Ftp error 227 - Исправление ошибок и поиск оптимальных решений проблем

Moderator: Project members

Reddax: 500 Command not understood; Posts: 2; Joined: 2013-05-17 14:37; First name: James; Last name: Morley

227 Entering Passive Mode, Disconnected.

Post

by Reddax » 2013-05-17 14:49

000089)17/05/2013 15:34:20 — james (212.183.128.67)> CLNT AndFTP
(000089)17/05/2013 15:34:20 — james (212.183.128.67)> 200 Don’t care
(000089)17/05/2013 15:34:21 — james (212.183.128.67)> PWD
(000089)17/05/2013 15:34:21 — james (212.183.128.67)> 257 «/» is current directory.
(000089)17/05/2013 15:34:21 — james (212.183.128.67)> NOOP
(000089)17/05/2013 15:34:21 — james (212.183.128.67)> 200 OK
(000089)17/05/2013 15:34:22 — james (212.183.128.67)> CWD /
(000089)17/05/2013 15:34:22 — james (212.183.128.67)> 250 CWD successful. «/» is current directory.
(000089)17/05/2013 15:34:23 — james (212.183.128.67)> PASV
(000089)17/05/2013 15:34:23 — james (212.183.128.67)> 227 Entering Passive Mode (86,150,105,147,215,59)
(000089)17/05/2013 15:35:27 — james (212.183.128.67)> disconnected.

As you can see, i’m trying to connect to my ftp server from an external ip and it simply says 227 entering passive mode then disconnects. I’ve opened the ports that are under passive mode settings. I have also added filezilla to the windows firewall exception. It works fine when connecting from internally. Any suggestions?

pedey: 500 Command not understood; Posts: 2; Joined: 2013-05-30 16:42; First name: Mike; Last name: P

Re: 227 Entering Passive Mode, Disconnected.

Post

by pedey » 2013-05-30 16:54

I’m having an identical problem behind a Sonicwall TZ170. LAN access works. Outside access allows for username/password entry, then disconnects immediately after log entry ‘227 Entering Passive Mode (x.x.x.x,136,188)’. Checked ‘Use custom port range’ in Passive mode settings in Filezilla Server options and entered 35000-36000. Forwarded those ports on Sonicwall to server IP. Also forwarded ports 20-22 and listening port 14147. Stumped. Tried using https://ftptest.net/ — does not resolve. Instead using http://www.g6ftpserver.com/en/ftptest — log below:

* About to connect() to x.x.x.x port 21 (#0)
* Trying x.x.x.x… connected
* Connected to x.x.x.x (x.x.x.x) port 21 (#0)
< 220-FileZilla Server version 0.9.41 beta
< 220-written by Tim Kosse (Tim.Kosse@gmx.de)
< 220 Please visit http://sourceforge.net/projects/filezilla/

> USER test
< 331 Password required for test

> PASS *****
< 230 Logged on

> PWD
< 257 «/» is current directory.
* Entry path is ‘/’

> CLNT Testing from http://www.g6ftpserver.com/ftptest from IP x.x.x.x
< 200 Don’t care

> FEAT
< 211-Features:
< MDTM
< REST STREAM
< SIZE
< MLST type*;size*;modify*;
< MLSD
< UTF8
< CLNT
< MFMT
< 211 End

> PASV
* Connect data stream passively
* Recv failure: Connection was reset
* Closing connection #0

curl: (56) Recv failure: Connection was reset

botg: Site Admin; Posts: 34744; Joined: 2004-02-23 20:49; First name: Tim; Last name: Kosse; Contact:

Re: 227 Entering Passive Mode, Disconnected.

Post

by botg » 2013-05-30 18:10

You need to configure the server as well as all firewalls and NAT routers involved according to the Network Configuration guide.

pedey: 500 Command not understood; Posts: 2; Joined: 2013-05-30 16:42; First name: Mike; Last name: P

Re: 227 Entering Passive Mode, Disconnected.

Post

by pedey » 2013-05-30 19:38

Thanks. To this point, I can only access from outside if I change the listening port from 21 to something else. So I’ve changed it. Don’t know if this is unique to the firewall or if there’s something else I’m missing — I’m assuming it’s the firewall.

boco: Contributor; Posts: 26451; Joined: 2006-05-01 03:28; Location: Germany

Re: 227 Entering Passive Mode, Disconnected.

Post

by boco » 2013-05-30 21:49

Don’t forward 14147, it’s for remote administration only.

Thanks, reported.

Your log indicated a very aggressive firewall or router. Even the reply to PASV (and thus the Passive port to use) is blocked already. As you indicate it works fine from LAN, it seems to be the router firewall.

### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Источник

As said in the title, I don’t manage to connect my Windows 10 host to my FTP server on the VirtualBox guest side (Ubuntu 18.04).
On the guest side, the vsftpd server works fine, I can connect without any problem.

So I tried to forward the associated port to the host (NAT) and tried to connect to the server via FileZilla. It does login, but always fails to retrieve directory listing. I tried deactivating the firewalls, giving all the access permissions to the folder but it doesn’t change anything.

I read that it could be a problem of passive mode there:
Problems with FTP file access to VirtualBox guest running Windows 2008 Server R2 x64

So I added the following lines to my vsftpd.conf:

pasv_enable=YES
pasv_min_port=8020
pasv_max_port=8020
port_enable=YES
pasv_address=127.0.0.1

I forwarded the port 8020 but I now get the following error on FileZilla:

The data connection could not be established: WSAEADDRNOTAVAIL — Cannot assign requested address

Full FileZilla response:

Status: Connecting to 127.0.0.1:2100...
Status: Connection established, waiting for welcome message...
Status: Server does not support non-ASCII characters.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/home/cakephp" is the current directory
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (0,0,0,0,31,84).
Command:    LIST
Error:  The data connection could not be established:
WSAEADDRNOTAVAIL - Cannot assign requested address
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing
Status: Disconnected from server

I’m a bit lost with this, does anybody have a suggestion?
Thanks in advance

EDIT1:
Without any kind of hope, I also tried to access from the Windows Command Prompt. It does connect but when I ls the current folder I get the following error:

500 illegal PORT command.
425 use PORT or PASV first.

But I guess that this is because ftp.exe doesn’t support passive mode.

Just in case it can help, you can find here my whole current vsftpd config file.
Also, I can seamlessly access to the guest SSH server from the host with Putty.

EDIT2:
I set listen_ipv6 to YES, changed pasv_max_port to 8030 to increase the number of passive ports and forwarded them. I get the following logs from FileZilla:

Status:  Connecting to 127.0.0.1:2100...
Status: Connection established, waiting for welcome message...
Status: Server does not support non-ASCII characters.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/home/cakephp" is the current directory
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (0,0,0,0,31,90).
Command:    LIST
Error:  The data connection could not be established: WSAEADDRNOTAVAIL - Cannot assign requested address
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing

Источник

Remove From My Forums

Вопрос
Hi , here we’ve TMG 2010. My Users want to Access the FTP Sites using with Browsers & FTP 3rd party application. Easily I provided the 3rd Party Application solution. But behind the TMG 2010 , that particular FTP Clients doesn’t connect. but when
i use any internet connection without TMG 2010 , easily then can use it . below I’m mentioned the Error as well.

227 Entering Passive Mode

when i tryit with ftp.exe , it comes a error that 500 Invalid PORT Command

But as normal , I created the Firewall Rule Policy & configure the FTP Access Filtering as well. please find the below details.

I uploaded it as a One Image .

is there any solution for this ?

Regards, COMDINI

Ответы

What kind of (TMG-) clients are you using? Secure NAT, Firewall Client or Web proxy?

Is this behavior consistent for all FTP sites or just some?

Do you have the TMG Best Practices installed? If not, please do install it. Go to
http://isabpa.com (link to MS download), download and install it on the TMG. With the BPA comes a little handy tool called TMG Data Packager. Launch that and:

1. Select to collect data using repro scenario

2. Select Basic Repro and Configuration (yes it is the right one), then click next and then Start Data Collection. The TDP will start and then pause and wait for the actual test.

3. Prepare the client but do not start to reproduce the problem (e.g. launch FTP app but don’t hit enter)

4. On TMG in the TDP, press spacebar to start the live capture and immediately go to the client and reproduce the problem

5. On TMG in the TDP, press spacebar to stop the capture.

6. Wait…

7. Expand the tmgpackage.cab on the desktop to somewhere good.

With the use fo the client IP address and the destination find the connection in both Network Monitor traces (one for the external and one for the internal interface of TMG) and in the logfiles. Depending on the type of client it may be in either the FWC
or Web log.

With the guide of
http://www.carbonwind.net/blog/post/2008/12/14/ISA-2006-Firewalls-FTP-Filter-by-default-blocks-the-FTP-Clients-behind-it-from-connecting-to-another-IP-address-returned-in-the-servers-response-for-the-PASV-Request-command.aspx see if you can figure
out what is going on.

Let me know if you need help interpreting the data.

Hth, Anders Janson Enfo Zipper
- Помечено в качестве ответа
  
  22 августа 2011 г. 1:18