PASV connections do not work in 4.0.4.3

This forum is for anyone experiencing problems related to their firewall settings. More specifically, anyone experiecing connection issues should take a look at this forum.
Post Reply
jrt3a
New User
Posts: 3
Joined: Thu Aug 19, 2010 6:49 am

PASV connections do not work in 4.0.4.3

Post by jrt3a » Thu Aug 19, 2010 7:01 am

Hi,

My server has been unable to accept passive connections since the initial 4.0 release. (It worked before this.) I have not been able to fix this problem using the advice I've found on this forum, but perhaps I have missed something.

The passive option on the default FTP interface is set to auto detect, and don't use external IP for local connections. I am behind a router.

Any help would be much appreciated. Here is a log file with an example of the problem.

2010/08/19 03:52:53 Microsoft Windows Vista Home Premium Edition, 64-bit

2010/08/19 03:52:53 Cerberus FTP Server 4.0.4.3 (x64) - Personal started on 'computer'
2010/08/19 03:52:53 Installed as a Windows Service but started in application mode

2010/08/19 03:52:53 Cerberus added to Windows Firewall Exception list

2010/08/19 03:52:53 Interface 0 (FTP) listening at 192.168.1.101 on port 21
2010/08/19 03:52:54 Interface 1 (FTP) listening at 127.0.0.1 on port 21
2010/08/19 03:52:55 WAN IP detected as 24.255.29.172
2010/08/19 03:53:16 [0] Incoming connection request on interface 0 at 192.168.1.101
2010/08/19 03:53:16 [0] FTP Connection request accepted from 62.75.138.232
2010/08/19 03:53:17 [0] CLNT http://ftptest.net on behalf of 24.255.29.172
2010/08/19 03:53:17 [0] 530 Not logged in
2010/08/19 03:53:17 [0] USER tester
2010/08/19 03:53:17 [0] 331 User tester, password please
2010/08/19 03:53:17 [0] PASS ***********
2010/08/19 03:53:17 [0] Native user 'tester' authenticated
2010/08/19 03:53:17 [0] 230 Password Ok, User logged in
2010/08/19 03:53:17 [0] SYST
2010/08/19 03:53:17 [0] 215 UNIX Type: L8
2010/08/19 03:53:17 [0] FEAT
2010/08/19 03:53:17 [0] 211- Additional features supported include: MDTM MFCT MFMT SIZE REST STREAM AUTH TLS AUTH SSL PBSZ EPRT EPSV XCRC XSHA1 XSHA256 XSHA512 XMD5 PROT LANG EN* SITE CHMOD SITE PSWD SITE ZONE SITE UTIME MLST Type*;Size*;Modify*;Create*; CLNT CSID RMDA UTF8 211 End
2010/08/19 03:53:18 [0] PWD
2010/08/19 03:53:18 [0] 257 "/" is the current directory
2010/08/19 03:53:18 [0] TYPE I
2010/08/19 03:53:18 [0] 200 Type Binary
2010/08/19 03:53:18 [0] PASV
2010/08/19 03:53:18 [0] 227 Entering Passive Mode (24,255,29,172,43,4)
2010/08/19 03:53:18 [0] MLSD
2010/08/19 03:54:50 [0] Timeout while waiting for connection
2010/08/19 03:54:50 [0] Unable to accept passive connection
2010/08/19 03:54:50 [0] For help see http://www.cerberusftp.com/faq/initialsetup.htm#Q3
2010/08/19 03:54:50 [0] 425 Unable to open the data connection
2010/08/19 03:54:50 [0] The client closed the connection
2010/08/19 03:54:50 [0] Connection terminated

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: PASV connections do not work in 4.0.4.3

Post by Serin » Thu Aug 19, 2010 5:57 pm

Hello,

It looks like you are giving out the correct external IP address for passive mode. The other 2 things to check are:

1.) The passive port range. Do the port forwarding rules setup on your router match the port range on the Advanced tab of the Server Manager? Is the connection still getting forwarded to the right server?

2.) The Windows Firewall. Is it blocking the incoming passive connection? The simplest test is to disable the Windows Firewall and re-test. If the connection starts working after you disable the firewall, the Windows Firewall is the problem. Make sure Cerberus is on the Windows Firewall exception list and that the path is correct. Shutdown the server, remove the firewall rule, and re-add it.

jrt3a
New User
Posts: 3
Joined: Thu Aug 19, 2010 6:49 am

Re: PASV connections do not work in 4.0.4.3

Post by jrt3a » Thu Aug 19, 2010 6:21 pm

Hi Serin,

Thank you for the suggestions. The passive port range in Cerberus matches the port forwarding in the router settings.

