PASV connections do not work in 4.0.4.3

Home Forums General Firewall Help PASV connections do not work in 4.0.4.3

  • This topic is empty.
Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #30054
    jrt3a
    Participant

    Hi,

    My server has been unable to accept passive connections since the initial 4.0 release. (It worked before this.) I have not been able to fix this problem using the advice I’ve found on this forum, but perhaps I have missed something.

    The passive option on the default FTP interface is set to auto detect, and don’t use external IP for local connections. I am behind a router.

    Any help would be much appreciated. Here is a log file with an example of the problem.

    Quote:


    2010/08/19 03:52:53 Microsoft Windows Vista Home Premium Edition, 64-bit

    2010/08/19 03:52:53 Cerberus FTP Server 4.0.4.3 (x64) – Personal started on ‘computer’

    2010/08/19 03:52:53 Installed as a Windows Service but started in application mode

    2010/08/19 03:52:53 Cerberus added to Windows Firewall Exception list

    2010/08/19 03:52:53 Interface 0 (FTP) listening at 192.168.1.101 on port 21

    2010/08/19 03:52:54 Interface 1 (FTP) listening at 127.0.0.1 on port 21

    2010/08/19 03:52:55 WAN IP detected as 24.255.29.172

    2010/08/19 03:53:16 [0] Incoming connection request on interface 0 at 192.168.1.101

    2010/08/19 03:53:16 [0] FTP Connection request accepted from 62.75.138.232

    2010/08/19 03:53:17 [0] CLNT http://ftptest.net on behalf of 24.255.29.172

    2010/08/19 03:53:17 [0] 530 Not logged in

    2010/08/19 03:53:17 [0] USER tester

    2010/08/19 03:53:17 [0] 331 User tester, password please

    2010/08/19 03:53:17 [0] PASS ***********

    2010/08/19 03:53:17 [0] Native user ‘tester’ authenticated

    2010/08/19 03:53:17 [0] 230 Password Ok, User logged in

    2010/08/19 03:53:17 [0] SYST

    2010/08/19 03:53:17 [0] 215 UNIX Type: L8

    2010/08/19 03:53:17 [0] FEAT

    2010/08/19 03:53:17 [0] 211- Additional features supported include: MDTM MFCT MFMT SIZE REST STREAM AUTH TLS AUTH SSL PBSZ EPRT EPSV XCRC XSHA1 XSHA256 XSHA512 XMD5 PROT LANG EN* SITE CHMOD SITE PSWD SITE ZONE SITE UTIME MLST Type*;Size*;Modify*;Create*; CLNT CSID RMDA UTF8 211 End

    2010/08/19 03:53:18 [0] PWD

    2010/08/19 03:53:18 [0] 257 “/” is the current directory

    2010/08/19 03:53:18 [0] TYPE I

    2010/08/19 03:53:18 [0] 200 Type Binary

    2010/08/19 03:53:18 [0] PASV

    2010/08/19 03:53:18 [0] 227 Entering Passive Mode (24,255,29,172,43,4)

    2010/08/19 03:53:18 [0] MLSD

    2010/08/19 03:54:50 [0] Timeout while waiting for connection

    2010/08/19 03:54:50 [0] Unable to accept passive connection

    2010/08/19 03:54:50 [0] For help see http://www.cerberusftp.com/faq/initialsetup.htm#Q3

    2010/08/19 03:54:50 [0] 425 Unable to open the data connection

    2010/08/19 03:54:50 [0] The client closed the connection

    2010/08/19 03:54:50 [0] Connection terminated

    #35877
    imported_Serin
    Participant

    Hello,

    It looks like you are giving out the correct external IP address for passive mode. The other 2 things to check are:

    1.) The passive port range. Do the port forwarding rules setup on your router match the port range on the Advanced tab of the Server Manager? Is the connection still getting forwarded to the right server?

    2.) The Windows Firewall. Is it blocking the incoming passive connection? The simplest test is to disable the Windows Firewall and re-test. If the connection starts working after you disable the firewall, the Windows Firewall is the problem. Make sure Cerberus is on the Windows Firewall exception list and that the path is correct. Shutdown the server, remove the firewall rule, and re-add it.

    #35878
    jrt3a
    Participant

    Hi Serin,

    Thank you for the suggestions. The passive port range in Cerberus matches the port forwarding in the router settings.

