Dear all,
We have recently deployed a new clearOS installation ver 6.3. The problem we are having is that when we try to connect now to an external FTP server from a FTP client within the network, we keep getting the following error :
ECONNABORTED - connection aborted
Failed to retrieve directory Listing.
Concerning the program we are using for the connection we are using Filezilla, but we have also tried other FTP clients we found with exactly the same results in all of them
After a lot of research I did, I found out that the FTP protocol requires 2 ports to operate, one for data (in our case port 21) and a second one for command, which is random every time you attempt to connect to the FTP Server ( we can only connect through PASSIVE mode on the FTP server). With our previous firewall installation we did not have this problem, and I am wondering if there is anything we can do to find a solution to this problem.
Is there any way to "trust" the second random port ????
ANY help would be greatly appreciated !!!!!!
Thanks in advance
We have recently deployed a new clearOS installation ver 6.3. The problem we are having is that when we try to connect now to an external FTP server from a FTP client within the network, we keep getting the following error :
ECONNABORTED - connection aborted
Failed to retrieve directory Listing.
Concerning the program we are using for the connection we are using Filezilla, but we have also tried other FTP clients we found with exactly the same results in all of them
After a lot of research I did, I found out that the FTP protocol requires 2 ports to operate, one for data (in our case port 21) and a second one for command, which is random every time you attempt to connect to the FTP Server ( we can only connect through PASSIVE mode on the FTP server). With our previous firewall installation we did not have this problem, and I am wondering if there is anything we can do to find a solution to this problem.
Is there any way to "trust" the second random port ????
ANY help would be greatly appreciated !!!!!!
Thanks in advance
In Firewall
Share this post:
Responses (10)
-
Accepted Answer
Hi Everyone,
I have same scenario as given in previous diagram except of diff VLan,
but when i have been trying to access FTP link which is on WAN (On cloud). by client pc (host machine)
i have open ports 20,21 in incoming firewall.
Accessing by web browser like:. ftp://198.X.X.X
but i am facing following error on Google Chrome and internet Explorer . attached in snapshot.
Well its working in mozilla firefox.
Any body suggest what to do ???
:.
Marco Malán
For all followers of my question, I've found the solution of my issue, with this to rules on my custom rules of firewall.
iptables -A FORWARD -p tcp -s 192.168.11.0/24 --dport 65000:65100 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.11.0/24 --dport 20:21 -j ACCEPT
:. I would like to know why Marco Malan used 192.168.11.0/24 ip pool ?? because his diagram was showing 192.186.13.x network pool ....... of host network ! ..........?????
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
FTP requires two channels to be established during a connection, depending on whether the server you are connecting to is in active or passive mode. If its the latter you'll need to open a high port range, and forward it to your 'myhost' machine.
I bet the return data connection is failing...you need the output from a proper FTP client to determine where it's failing. Please post a log from Filezilla or similar
Also I recommend you read this
http://slacksite.com/other/ftp.html
http://fetchsoftworks.com/fetch/help/Contents/Concepts/ActiveAndPassive.html -
Accepted Answer
Hello EveryOne
I've similar issue, but my escenary is like this:
I can't acces to a FTP server hosted on the web from my host. The configurations used are:
[ul]ClearOS 5.2 is in GatewayMode
Incoming and outgoing rule for ports 20 and 21
route to 198.186.13.x
Protocol Filter is off[/ul]
Please, anyone can give any ide to solve this issue? -
Accepted Answer
To follow up on this post - disabling protocol filtering appears to cure it as noted here
http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,45812/#47298 -
Accepted Answer
Thanks for your reply Tim. The clearOS Box is setup in gateway mode, with transparent proxy, gw av, protocol filtering etc, and the output of lsmod | grep ftp is :
nf_nat_ftp 2602 0
nf_conntrack_ftp 10475 1 nf_nat_ftp
nf_nat 18765 8 ipt_REDIRECT,nf_nat_h323,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_ftp,ipt_MASQUERADE,iptable_nat
nf_conntrack 65524 15 nf_conntrack_netlink,xt_state,nf_nat_h323,nf_conntrack_h323,nf_nat_pptp,nf_nat_irc,nf_nat_ftp,ipt_MASQUERADE,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_irc,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4 -
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »