Cannot list dir via FTP

Ephracis · 12-11-2004, 07:38 AM

I have an FTP on my box and it's ok to connect to it. But when I try to list the content in any dir I get this:

Code:

Connected to xxx.xxx.xxx.xxx.
Name (xxx.xxx.xxx.xxx:root): xxxx
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.

...and then nothing more happens. I don't get back to any prompt it just seems to "hang" or something. I tried to connect with gFTP and enabled "passive transfer" to check if that had anything to do with PASV.

Code:

Looking up localhost
Trying localhost:738
Connected to localhost:738
USER xxxx

331 Please specify the password.
PASS xxxx
230 Login successful.
SYST

215 UNIX Type: L8
TYPE I

200 Switching to Binary mode.
PWD

257 "/home/ftp/accounts/normal"
Loading directory listing /home/ftp/accounts/normal from server (LC_TIME=en_US)
PASV

227 Entering Passive Mode (127,0,0,1,157,175)

And then the same there.. nothing more happens.

Emerson · 12-11-2004, 09:51 AM

There must be some logs in your server side to look at.

Ephracis · 12-11-2004, 10:08 AM

Ok, I start up vsftp and I have full logging.

This is the client (command ftp):

Code:

Connected to localhost.
Name (localhost:mezzymeat): biztroo
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
425 Failed to establish connection.

After that I try with gFTP:

Code:

Looking up localhost
Trying localhost:738
Connected to localhost:738
USER biztroo

331 Please specify the password.
PASS xxxx
230 Login successful.
SYST

215 UNIX Type: L8
TYPE I

200 Switching to Binary mode.
PWD

257 "/home/ftp/accounts/normal"
Loading directory listing /home/ftp/accounts/normal from server (LC_TIME=en_US)
PASV

227 Entering Passive Mode (127,0,0,1,63,243)
Loading directory listing /home/ftp/accounts/normal from server (LC_TIME=en_US)
PASV

227 Entering Passive Mode (127,0,0,1,240,49)

So that does not work either. Now here are the logs from vsftpd:

Code:

Sat Dec 11 17:01:18 2004 [pid 25101] CONNECT: Client "127.0.0.1"
Sat Dec 11 17:01:20 2004 [pid 25101] FTP command: Client "127.0.0.1", "USER biztroo"
Sat Dec 11 17:01:20 2004 [pid 25101] [biztroo] FTP response: Client "127.0.0.1", "331 Please specify the password."
Sat Dec 11 17:01:21 2004 [pid 25101] [biztroo] FTP command: Client "127.0.0.1", "PASS <password>"
Sat Dec 11 17:01:21 2004 [pid 25100] [biztroo] OK LOGIN: Client "127.0.0.1"
Sat Dec 11 17:01:21 2004 [pid 25102] [biztroo] FTP response: Client "127.0.0.1", "230 Login successful."
Sat Dec 11 17:01:21 2004 [pid 25102] [biztroo] FTP command: Client "127.0.0.1", "SYST"
Sat Dec 11 17:01:21 2004 [pid 25102] [biztroo] FTP response: Client "127.0.0.1", "215 UNIX Type: L8"
Sat Dec 11 17:01:23 2004 [pid 25102] [biztroo] FTP command: Client "127.0.0.1", "PORT 127,0,0,1,229,209"
Sat Dec 11 17:01:23 2004 [pid 25102] [biztroo] FTP response: Client "127.0.0.1", "200 PORT command successful. Consider using PASV."
Sat Dec 11 17:01:23 2004 [pid 25102] [biztroo] FTP command: Client "127.0.0.1", "LIST"
Sat Dec 11 17:01:56 2004 [pid 25096] [biztroo] FTP response: Client "127.0.0.1", "425 Failed to establish connection."
Sat Dec 11 17:02:23 2004 [pid 25102] [biztroo] FTP response: Client "127.0.0.1", "425 Failed to establish connection."
Sat Dec 11 17:02:52 2004 [pid 25112] CONNECT: Client "127.0.0.1"
Sat Dec 11 17:02:52 2004 [pid 25112] FTP command: Client "127.0.0.1", "USER biztroo"
Sat Dec 11 17:02:52 2004 [pid 25112] [biztroo] FTP response: Client "127.0.0.1", "331 Please specify the password."
Sat Dec 11 17:02:52 2004 [pid 25112] [biztroo] FTP command: Client "127.0.0.1", "PASS <password>"
Sat Dec 11 17:02:52 2004 [pid 25111] [biztroo] OK LOGIN: Client "127.0.0.1"
Sat Dec 11 17:02:52 2004 [pid 25113] [biztroo] FTP response: Client "127.0.0.1", "230 Login successful."
Sat Dec 11 17:02:52 2004 [pid 25113] [biztroo] FTP command: Client "127.0.0.1", "SYST"
Sat Dec 11 17:02:52 2004 [pid 25113] [biztroo] FTP response: Client "127.0.0.1", "215 UNIX Type: L8"
Sat Dec 11 17:02:52 2004 [pid 25113] [biztroo] FTP command: Client "127.0.0.1", "TYPE I"
Sat Dec 11 17:02:52 2004 [pid 25113] [biztroo] FTP response: Client "127.0.0.1", "200 Switching to Binary mode."
Sat Dec 11 17:02:52 2004 [pid 25113] [biztroo] FTP command: Client "127.0.0.1", "PWD"
Sat Dec 11 17:02:52 2004 [pid 25113] [biztroo] FTP response: Client "127.0.0.1", "257 "/home/ftp/accounts/normal""
Sat Dec 11 17:02:52 2004 [pid 25113] [biztroo] FTP command: Client "127.0.0.1", "PASV"
Sat Dec 11 17:02:52 2004 [pid 25113] [biztroo] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,63,243)"
Sat Dec 11 17:04:52 2004 [pid 25113] [biztroo] FTP command: Client "127.0.0.1", "PASV"
Sat Dec 11 17:04:52 2004 [pid 25113] [biztroo] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,240,49)"