    I disabled Windows Firewall and attempted the test again. The results were exactly the same. (Cerberus is also listed on the exception list.)

    #35879
    imported_Serin
    Participant

    Ok, what is the exact setup of your network? What kind of connection (ISP) and what devices are on your network? Is there a cable modem, DSL modem or FIOS modem? Do you have another, separate router that your modem connects to?

    Any other network filtering/spyware/firewall software on the server machine?

    Check out this FAQ entry for other possible reasons for PASV failure even if you’ve correctly configured your router:

    http://www.cerberusftp.com/faq/troubleshooting.html#Q3

    Finally, what happens if you try to establish a secure, FTPS or FTPES connection?

    #35880
    jrt3a
    Participant

    Sorry for the slow reply. It turned out that using the Specify PASV IP option for the internal IP interface and putting in the internal IP. I thought I had tried this before, but apparently something changed between versions that made a difference. That, or I didn’t apply the step correctly before. In any case, thanks for your help.

    #35881
    wildbillnj
    Participant

    I have read several older posts on this topic, but they do not resolve the problem for me.

    I’m fairly sure it’s not a client or firewall problem.

    I have Cerberus running on my home PC (XP Pro, behind a router, broadband, firewalled, port 21 is forwarded, also the ports in the passive range are forwarded).

    At the office, I can use Core FTP (client) to FTP to/from my home PC with no problems. However, any other client appears to fail. I cannot LIST the files, and other dir commands like SIZE also fail (complaining of invalid path even if the path is correct).

    Obviously I don’t need to FTP with two different clients on my office PC – I’m trying to use AndFTP on my Droid – but that’s my test case for proving that it isn’t the client.

    I can use ordinary Windows FTP from the command prompt, and I can’t list the remote dir contents there, either. And I tried talking directly to the FTP server (by doing “telnet 21″) and encountered the same 425 error there. Firefox also cannot list the dir contents. But miraculously, on the same PC, Core FTP is able to do everything just fine.

    Any ideas?

    #35882
    imported_Serin
    Participant

    If we could see a Cerberus FTP Server log listing for CoreFTP that works and a Cerberus log listing for one of the other clients that doesn’t work we could probably tell you what the issue is.

    #35883
    FreeThinker
    Participant

    jrt3a wrote:

    Hi,

    My server has been unable to accept passive connections since the initial 4.0 release. (It worked before this.) I have not been able to fix this problem using the advice I’ve found on this forum, but perhaps I have missed something.

    The passive option on the default FTP interface is set to auto detect, and don’t use external IP for local connections. I am behind a router.

    Any help would be much appreciated. Here is a log file with an example of the problem.

    Quote:


    2010/08/19 03:52:53 Microsoft Windows Vista Home Premium Edition, 64-bit

    2010/08/19 03:52:53 Cerberus FTP Server 4.0.4.3 (x64) – Personal started on ‘computer’

    2010/08/19 03:52:53 Installed as a Windows Service but started in application mode

    2010/08/19 03:52:53 Cerberus added to Windows Firewall Exception list

    2010/08/19 03:52:53 Interface 0 (FTP) listening at 192.168.1.101 on port 21

    2010/08/19 03:52:54 Interface 1 (FTP) listening at 127.0.0.1 on port 21

    2010/08/19 03:52:55 WAN IP detected as 24.255.29.172

    2010/08/19 03:53:16 [0] Incoming connection request on interface 0 at 192.168.1.101

    2010/08/19 03:53:16 [0] FTP Connection request accepted from 62.75.138.232

    2010/08/19 03:53:17 [0] CLNT http://ftptest.net on behalf of 24.255.29.172

    2010/08/19 03:53:17 [0] 530 Not logged in

    2010/08/19 03:53:17 [0] USER tester

    2010/08/19 03:53:17 [0] 331 User tester, password please

    2010/08/19 03:53:17 [0] PASS ***********

    2010/08/19 03:53:17 [0] Native user ‘tester’ authenticated

    2010/08/19 03:53:17 [0] 230 Password Ok, User logged in

    2010/08/19 03:53:17 [0] SYST

    2010/08/19 03:53:17 [0] 215 UNIX Type: L8

    2010/08/19 03:53:17 [0] FEAT

    2010/08/19 03:53:17 [0] 211- Additional features supported include: MDTM MFCT MFMT SIZE REST STREAM AUTH TLS AUTH SSL PBSZ EPRT EPSV XCRC XSHA1 XSHA256 XSHA512 XMD5 PROT LANG EN* SITE CHMOD SITE PSWD SITE ZONE SITE UTIME MLST Type*;Size*;Modify*;Create*; CLNT CSID RMDA UTF8 211 End