I disabled Windows Firewall and attempted the test again. The results were exactly the same. (Cerberus is also listed on the exception list.)

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: PASV connections do not work in 4.0.4.3

Post by Serin » Thu Aug 19, 2010 8:24 pm

Ok, what is the exact setup of your network? What kind of connection (ISP) and what devices are on your network? Is there a cable modem, DSL modem or FIOS modem? Do you have another, separate router that your modem connects to?

Any other network filtering/spyware/firewall software on the server machine?

Check out this FAQ entry for other possible reasons for PASV failure even if you've correctly configured your router:

http://www.cerberusftp.com/faq/troubleshooting.html#Q3


Finally, what happens if you try to establish a secure, FTPS or FTPES connection?

jrt3a
New User
Posts: 3
Joined: Thu Aug 19, 2010 6:49 am

Re: PASV connections do not work in 4.0.4.3

Post by jrt3a » Thu Aug 26, 2010 3:29 am

Sorry for the slow reply. It turned out that using the Specify PASV IP option for the internal IP interface and putting in the internal IP. I thought I had tried this before, but apparently something changed between versions that made a difference. That, or I didn't apply the step correctly before. In any case, thanks for your help.

wildbillnj
Posts: 1
Joined: Thu Aug 26, 2010 4:01 pm

Re: PASV connections do not work in 4.0.4.3

Post by wildbillnj » Thu Aug 26, 2010 4:07 pm

I have read several older posts on this topic, but they do not resolve the problem for me.
I'm fairly sure it's not a client or firewall problem.

I have Cerberus running on my home PC (XP Pro, behind a router, broadband, firewalled, port 21 is forwarded, also the ports in the passive range are forwarded).
At the office, I can use Core FTP (client) to FTP to/from my home PC with no problems. However, any other client appears to fail. I cannot LIST the files, and other dir commands like SIZE also fail (complaining of invalid path even if the path is correct).

Obviously I don't need to FTP with two different clients on my office PC - I'm trying to use AndFTP on my Droid - but that's my test case for proving that it isn't the client.

I can use ordinary Windows FTP from the command prompt, and I can't list the remote dir contents there, either. And I tried talking directly to the FTP server (by doing "telnet <hostname> 21") and encountered the same 425 error there. Firefox also cannot list the dir contents. But miraculously, on the same PC, Core FTP is able to do everything just fine.

Any ideas?

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: PASV connections do not work in 4.0.4.3

Post by Serin » Thu Aug 26, 2010 8:05 pm

If we could see a Cerberus FTP Server log listing for CoreFTP that works and a Cerberus log listing for one of the other clients that doesn't work we could probably tell you what the issue is.

FreeThinker
New User
Posts: 3
Joined: Thu Mar 10, 2011 2:46 pm

Re: PASV connections do not work in 4.0.4.3

Post by FreeThinker » Thu Mar 10, 2011 4:51 pm

jrt3a wrote:Hi,

My server has been unable to accept passive connections since the initial 4.0 release. (It worked before this.) I have not been able to fix this problem using the advice I've found on this forum, but perhaps I have missed something.

The passive option on the default FTP interface is set to auto detect, and don't use external IP for local connections. I am behind a router.

Any help would be much appreciated. Here is a log file with an example of the problem.

2010/08/19 03:52:53 Microsoft Windows Vista Home Premium Edition, 64-bit

2010/08/19 03:52:53 Cerberus FTP Server 4.0.4.3 (x64) - Personal started on 'computer'
2010/08/19 03:52:53 Installed as a Windows Service but started in application mode

