AM] Host type detected: Unix. COMMAND:> [5/10/2017 10:02:46 AM] PWD [5/10/2017 10:02:46 AM] 257 "/" is the current directory STATUS:> [5/10/2017 10:02:46 AM] Home directory: / COMMAND:> [5/10/2017 10:02:46 AM] FEAT [5/10/2017 10:02:46 AM] Informational Message Only: 211-Features: CCC SITE MKDIR PBSZ AUTH TLS REST STREAM UTF8 EPRT SITE SYMLINK EPSV SITE UTIME MDTM SITE RMDIR SITE COPY SIZE PROT LANG en-US.UTF-8;en-US* 211 End STATUS:> [5/10/2017 10:02:46 AM] This site supports features. STATUS:> [5/10/2017 10:02:46 AM] This site supports SIZE. STATUS:> [5/10/2017 10:02:46 AM] This site supports UTF-8. STATUS:> [5/10/2017 10:02:46 AM] This site supports LANG. COMMAND:> [5/10/2017 10:02:46 AM] OPTS UTF8 on [5/10/2017 10:02:47 AM] 200 UTF8 set to on STATUS:> [5/10/2017 10:02:47 AM] This site can resume broken downloads. COMMAND:> [5/10/2017 10:02:47 AM] REST 0 [5/10/2017 10:02:47 AM] 350 Restarting at 0\. Send STORE or RETRIEVE to initiate transfer COMMAND:> [5/10/2017 10:02:47 AM] CWD /downloads [5/10/2017 10:02:47 AM] 250 CWD command successful STATUS:> [5/10/2017 10:02:47 AM] PWD skipped. Current folder: "/downloads". COMMAND:> [5/10/2017 10:02:47 AM] PASV [5/10/2017 10:02:47 AM] 227 Entering Passive Mode (5,79,98,171,223,237). COMMAND:> [5/10/2017 10:02:47 AM] LIST STATUS:> [5/10/2017 10:02:47 AM] Connecting FTP data socket... 5.79.98.171:57325... [5/10/2017 10:02:48 AM] 150 Opening ASCII mode data connection for file list [5/10/2017 10:02:49 AM] 226 Transfer complete STATUS:> [5/10/2017 10:02:49 AM] Directory listing completed.
*** CuteFTP 9.0 - build Nov 9 2012 *** STATUS:> [5/10/2017 10:04:20 AM] Getting listing ""... STATUS:> [5/10/2017 10:04:20 AM] Resolving host name ftp.thebriars.net.au... STATUS:> [5/10/2017 10:04:20 AM] Host name ftp.thebriars.net.au resolved: ip = 110.232.140.75. STATUS:> [5/10/2017 10:04:20 AM] Connecting to FTP server... ftp.thebriars.net.au:21 (ip = 110.232.140.75)... STATUS:> [5/10/2017 10:04:20 AM] Socket connected. Waiting for welcome message... [5/10/2017 10:04:20 AM] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 2 of 50 allowed. 220-Local time is now 09:04\. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. STATUS:> [5/10/2017 10:04:20 AM] Connected. Authenticating... COMMAND:> [5/10/2017 10:04:20 AM] USER thebriar [5/10/2017 10:04:20 AM] 331 User thebriar OK. Password required COMMAND:> [5/10/2017 10:04:20 AM] PASS ***** [5/10/2017 10:04:20 AM] 230 OK. Current restricted directory is / STATUS:> [5/10/2017 10:04:20 AM] Login successful. COMMAND:> [5/10/2017 10:04:20 AM] SYST [5/10/2017 10:04:20 AM] 215 UNIX Type: L8 STATUS:> [5/10/2017 10:04:20 AM] Host type detected: Unix. COMMAND:> [5/10/2017 10:04:20 AM] PWD [5/10/2017 10:04:20 AM] 257 "/" is your current location STATUS:> [5/10/2017 10:04:20 AM] Home directory: / COMMAND:> [5/10/2017 10:04:20 AM] FEAT [5/10/2017 10:04:20 AM] Informational Message Only: 211-Extensions supported: EPRT IDLE MDTM SIZE MFMT REST STREAM MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; MLSD AUTH TLS PBSZ PROT UTF8 TVFS ESTA PASV EPSV SPSV ESTP 211 End. STATUS:> [5/10/2017 10:04:20 AM] This site supports features. STATUS:> [5/10/2017 10:04:20 AM] This site supports SIZE. STATUS:> [5/10/2017 10:04:20 AM] This site