Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Proftpd Active / Passive error

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rocketdog
      last edited by

      Hello. First of all I am not sure if this is the right place to ask this question, feel free to move it.

      I have a problem concerning Proftpd (Ubuntu).

      Recently I've been the only one who have used the ftp, and that is local. The other day a friend tried to connect to the server, and he got this message:

      Status:	Connected
      Status:	Retrieving directory listing...
      Response:	257 "/" is the current directory
      Command:	PASV
      Response:	227 Entering Passive Mode (1xx,1xx,1xx,1xx,194,144).
      Command:	MLSD
      Error:	Connection timed out after 20 seconds of inactivity
      Error:	Failed to retrieve directory listing
      

      I looked through the proftpd.conf and found these lines:

      #PassivePorts                  49152 65534
      #MasqueradeAddress              domain.org
      

      I unchecked both lines, and opened the port-range 49152-65534.
      Now he could connect flawless, however, now I got the same problem as he did. What am I doing wrong here?

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        If it works for him it should work for you.  You have more than enough passive ports defined to handle a lot of concurrent FTP users.  Anything in the firewall log?  What FTP client are you using?

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          So you unchecked this
          #MasqueradeAddress              domain.org

          Did you change it to your public IP vs domain.org?

          When you say your having the problem - when you connect from the same local network?

          Working with ftp you should understand the connection type active or passive, etc.
          Great link
          http://slacksite.com/other/ftp.html

          If your telling your ftp server hey use this IP when people connect via passive for the IP they should connect too vs its actual local private IP and your local it your going to hit that public and need to be reflected back in.

          So let outside users connect via passive and you connect via active so the ftp server makes the connection back to your local client via your local IP.  Vs you connecting to it via passive.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • R
            rocketdog
            last edited by

            @KOM:

            If it works for him it should work for you.  You have more than enough passive ports defined to handle a lot of concurrent FTP users.  Anything in the firewall log?  What FTP client are you using?

            We are both using Filezilla. As I said, when I # the lines, I can connect, but when I uncheck the lines, I can't.

            @johnpoz:

            So you unchecked this
            #MasqueradeAddress              domain.org

            Did you change it to your public IP vs domain.org?

            When you say your having the problem - when you connect from the same local network?

            Working with ftp you should understand the connection type active or passive, etc.
            Great link
            http://slacksite.com/other/ftp.html

            If your telling your ftp server hey use this IP when people connect via passive for the IP they should connect too vs its actual local private IP and your local it your going to hit that public and need to be reflected back in.

            So let outside users connect via passive and you connect via active so the ftp server makes the connection back to your local client via your local IP.  Vs you connecting to it via passive.

            Wow, great explanation.  Where domain.org is, I use my "public domain" or whatever you call it.
            Yes, I am at the same local network as the ftp server.

            So, if I understand what you are saying, I am trying to connect to the server via the domain, not directly?

            What should I do with the config / client?

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Oh, I thought you were testing externally like your friend.  If you're on the same network then you can't access it using it's public name or IP unless you have NAT Reflection enabled, or are using internal DNS that resolves the host to its LAN IP address.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.