2010/08/19 03:52:53 Cerberus added to Windows Firewall Exception list

2010/08/19 03:52:53 Interface 0 (FTP) listening at 192.168.1.101 on port 21
2010/08/19 03:52:54 Interface 1 (FTP) listening at 127.0.0.1 on port 21
2010/08/19 03:52:55 WAN IP detected as 24.255.29.172
2010/08/19 03:53:16 [0] Incoming connection request on interface 0 at 192.168.1.101
2010/08/19 03:53:16 [0] FTP Connection request accepted from 62.75.138.232
2010/08/19 03:53:17 [0] CLNT http://ftptest.net on behalf of 24.255.29.172
2010/08/19 03:53:17 [0] 530 Not logged in
2010/08/19 03:53:17 [0] USER tester
2010/08/19 03:53:17 [0] 331 User tester, password please
2010/08/19 03:53:17 [0] PASS ***********
2010/08/19 03:53:17 [0] Native user 'tester' authenticated
2010/08/19 03:53:17 [0] 230 Password Ok, User logged in
2010/08/19 03:53:17 [0] SYST
2010/08/19 03:53:17 [0] 215 UNIX Type: L8
2010/08/19 03:53:17 [0] FEAT
2010/08/19 03:53:17 [0] 211- Additional features supported include: MDTM MFCT MFMT SIZE REST STREAM AUTH TLS AUTH SSL PBSZ EPRT EPSV XCRC XSHA1 XSHA256 XSHA512 XMD5 PROT LANG EN* SITE CHMOD SITE PSWD SITE ZONE SITE UTIME MLST Type*;Size*;Modify*;Create*; CLNT CSID RMDA UTF8 211 End
2010/08/19 03:53:18 [0] PWD
2010/08/19 03:53:18 [0] 257 "/" is the current directory
2010/08/19 03:53:18 [0] TYPE I
2010/08/19 03:53:18 [0] 200 Type Binary
2010/08/19 03:53:18 [0] PASV
2010/08/19 03:53:18 [0] 227 Entering Passive Mode (24,255,29,172,43,4)
2010/08/19 03:53:18 [0] MLSD
2010/08/19 03:54:50 [0] Timeout while waiting for connection
2010/08/19 03:54:50 [0] Unable to accept passive connection
2010/08/19 03:54:50 [0] For help see http://www.cerberusftp.com/faq/initialsetup.htm#Q3
2010/08/19 03:54:50 [0] 425 Unable to open the data connection
2010/08/19 03:54:50 [0] The client closed the connection
2010/08/19 03:54:50 [0] Connection terminated
I have same issue as the above :shock:

I have tried and looked everything but cannot manage to pass the Passive mode! :cry:

*I have all ports (21) plus the passive ones on my rooter equal as Cerberus;
*have added the Cerberus program to windows firewall exceptions + added all ports as well;
*have tried and tested disabling the Firewall... same issue.

I do not have on my machine anything special....just normal stuff + a survaillance camera system (checked this but is also ok) and anti virus (AVG).

I send some print screens of my Windows Firewall + Cerberus configuration + Rooter ports....

CERBERUS CONFIGURATIONS
http://www.osvaldobrites.com/images/cerberus_01.jpg
http://www.osvaldobrites.com/images/cerberus_02.jpg
http://www.osvaldobrites.com/images/cerberus_03.jpg
http://www.osvaldobrites.com/images/cerberus_04.jpg
http://www.osvaldobrites.com/images/cerberus_05.jpg
http://www.osvaldobrites.com/images/cerberus_06.jpg
http://www.osvaldobrites.com/images/cerberus_07.jpg

WINDOWS FIREWALL EXCEPTIONS
http://www.osvaldobrites.com/images/Win_Firewall.jpg

ROOTER PORTS
http://www.osvaldobrites.com/images/rooter.jpg

Thanks a LOT in advanced :|


FreeThinker
New User
Posts: 3
Joined: Thu Mar 10, 2011 2:46 pm

Re: PASV connections do not work in 4.0.4.3

Post by FreeThinker » Thu Mar 10, 2011 5:52 pm

m8 tried this:
Steps to resolve:

To resolve either issue you have to change Cerberus FTP Server's PASV IP setting to be your internal LAN IP and not the external or public IP visible from outside your local network. You may need to perform these steps for each FTP interface.

1. Go to Configuration -> Server Manager -> Interfaces
2. Click on the interface that matches your internal IP
3. In the PASV Options section click the "Specify PASV IP" radio button and in the textbox that appears put in the same IP as the interface (your local IP address).
4. Click the "Ok" button
....now i can access thru my localhost private IP (192.168.1.3)....but externally NO! :cry:

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: PASV connections do not work in 4.0.4.3

Post by Serin » Thu Mar 10, 2011 6:09 pm

So, that tells us that the external passive ports aren't getting through to your machine.

Taking a second look at your firwall configuration and your log I see a possible mismatch. You are forwarding connections from your router to 192.168.1.3, but your local machine IP is 192.168.1.101.

I think that is almost certainly at least one of your issues. Try changing the firewall rule to go to the correct machine IP.

FreeThinker
New User
Posts: 3
Joined: Thu Mar 10, 2011 2:46 pm

Re: PASV connections do not work in 4.0.4.3

Post by FreeThinker » Thu Mar 10, 2011 6:48 pm

have it all ok now....

opened instead of having 1818 (inbound) and 21 (private)......
... 21(inbound) and 21 (private)...also opened the port 20

All rocking out now 8)

P.S. - my Pc IP is correct....192.168.1.3 :P

THANKS A LOT FOR THE QUICK REPLY :mrgreen:

Post Reply