FTP - Can connect, but can't get a listing

[mnewman]

I'm here at my Mom's house sharing her internet connection. She's hard wired to the cable-modem and I'm sharing the connection via her internal airport card. Seems to work fine for everything except FTP.

I can successfully connect to my web host's FTP server, but that's it. Any command (ls, for example) simply times out.

Oddly, I was able to SSH into my home machine and do a proper FTP connection, including moving files around, from there.

Why can I connect, but not do anything useful from this shared connection at Mom's house?

[cwtnospam]

FTP uses more than just port 21 so you would need to port forward more ports to get it working, but it isn't secure. Use SSH (Remote Login) and be sure that all account passwords are strong.

[hayne]

You might need to set your Mac to use passive FTP (PASV) in the Proxy section of Network preferences

[mnewman]

Mac is set to use passive FTP. Oddly I can change directories, but can't do a listing:

Quote: 230-User mgnewman has group access to: mgnewman 230 OK. Current restricted directory is / Remote system type is UNIX. Using binary mode to transfer files. ftp> cd public_html 250 OK. Current directory is /public_html ftp> cd tv 250 OK. Current directory is /public_html/tv ftp> ls -a 229 Extended Passive mode OK (|||19536|)

And, there it stalls out.

But, when I SSH to my home machine I can log in, change directories, list files, put and get files, etc.

Very, very odd.

[hayne]

Have you tried 'dir' instead of 'ls' ?
And tried 'ls' without the "-a" ?

[mnewman]

Quote: Originally Posted by hayne Have you tried 'dir' instead of 'ls' ? And tried 'ls' without the "-a" ?

Yep, same result:

Code:

ftp> ls
200 PORT command successful

421 Service not available, remote server timed out. Connection closed

Code:

Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
200 PORT command successful

421 Service not available, remote server timed out. Connection closed

If I use a GUI ftp client (like CyberDuck) I get the same thing. Can connect. Can change directories. Can't do anything else.

So strange....

[WillDog]

Passive mode FTP and a local firewall are very difficult to get working correctly. As cwtnospam posted earlier, just opening port 21 on a firewall isn't sufficient to get FTP working. Run a google search for passive FTP and firewalls, you will get some decent troubleshooting tips.

[mnewman]

I'd accept this except that when I ssh to my home machine I am running passive ftp behind a firewall and it works as expected. All machines running 10.4.8 and configured identically: passive ftp, ports 20 & 21 open on the firewall.

And, why do some ftp command work (cd, for example) and others not (ls, for example)?

Are you trying to say that different ftp commands use different ports? That "cd" uses 21 but "ls" uses something else?

BTW, did the Google search on "passive ftp firewall" and didn't come up with anything helpful.

[trevor]

Here's a helpful link:
Active FTP vs. Passive FTP, a Definitive Explanation

Trevor

[mnewman]

Trevor -

Thank-you. I read that and I think I understand it. But, it still doesn't explain to me why the cd command works but the ls command does not.

Code:

Smooch:~ mnewman$ ftp -d ftp.xxxxxx.com
Connected to ftp.xxxxxxx.com.
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 17:47. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
ftp_login: user `<null>' pass `<null>' host `ftp.xxxxxx.com'
Name (ftp.xxxxxx.com:xxxxxxx): xxxxxxx
---> USER xxxxxxx
331 User xxxxxxx OK. Password required
Password:
---> PASS XXXX
230-User xxxxxxx has group access to:  xxxxxxx
230 OK. Current restricted directory is /
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.

<snip>

---> PWD
257 "/" is your current location
got remotepwd as `/'
ftp> passive
Passive mode: off; fallback to active mode: off.
ftp> passive
Passive mode: on; fallback to active mode: on.
ftp> cd public_html
---> CWD public_html
250 OK. Current directory is /public_html
---> PWD
257 "/public_html" is your current location
got remotepwd as `/public_html'
ftp> cd tv
---> CWD tv
250 OK. Current directory is /public_html/tv
---> PWD
257 "/public_html/tv" is your current location
got remotepwd as `/public_html/tv'
ftp> ls
---> EPSV
229 Extended Passive mode OK (|||40729|)
---> EPRT |1|10.0.2.2|51623|
200 PORT command successful
---> LIST

421 Service not available, remote server timed out. Connection closed
ftp>

Here I am connected to the same server, only after SSHing to my home box and doing ftp from there:

Code:

230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Extended Passive mode OK (|||65245|)
150 Accepted data connection
drwx--x--x   16 32080    mgnewman     4096 Dec 24 15:20 .
drwx--x--x   16 32080    mgnewman     4096 Dec 24 15:20 ..
-rw-r--r--    1 32080    mgnewman       24 Nov 14 19:43 .bash_logout
-rw-r--r--    1 32080    mgnewman      191 Nov 14 19:43 .bash_profile
-rw-r--r--    1 32080    mgnewman      124 Nov 14 19:43 .bashrc
-rw-------    1 32080    mgnewman       17 Aug 11  2005 .contactemail
drwx------    2 32080    mgnewman     4096 Dec 20 00:43 .cpanel-datastore
-rw-------    1 32080    mgnewman     4754 May 25  2005 .cpanel-ducache

[mnewman]

Oddly, if I go to the host machine (the one connected to the cable modem) I can do a proper ftp session.

I can only assume that the problem with the machine sharing the connection is that the OS/X Internet sharing doesn't do NAT properly for the ports necessary for passive FTP.

Any way to fix that?

[guptacp2]

Quote: Originally Posted by mnewman Oddly, if I go to the host machine (the one connected to the cable modem) I can do a proper ftp session. I can only assume that the problem with the machine sharing the connection is that the OS/X Internet sharing doesn't do NAT properly for the ports necessary for passive FTP. Any way to fix that?

I am hosting my website on a server owned by a third party. When I try to upload files through FTP from my home using a dial up onnection, I am able to do it. However, when I try the same from my office, where we are having a 1 mbps leased circiut, I am able to connect to the web server through FTP but can't get the listing of the files. I am also not able to upload or download files. I have tried every possible thing on the router but the problem persists. We are using CISCO 2501 router and web server is running o Linux apache.

[hunzinker]

I am experiencing the same problem. Has anybody figured this out?

Thanks

[JDV]

I think that PASV mode also requires ports 3000-3008 to be open to work properly.

Joe VanZandt

[hunzinker]

I scanned ports 3000-3999 using ShieldsUP and passed their "true stealth analysis."

https://www.grc.com/x/ne.dll?bh0bkyd2

How else can I find out if the ports are open/closed?

[hunzinker]

Also, I have two machines on the same network running 10.4.8 and only one is receiving the error (unable to get listings using "ls" 421 error).

[JDV]

You might have to check the port forwarding on your Mother's router to see if they are open and being forwarded.

Joe VanZandt

[ssiddireddy]

I got into the exact problem and I have fixed it by opening incoming FTP port on the client machine. So the machine where from the connection was made to the FTP server should accept incoming FTP requests for this to work.
Srinivas Siddireddy

[ssiddireddy]

I got into the exact problem and I have fixed it by opening incoming FTP port on the client machine. So the machine where from the connection was made to the FTP server should accept incoming FTP requests for this to work.
Srinivas Siddireddy
Infozeal.com