Proftpd Active / Passive error



  • Hello. First of all I am not sure if this is the right place to ask this question, feel free to move it.

    I have a problem concerning Proftpd (Ubuntu).

    Recently I've been the only one who have used the ftp, and that is local. The other day a friend tried to connect to the server, and he got this message:

    Status:	Connected
    Status:	Retrieving directory listing...
    Response:	257 "/" is the current directory
    Command:	PASV
    Response:	227 Entering Passive Mode (1xx,1xx,1xx,1xx,194,144).
    Command:	MLSD
    Error:	Connection timed out after 20 seconds of inactivity
    Error:	Failed to retrieve directory listing
    

    I looked through the proftpd.conf and found these lines:

    #PassivePorts                  49152 65534
    #MasqueradeAddress              domain.org
    

    I unchecked both lines, and opened the port-range 49152-65534.
    Now he could connect flawless, however, now I got the same problem as he did. What am I doing wrong here?



  • If it works for him it should work for you.  You have more than enough passive ports defined to handle a lot of concurrent FTP users.  Anything in the firewall log?  What FTP client are you using?


  • Rebel Alliance Global Moderator

    So you unchecked this
    #MasqueradeAddress              domain.org

    Did you change it to your public IP vs domain.org?

    When you say your having the problem - when you connect from the same local network?

    Working with ftp you should understand the connection type active or passive, etc.
    Great link
    http://slacksite.com/other/ftp.html

    If your telling your ftp server hey use this IP when people connect via passive for the IP they should connect too vs its actual local private IP and your local it your going to hit that public and need to be reflected back in.

    So let outside users connect via passive and you connect via active so the ftp server makes the connection back to your local client via your local IP.  Vs you connecting to it via passive.



  • @KOM:

    If it works for him it should work for you.  You have more than enough passive ports defined to handle a lot of concurrent FTP users.  Anything in the firewall log?  What FTP client are you using?

    We are both using Filezilla. As I said, when I # the lines, I can connect, but when I uncheck the lines, I can't.

    @johnpoz:

    So you unchecked this
    #MasqueradeAddress              domain.org

    Did you change it to your public IP vs domain.org?

    When you say your having the problem - when you connect from the same local network?

    Working with ftp you should understand the connection type active or passive, etc.
    Great link
    http://slacksite.com/other/ftp.html

    If your telling your ftp server hey use this IP when people connect via passive for the IP they should connect too vs its actual local private IP and your local it your going to hit that public and need to be reflected back in.

    So let outside users connect via passive and you connect via active so the ftp server makes the connection back to your local client via your local IP.  Vs you connecting to it via passive.

    Wow, great explanation.  Where domain.org is, I use my "public domain" or whatever you call it.
    Yes, I am at the same local network as the ftp server.

    So, if I understand what you are saying, I am trying to connect to the server via the domain, not directly?

    What should I do with the config / client?



  • Oh, I thought you were testing externally like your friend.  If you're on the same network then you can't access it using it's public name or IP unless you have NAT Reflection enabled, or are using internal DNS that resolves the host to its LAN IP address.