Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I cannot get an ftp tunnel to work. I can telnet to the port, but the directory listing is not working, when using a real connect.
The data/control port is defiantly giving issues.
The setup looks like this, and I am trying to connect from the client.
I can connect to the ftp fine, from privateserver, which have access.
ftpserver, is a FTP server, on the WWW
privateserver, is the only server that have access by firewall rules to the ftp server, but cannet be access by clients.
public server, can be access by clients.
I have tried this from public server, both without a dynamic host, and with a dynamic host.
When I try to connect to the socks proxy on port 1234 from the ftp client, i simply get an timeout.
If I do not use a proxy, it connects but, cannot list directories, neither in passive or non-passive.
Response: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,17,71).
Command: MLSD
Response: 150 File status okay; about to open data connection.
Error: Connection timed out
Error: Failed to retrieve directory listing
non-passive
Quote:
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PORT xxx,xxx,xxx,xxx,220,248
Error: Connection closed by server
Error: Failed to retrieve directory listing
the xxx.xxx.xxx.xxx part should be 127.0.0.1 (i.e. your call must be through your ssh tunnel) while the passive port to connect to is the 17,71 (i.e. 17*256+71 = 4423).
Once you'll be able to say to Filezilla to open that connection via the tunnel you'll get the ftp up and running for both command and data channels.
The tricky part of the thread by appyface was this:
Quote:
5. Setup your ftp server to use a very small range of incoming
ports for passive ftp connections (I used 5 ports, 2022 - 2026)
6. Setup your SSH client to use SSH2, and set up the following
local port forwards (using my examples above, substitute your own
ports):
* 2021 (local port)--> 192.168.0.2:2021 (ftp server internal
ip:ftpserver local port for control session)
* 2022 (local port)--> 192.168.0.2:2022 (ftp server internal
ip:ftpserver local port for passive data session)
* 2023 (local port)--> 192.168.0.2:2023 (ftp server internal
ip:ftpserver local port for passive data session)
* 2024 (local port)--> 192.168.0.2:2024 (ftp server internal
ip:ftpserver local port for passive data session)
* 2025 (local port)--> 192.168.0.2:2025 (ftp server internal
ip:ftpserver local port for passive data session)
* 2026 (local port)--> 192.168.0.2:2026 (ftp server internal
ip:ftpserver local port for passive data session)
i.e. limit the range of passive port on your FTP server and open a tunnel for each of them.
Obviusly this is a bypass that cannot be performed if you have limited access to the FTP server and also is not a very good choice (limit the passive port range could not be a good idea!) but this should works ...
An alternative could be:
a. try to connect in passive mode to get the port for data connection (get the formula is always 1st no. * 256 + 2nd no.)
b. open the tunnel with the port + 1
c. cross your fingers and try to open the data connection again (if you guess the port you'll in)
and calculate 17*256+71 = 4423
b. open the tunnel onto the port 4424
c. try a dir
In any case also this option would be deprecable!
Hope this helps!
PS: instead Filezilla you can use simple command line ftp too! Pay attention to use the EPSV instead of PASV command to not consider the IP passed by the server
Yes, even if I am lucky to guess the correct port, which I did 2 or 3 times, I am unable to list the dirs.
Although if it had succeeded, I could not use this solution for the users...
currently I am looking into complete another solution.
Thanks for your time though.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.