I'm working behind an internet gateway with NAT (Apple AirPort), and I can't connect to my home FTP, which is behind another internet gateway with NAT (Nexland WaveBase). I do have TCP port 21 forwarded to the right LAN IP address for the FTP server. Other people can connect to the FTP server with complete functionality. I've tried using PORT and PASV mode. Everything works fine until it tries to LS the root directory. I can get in with Windows CLI ftp, but it times out when I do an LS there too. Here's the PORT log:
------------------
STATUS:> SPAM SPAM SPAM SPAM[07/11/2002 15:24:15] Getting listing ""...
STATUS:> SPAM SPAM SPAM SPAMResolving host name p14nd4.com...
STATUS:> SPAM SPAM SPAM SPAMHost name p14nd4.com resolved: ip = 24.145.188.247.
STATUS:> SPAM SPAM SPAM SPAMConnecting to ftp server p14nd4.com:21 (ip = 24.145.188.247)...
STATUS:> SPAM SPAM SPAM SPAMSocket connected. Waiting for welcome message...
SPAM SPAM SPAM SPAM SPAM SPAM220-Microsoft FTP Service
SPAM SPAM SPAM SPAM SPAM SPAM220 p14nd4's FTP Server
STATUS:> SPAM SPAM SPAM SPAMConnected. Authenticating...
COMMAND:> SPAM SPAM SPAMUSER anonymous
SPAM SPAM SPAM SPAM SPAM SPAM331 Anonymous access allowed, send identity (e-mail name) as password.
COMMAND:> SPAM SPAM SPAMPASS *****
SPAM SPAM SPAM SPAM SPAM SPAM230-Welcome to p14nd4's FTP server. Please help yourself to whatever you'd like. I would, however, appreciate it if you'd return the favor, and leave some good stuff with me (in the drop box).
SPAM SPAM SPAM SPAM SPAM SPAM230 Anonymous user logged in.
STATUS:> SPAM SPAM SPAM SPAMLogin successful.
COMMAND:> SPAM SPAM SPAMPWD
SPAM SPAM SPAM SPAM SPAM SPAM257 "/" is current directory.
STATUS:> SPAM SPAM SPAM SPAMHome directory: /
COMMAND:> SPAM SPAM SPAMFEAT
SPAM SPAM SPAM SPAM SPAM SPAM500 'FEAT': command not understood
STATUS:> SPAM SPAM SPAM SPAMThis site doesn't support the 'features' command.
COMMAND:> SPAM SPAM SPAMREST 100
SPAM SPAM SPAM SPAM SPAM SPAM350 Restarting at 100.
STATUS:> SPAM SPAM SPAM SPAMThis site can resume broken downloads.
COMMAND:> SPAM SPAM SPAMTYPE A
SPAM SPAM SPAM SPAM SPAM SPAM200 Type set to A.
COMMAND:> SPAM SPAM SPAMREST 0
SPAM SPAM SPAM SPAM SPAM SPAM350 Restarting at 0.
COMMAND:> SPAM SPAM SPAMPORT 10,0,1,2,4,12
SPAM SPAM SPAM SPAM SPAM SPAM200 PORT command successful.
COMMAND:> SPAM SPAM SPAMLIST
SPAM SPAM SPAM SPAM SPAM SPAM150 Opening ASCII mode data connection for /bin/ls.
ERROR:> SPAM SPAM SPAM SPAMTimeout.
ERROR:> SPAM SPAM SPAM SPAMFailed to establish data socket.
-------------------

