Can't continue past PASV...

This forum is for anyone experiencing problems related to their firewall settings. More specifically, anyone experiecing connection issues should take a look at this forum.
Locked
ggfuzzy
New User
Posts: 4
Joined: Sat May 02, 2009 11:55 pm

Can't continue past PASV...

Post by ggfuzzy » Sun May 03, 2009 12:31 am

I just installed Cerberus 2.49a on my XP Pro box. Running on a lan, server IP is 192.168.1.103, Internet IP is 209.251.13.238 (static IP). Followed all the instructions for port forwarding on my router (21, 1025-3000) to the server. Interfaces set up as directed (user different IP for PASV command). Wasn't able to connect from I.E. v8 so installed FileZilla so I could see both sides of FTP conversation. On Cerberus side I see:
  • May 03 00:24:17 Added to Windows Firewall Exception list

    May 03 00:24:17 System:
    May 03 00:24:17 Number of Processors: 4
    May 03 00:24:17 Operating System: Microsoft Windows XP Professional

    May 03 00:24:17 Cerberus FTP Server started on 'elrond'


    May 03 00:24:17 Interface 6 listening at 192.168.1.103 on port 21

    May 03 00:24:27 25 Incoming connection request on interface 192.168.1.103
    May 03 00:24:27 25 Connection request accepted from 209.251.13.238
    May 03 00:24:27 25 USER anonymous
    May 03 00:24:27 25 331 User anonymous, password please
    May 03 00:24:28 25 PASS ***********
    May 03 00:24:28 25 230 Password Ok, User logged in
    May 03 00:24:28 25 Anonymous user "anonymous" logged in with password "anon@localhost"
    May 03 00:24:28 25 PWD
    May 03 00:24:28 25 257 "/" is the current directory
    May 03 00:24:28 25 TYPE I
    May 03 00:24:28 25 200 Type Binary
    May 03 00:24:28 25 PASV
    May 03 00:24:28 25 227 Entering Passive Mode (209,251,13,238,4,13)
    May 03 00:24:28 25 Error closing connection: An existing connection was forcibly closed by the remote host.
    May 03 00:24:28 25 Connection terminated.
On the FileZilla side I see:
  • Status: Connecting to 209.251.13.238:21...
    Status: Connection established, waiting for welcome message...
    Response: 220-Cerberus FTP Server Personal Edition
    Response: 220-UNREGISTERED
    Response: 220-Welcome to Cerberus FTP Server
    Response: 220 Created by Grant Averett
    Command: USER anonymous
    Response: 331 User anonymous, password please
    Command: PASS **************
    Response: 230 Password Ok, User logged in
    Status: Connected
    Status: Retrieving directory listing...
    Command: PWD
    Response: 257 "/" is the current directory
    Command: TYPE I
    Response: 200 Type Binary
    Command: PASV
    Error: Disconnected from server: ECONNABORTED - Connection aborted
    Error: Failed to retrieve directory listing
Initially I only created 6 TCP and 6 UDP port openings in Windows XP firewall (1025-1030) and restricted both Cerberus and my router to the same ports. Saw the same errors as above, and finally disabled my XP firewall completely (for testing purposes). Still failed the same way (no change). Anyone have any ideas as to what's wrong? Side note: Cerberus error occurs first...FileZilla "Disconnected" message happens several seconds later.

mdj
Moderator
Posts: 656
Joined: Mon Aug 18, 2003 4:00 am
Location: Denmark
Contact:

Re: Can't continue past PASV...

Post by mdj » Wed May 06, 2009 2:50 am

Your server ip and client ip appears to be the same. Are they? Try fiddling the "ip for passive" setting, sometimes routers are "intelligent" and messes this up... Please post the answer, if you figure it out, it may be one for the FAQ. (There is an entry on intelligent routers already, but this appears different.)
Morten Due Jørgensen
http://www.mdjnet.dk

ggfuzzy
New User
Posts: 4
Joined: Sat May 02, 2009 11:55 pm

Re: Can't continue past PASV...

Post by ggfuzzy » Wed May 06, 2009 7:23 am

You're correct...I was testing from the same computer I was running Cerberus on. Later today I'll try connecting from my laptop instead and see what the results are. I'll also try looking at the "ip for passive setting" and let you know what happens.

ggfuzzy
New User
Posts: 4
Joined: Sat May 02, 2009 11:55 pm

Re: Can't continue past PASV...

Post by ggfuzzy » Wed May 06, 2009 11:38 pm

Did some testing tonight...discovered that if I choose "Use different IP for PASV command" and enter the address of my server (in my case, the same address as the interface...192.168.1.103) I could connect successfully. I was able to connect both from the same server machine and from my laptop. It didn't seem to matter if the "Don't Use External IP for Local Connections" option was checked or unchecked. I didn't make any changes to the default interface...only the interface associated with my server's IP address. Thanks for the troubleshooting suggestion!

ggfuzzy
New User
Posts: 4
Joined: Sat May 02, 2009 11:55 pm

Re: Can't continue past PASV...

Post by ggfuzzy » Thu May 07, 2009 8:07 am

Wanted to add, I also found a firewall program from Comodo that I installed to replace the WinXP firewall. Comodo's version (free for individuals...also has an optional antivirus program) lets you set ranges of ports. That may have helped get the PASV setting working too, although I haven't gone back to verify yet.

Locked