Emerson · 12-11-2004, 11:17 AM

I would check if both ftp ports are open on your server. Sorry, no more thoughts.

Ephracis · 12-11-2004, 11:45 AM

Quote:

Originally posted by Emerson
I would check if both ftp ports are open on your server. Sorry, no more thoughts.

Yeah, that may be it. I have a firewall but I only thought that the port 21 (ok, I have changed that one to 738) should be open. What do you mean with "both ports"? What are the other port?

EDIT:
Thanks a lot! Now I know it's some port that should be open. I opened all ports and it worked. I then tried to open just 738 (the one it connects to) and 21. Not working. Then tried 20 (ftp-data). Not working.

Now I am out of ideas. Which is "the other port"? :P

Emerson · 12-11-2004, 01:59 PM

Try opening both low ports, 20 and 21.

Ephracis · 12-11-2004, 02:08 PM

Quote:

Originally posted by Emerson
Try opening both low ports, 20 and 21.

That didn't do it. I have the server running on 738 and that port is opened. I then tried to open port 1-1024 but it did not fix it. After a few tries I noticed that when I opened the ports 55000-60000 it worked. I have narrowed it anymore since I believe that the case is that the "random output" port is closed.

Can this be right?

Here is a copy of the iptables-firewall just in case:

Code:

#!/bin/sh

# flush
iptables -F
iptables -Z

# drop all input
iptables -P INPUT DROP

# ssh
iptables -A INPUT -p tcp --dport 739 -j ACCEPT
# ftp
iptables -A INPUT -p tcp --dport 738 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
# dc
iptables -A INPUT -p tcp --dport 9176 -j ACCEPT
iptables -A INPUT -p udp --dport 9176 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 9176 -j ACCEPT
iptables -A OUTPUT -p udp --dport 9176 -j ACCEPT
# msn transfer
iptables -A INPUT -s 0/0 -p tcp --dport 6891:6900 -j ACCEPT

# established
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Note that I opened 20 and 21 temporary just to try what you said. It did not work and the ftp is not running on port 21.

Ephracis · 12-11-2004, 06:24 PM

It seems that I have to open a port when I am being the client on the ftp-side. I can connect to an ftp but I can't do a PORT-command. When I open all ports I can do it. So this has to do with the client, not the server.

What should I do in the above firewall to make myself able to connect to ftps?