supports UTF-8. STATUS:> [5/10/2017 10:04:20 AM] Setting up character encoding. COMMAND:> [5/10/2017 10:04:20 AM] OPTS UTF8 on [5/10/2017 10:04:20 AM] 200 OK, UTF-8 enabled STATUS:> [5/10/2017 10:04:20 AM] Using UTF-8. STATUS:> [5/10/2017 10:04:20 AM] This site can resume broken downloads. COMMAND:> [5/10/2017 10:04:20 AM] REST 0 [5/10/2017 10:04:20 AM] 350 Restarting at 0 COMMAND:> [5/10/2017 10:04:20 AM] PASV [5/10/2017 10:04:20 AM] 227 Entering Passive Mode (110,232,140,75,203,179) COMMAND:> [5/10/2017 10:04:20 AM] LIST STATUS:> [5/10/2017 10:04:20 AM] Connecting FTP data socket... 110.232.140.75:52147... ERROR:> [5/10/2017 10:05:21 AM] Timeout (60000 ms) occurred on receiving server response.
Can someone please let me know how I can fix this.
TIA
Greg
-
STATUS:> [5/10/2017 10:04:20 AM] Connecting FTP data socket… 110.232.140.75:52147...
Nothing much for your firewall to do there. Looks like they are not responding to the PASV request.
The connection is being made exactly where instructed to:
[5/10/2017 10:04:20 AM] 227 Entering Passive Mode (110,232,140,75,203,179)
110.232.140.75:52147 (203*256+179=52147)
They are not responding. Perhaps that passive FTP server is misconfigured as to what ports are forwarded to it.
-
Oh, one thing I should of mentioned, sorry.
I can connect the this problem site via FTP in Passive Mode if I disable OpenVPN.
-
Don't know what to tell you. Maybe they are blocking those connections from your OpenVPN provider? Maybe your routing the FTP connection out the VPN provider but not the passive connection? Maybe your VPN provider is filtering it?
Connect, start a transfer, start a LIST, then quickly look at Diagnostics > States and filter on the server IP address and see what's there. -
Tired your suggestion and got this:-
https://i.imgur.com/qa6gTkW.jpg
110.232.140.75:21 is the destination
192.168.10.13 is my PC LAN IP
10.10.127.34 is the OvenVPN IP.Thanks for your assistance it is greatly appreciated.
-
You have a bunch of NAT that shouldn't be happening. Did you enable the ftp client proxy or something?
That won't help with passive - only active. And active data is never, ever going to be forwarded back from your VPN provider anyway.
If you enabled the proxy, disable it and try again and post the same thing.
-
You have a bunch of NAT that shouldn't be happening. Did you enable the ftp client proxy or something?
That won't help with passive - only active. And active data is never, ever going to be forwarded back from your VPN provider anyway.
If you enabled the proxy, disable it and try again and post the same thing.
Sorry, FTP Client Proxy was enabled. Have disabled it and repeated the test.
https://i.imgur.com/DG1x32T.jpg
-
Looks perfect. There is no reason there it should not be working. It looks to be something at or upstream of the OpenVPN provider.
-
Looks perfect. There is no reason there it should not be working. It looks to be something at or upstream of the OpenVPN provider.
Thanks, I imagine you mean VPN Provider and not OpenVPN Provider. Looks like it's off to my VPN Provider. It is strange that I can connect with some FTP Servers and not others. Makes me think it's not the VPN Provider.
Thanks again.
-
I have no idea what VPN you have. The one on OPT1.