    2010/08/19 03:53:18 [0] PWD

    2010/08/19 03:53:18 [0] 257 “/” is the current directory

    2010/08/19 03:53:18 [0] TYPE I

    2010/08/19 03:53:18 [0] 200 Type Binary

    2010/08/19 03:53:18 [0] PASV

    2010/08/19 03:53:18 [0] 227 Entering Passive Mode (24,255,29,172,43,4)

    2010/08/19 03:53:18 [0] MLSD

    2010/08/19 03:54:50 [0] Timeout while waiting for connection

    2010/08/19 03:54:50 [0] Unable to accept passive connection

    2010/08/19 03:54:50 [0] For help see http://www.cerberusftp.com/faq/initialsetup.htm#Q3

    2010/08/19 03:54:50 [0] 425 Unable to open the data connection

    2010/08/19 03:54:50 [0] The client closed the connection

    2010/08/19 03:54:50 [0] Connection terminated

    I have same issue as the above ๐Ÿ˜ฏ

    I have tried and looked everything but cannot manage to pass the Passive mode! ๐Ÿ˜ฅ

    *I have all ports (21) plus the passive ones on my rooter equal as Cerberus;

    *have added the Cerberus program to windows firewall exceptions + added all ports as well;

    *have tried and tested disabling the Firewall… same issue.

    I do not have on my machine anything special….just normal stuff + a survaillance camera system (checked this but is also ok) and anti virus (AVG).

    I send some print screens of my Windows Firewall + Cerberus configuration + Rooter ports….

    CERBERUS CONFIGURATIONS

    http://www.osvaldobrites.com/images/cerberus_01.jpg

    http://www.osvaldobrites.com/images/cerberus_02.jpg

    http://www.osvaldobrites.com/images/cerberus_03.jpg

    http://www.osvaldobrites.com/images/cerberus_04.jpg

    http://www.osvaldobrites.com/images/cerberus_05.jpg

    http://www.osvaldobrites.com/images/cerberus_06.jpg

    http://www.osvaldobrites.com/images/cerberus_07.jpg

    WINDOWS FIREWALL EXCEPTIONS

    http://www.osvaldobrites.com/images/Win_Firewall.jpg

    ROOTER PORTS

    http://www.osvaldobrites.com/images/rooter.jpg

    Thanks a LOT in advanced :|

    #35884
    imported_Serin
    Participant
    #35885
    FreeThinker
    Participant

    m8 tried this:

    Quote:

    Steps to resolve:

    To resolve either issue you have to change Cerberus FTP Server’s PASV IP setting to be your internal LAN IP and not the external or public IP visible from outside your local network. You may need to perform these steps for each FTP interface.

    1. Go to Configuration -> Server Manager -> Interfaces

    2. Click on the interface that matches your internal IP

    3. In the PASV Options section click the “Specify PASV IP” radio button and in the textbox that appears put in the same IP as the interface (your local IP address).

    4. Click the “Ok” button


    ….now i can access thru my localhost private IP (192.168.1.3)….but externally NO! ๐Ÿ˜ฅ

    #35886
    imported_Serin
    Participant

    So, that tells us that the external passive ports aren’t getting through to your machine.

    Taking a second look at your firwall configuration and your log I see a possible mismatch. You are forwarding connections from your router to 192.168.1.3, but your local machine IP is 192.168.1.101.

    I think that is almost certainly at least one of your issues. Try changing the firewall rule to go to the correct machine IP.

    #35887
    FreeThinker
    Participant

    have it all ok now….

    opened instead of having 1818 (inbound) and 21 (private)……

    … 21(inbound) and 21 (private)…also opened the port 20

    All rocking out now 8)

    P.S. – my Pc IP is correct….192.168.1.3 :P

    THANKS A LOT FOR THE QUICK REPLY :mrgreen:

Viewing 12 posts - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.
Close Cart

Shopping Cart