And here's the PASV log:
-------------------
STATUS:> SPAM SPAM SPAM SPAM[07/11/2002 15:31:13] Getting listing ""...
STATUS:> SPAM SPAM SPAM SPAMResolving host name p14nd4.com...
STATUS:> SPAM SPAM SPAM SPAMHost name p14nd4.com resolved: ip = 24.145.188.247.
STATUS:> SPAM SPAM SPAM SPAMConnecting to ftp server p14nd4.com:21 (ip = 24.145.188.247)...
STATUS:> SPAM SPAM SPAM SPAMSocket connected. Waiting for welcome message...
SPAM SPAM SPAM SPAM SPAM SPAM220-Microsoft FTP Service
SPAM SPAM SPAM SPAM SPAM SPAM220 p14nd4's FTP Server
STATUS:> SPAM SPAM SPAM SPAMConnected. Authenticating...
COMMAND:> SPAM SPAM SPAMUSER anonymous
SPAM SPAM SPAM SPAM SPAM SPAM331 Anonymous access allowed, send identity (e-mail name) as password.
COMMAND:> SPAM SPAM SPAMPASS *****
SPAM SPAM SPAM SPAM SPAM SPAM230-Welcome to p14nd4's FTP server. Please help yourself to whatever you'd like. I would, however, appreciate it if you'd return the favor, and leave some good stuff with me (in the drop box).
SPAM SPAM SPAM SPAM SPAM SPAM230 Anonymous user logged in.
STATUS:> SPAM SPAM SPAM SPAMLogin successful.
COMMAND:> SPAM SPAM SPAMPWD
SPAM SPAM SPAM SPAM SPAM SPAM257 "/" is current directory.
STATUS:> SPAM SPAM SPAM SPAMHome directory: /
COMMAND:> SPAM SPAM SPAMFEAT
SPAM SPAM SPAM SPAM SPAM SPAM500 'FEAT': command not understood
STATUS:> SPAM SPAM SPAM SPAMThis site doesn't support the 'features' command.
COMMAND:> SPAM SPAM SPAMREST 100
SPAM SPAM SPAM SPAM SPAM SPAM350 Restarting at 100.
STATUS:> SPAM SPAM SPAM SPAMThis site can resume broken downloads.
COMMAND:> SPAM SPAM SPAMTYPE A
SPAM SPAM SPAM SPAM SPAM SPAM200 Type set to A.
COMMAND:> SPAM SPAM SPAMREST 0
SPAM SPAM SPAM SPAM SPAM SPAM350 Restarting at 0.
COMMAND:> SPAM SPAM SPAMPASV
SPAM SPAM SPAM SPAM SPAM SPAM227 Entering Passive Mode (192,168,0,21,13,53).
COMMAND:> SPAM SPAM SPAMLIST
STATUS:> SPAM SPAM SPAM SPAMConnecting ftp data socket 192.168.0.21:3381...
ERROR:> SPAM SPAM SPAM SPAMCan't connect to remote server. Socket error = #10060.
ERROR:> SPAM SPAM SPAM SPAMFailed to establish data socket.
-------------------

I've also had this problem connecting from behind the Nexland Wavebase to another FTP server behind a NAT router, but I could connect fine from the box that was directly connected to the internet, running ICS (I'm not running ICS any more).

I can connect to other FTP servers (the setup of which I don't know) just fine.


Any ideas what's wrong, and/or how to resolve the issue?

Did you receive any solution to your problem of ftp server ?

I can't see anything on the forum

I've the same problem with a copperjet router - IIS 5.0 or serv-U

have you checked out ALL the ports for ftp??

there are quite a few besides just 21. I don't know what they are but

ERROR:> Failed to establish data socket.

it is a port number but i dunno which i had a bunch on a sticky note if i find it i'll post again.

21: data port
20: control port

there are more depending on the server and weather its passive or active..

from your log it sez passive so :

http://slacksite.com/other/ftp.html#passive

may help..

:lol:

When I change the FTP port of my server on the 21 port instead of the 921
and when I open the ports 21 and 20 on the router, it seems that all is OK.

:mad: There is only one thing that I don't understand :

With the FTP Server on port 921 and this port opened on the router, I can be accessed with a classic USB modem, but it's impossible from another copperjet router.
With the FTP Server on port 21 and this port opened on the router with the 20, I can be accessed with USB modem and from another copperjet router.

I was have the same problem with error #10060 trying to connect to my XP server through a Lyksys router.

I was able to solve it by switching to PORT instead of PASV.

Maybe this will help someone else.

Chow Mein Wayne
Erik
www.erikhoover.net

I might be a few years late in providing the anwser, but here it is:

Look at the returned message from the PASV command you sent. It provides the IP address and port to use. It is returning the internal address of the server. You need to customize the PASV response message to return the IP of your NAT Gateway.

i have to cope with the same probleme, but i didn't find anyway to change the IP adresse in the PASV respond. How can i deal with that.

I run a FTP server through IIS5.0 on Windows Server 2000
It is connected to a netgear cable modem - router - switch which do Fw and nat (DG824M).

Thanks for your answer

It's not a perfect solution (there may be a better server-side solution), but if you use something like IPCop (http://ipcop.org/) that uses FTP Connection Tracking, I believe the router will actually re-write the address in the packet. Since switching to that, I've never had a problem (although, sadly, I don't remember how I specifically solved the problem (though, it may have been solved by switching to IPCop).