FTP Problem: Can't LS

[Omega]

I'm working behind an internet gateway with NAT (Apple AirPort), and I can't connect to my home FTP, which is behind another internet gateway with NAT (Nexland WaveBase). I do have TCP port 21 forwarded to the right LAN IP address for the FTP server. Other people can connect to the FTP server with complete functionality. I've tried using PORT and PASV mode. Everything works fine until it tries to LS the root directory. I can get in with Windows CLI ftp, but it times out when I do an LS there too. Here's the PORT log:
------------------
STATUS:>        [07/11/2002 15:24:15] Getting listing ""...
STATUS:>        Resolving host name p14nd4.com...
STATUS:>        Host name p14nd4.com resolved: ip = 24.145.188.247.
STATUS:>        Connecting to ftp server p14nd4.com:21 (ip = 24.145.188.247)...
STATUS:>        Socket connected. Waiting for welcome message...
           220-Microsoft FTP Service
           220 p14nd4's FTP Server
STATUS:>        Connected. Authenticating...
COMMAND:>      USER anonymous
           331 Anonymous access allowed, send identity (e-mail name) as password.
COMMAND:>      PASS *****
           230-Welcome to p14nd4's FTP server. Please help yourself to whatever you'd like. I would, however, appreciate it if you'd return the favor, and leave some good stuff with me (in the drop box).
           230 Anonymous user logged in.
STATUS:>        Login successful.
COMMAND:>      PWD
           257 "/" is current directory.
STATUS:>        Home directory: /
COMMAND:>      FEAT
           500 'FEAT': command not understood
STATUS:>        This site doesn't support the 'features' command.
COMMAND:>      REST 100
           350 Restarting at 100.
STATUS:>        This site can resume broken downloads.
COMMAND:>      TYPE A
           200 Type set to A.
COMMAND:>      REST 0
           350 Restarting at 0.
COMMAND:>      PORT 10,0,1,2,4,12
           200 PORT command successful.
COMMAND:>      LIST
           150 Opening ASCII mode data connection for /bin/ls.
ERROR:>        Timeout.
ERROR:>        Failed to establish data socket.
-------------------

And here's the PASV log:
-------------------
STATUS:>        [07/11/2002 15:31:13] Getting listing ""...
STATUS:>        Resolving host name p14nd4.com...
STATUS:>        Host name p14nd4.com resolved: ip = 24.145.188.247.
STATUS:>        Connecting to ftp server p14nd4.com:21 (ip = 24.145.188.247)...
STATUS:>        Socket connected. Waiting for welcome message...
           220-Microsoft FTP Service
           220 p14nd4's FTP Server
STATUS:>        Connected. Authenticating...
COMMAND:>      USER anonymous
           331 Anonymous access allowed, send identity (e-mail name) as password.
COMMAND:>      PASS *****
           230-Welcome to p14nd4's FTP server. Please help yourself to whatever you'd like. I would, however, appreciate it if you'd return the favor, and leave some good stuff with me (in the drop box).
           230 Anonymous user logged in.
STATUS:>        Login successful.
COMMAND:>      PWD
           257 "/" is current directory.
STATUS:>        Home directory: /
COMMAND:>      FEAT
           500 'FEAT': command not understood
STATUS:>        This site doesn't support the 'features' command.
COMMAND:>      REST 100
           350 Restarting at 100.
STATUS:>        This site can resume broken downloads.
COMMAND:>      TYPE A
           200 Type set to A.
COMMAND:>      REST 0
           350 Restarting at 0.
COMMAND:>      PASV
           227 Entering Passive Mode (192,168,0,21,13,53).
COMMAND:>      LIST
STATUS:>        Connecting ftp data socket 192.168.0.21:3381...
ERROR:>        Can't connect to remote server. Socket error = #10060.
ERROR:>        Failed to establish data socket.
-------------------

I've also had this problem connecting from behind the Nexland Wavebase to another FTP server behind a NAT router, but I could connect fine from the box that was directly connected to the internet, running ICS (I'm not running ICS any more).

I can connect to other FTP servers (the setup of which I don't know) just fine.


Any ideas what's wrong, and/or how to resolve the issue?

Did you receive any solution to your problem of ftp server ?

I can't see anything on the forum

I've the same problem with a copperjet router - IIS 5.0 or serv-U

have you checked out ALL the ports for ftp??

there are quite a few besides just 21. I don't know what they are but

Quote:

ERROR:> Failed to establish data socket.

it is a port number but i dunno which i had a bunch on a sticky note if i find it i'll post again.

[Uranium-235]

21: data port
20: control port

there are more depending on the server and weather its passive or active..

from your log it sez passive so :

http://slacksite.com/other/ftp.html#passive

may help..

When I change the FTP port of my server on the 21 port instead of the 921
and when I open the ports 21 and 20 on the router, it seems that all is OK.

There is only one thing that I don't understand :

With the FTP Server on port 921 and this port opened on the router, I can be accessed with a classic USB modem, but it's impossible from another copperjet router.
With the FTP Server on port 21 and this port opened on the router with the 20, I can be accessed with USB modem and from another copperjet router.

I was have the same problem with error #10060 trying to connect to my XP server through a Lyksys router.

I was able to solve it by switching to PORT instead of PASV.

Maybe this will help someone else.

Chow Mein Wayne
Erik
www.erikhoover.net

I might be a few years late in providing the anwser, but here it is:

Look at the returned message from the PASV command you sent. It provides the IP address and port to use. It is returning the internal address of the server. You need to customize the PASV response message to return the IP of your NAT Gateway.

i have to cope with the same probleme, but i didn't find anyway to change the IP adresse in the PASV respond. How can i deal with that.

I run a FTP server through IIS5.0 on Windows Server 2000
It is connected to a netgear cable modem - router - switch which do Fw and nat (DG824M).

Thanks for your answer

[Omega]

It's not a perfect solution (there may be a better server-side solution), but if you use something like IPCop that uses FTP Connection Tracking, I believe the router will actually re-write the address in the packet. Since switching to that, I've never had a problem (although, sadly, I don't remember how I specifically solved the problem (though, it may have been solved by switching to IPCop).