Passive mode ftp error

The File Transfer Protocol is a network protocol providing functionality for file access, file transfer, and file management.

In addition, FTP operates in either active or a passive mode.

Due to the wrong passive port range configuration settings on the server side, the customer may cause an error like,

"227 Entering Passive Mode (192,168,1,2,118,151).
ftp: connect: Connection timed out"

Today, we’ll see the reason for this error and how it is fixed by our Support Engineers as part of our Server Management Services.

Active and Passive modes?

In passive mode, the server decides which server-side port the client should connect to. Then the client starts the connection to the specified port.

On the other hand, in active mode, the client specifies which client-side port the data channel has opened and the server starts the connection.

Moreover, one of the main reason to occur this “227 entering passive mode FTP connect connection timed out” error is the improper configuration settings of the passive port range.

How we fixed 227 entering passive mode FTP connect connection timed out error

The error is caused due to the misconfiguration of the passive port range on the FTP server and in the firewall settings.

Therefore, our Support Engineers correct the settings in both FTP server and in the firewall.

Set passive port range in FTP server

CPanel offers a choice of two FTP servers. PureFTP and ProFTP. PureFTPd is very much secure.

Here, our Support Engineers took the following steps to add passive range port on Pureftp servers.

In Pureftpd,

To solve the error, the passive Port range should be added to the Pureftp configuration file.

1. We open Pureftp configuration file  /etc/pure-ftpd.conf.

2. Then, we add the following line.

PassivePortRange 30000 35000

3. At last, we restart the Pureftp service.

service pureftpd restart

In ProFTP,

In ProFTP,  we add the passive port range in /etc/proftpd.conf.

1.  We open /etc/proftpd.conf and add this line.

PassivePorts    30000 35000

2. In the end, we restart the service.

service proftpd restart

Add passive port range in firewall settings

Most servers have a firewall to avoid security problems. Therefore, the passive port range should be open in the firewall configuration too.

Even if the FTP server allows passive ports, the firewall can block the connection between FTP client and server when the passive port range is not open. It results in 227 entering passive mode ftp connect connection timed out error.

Our Support Engineers use the following steps to add the passive port range to the firewall configuration file.

For firewall like Iptables,

1. Firstly, we open /etc/sysconfig/iptables file.

2. Then, we add the entry like,

iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT

3. At last, we restart iptables

service iptables save

For firewall like CSF,

1. We open /etc/csf/csf.conf file.

2. Then, find the line with TCP_IN ,TCP_OUT and then added the port range.

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,30000:35000"

TCP_OUT = "20,21,22,25,53,80,110,30000:35000"

3. Finally, restart the CSF service.

csf -r

service csf restart

[Getting 227 entering passive mode ftp connect connection timed out error? We’ll fix it for you.]

Conclusion

In short, the improper configuration of the passive port range in the FTP server and in the firewall configuration file are the main reasons for “227 entering passive mode ftp connect connection timed out” error. Today, we saw how our Support Engineers fixed this error.

var google_conversion_label = «owonCMyG5nEQ0aD71QM»;

The most common cause of FTP problems is that passive FTP transfer mode is not turned on in your FTP program. «Passive mode» is usually needed:

• If you use a DSL or cable modem; or
• If you use some kind of Internet sharing device or software to connect multiple computers to the Internet using one ISP connection; or
• If you use a personal firewall on your computer, or you’re connecting from a company or ISP network that uses a firewall.

(There may be other situations where it’s needed, too — try the solution below even if you don’t think you fall into any of these categories.)

«Passive mode» is especially likely to be the problem if your FTP program seems to connect to our server, but is then unable to transfer a file or show a list of files. It’s also the problem if you see an error message mentioning a «PORT» command.

On this page:

• Turning on passive FTP transfer mode
• What if FTP still doesn’t work?
• Try a text connection to our servers
• Is there any other way to publish files?

Turning on passive FTP transfer mode

To solve these kinds of connection problems, turn on passive FTP transfer mode in your FTP program:

• Enabling passive mode in Cyberduck
• Enabling passive mode in Dreamweaver
• Enabling passive mode in FileZilla

If you use a different FTP program, it almost certainly has a checkbox to turn on «passive mode» in either the connection setup screen or the program preferences screen. Consult the documentation for your FTP program if you’re unsure how to do it. (Look for the words passive or PASV in the settings; the checkbox is often labeled «PASV FTP» or something similar.)

Turning on passive mode almost always fixes FTP connection problems.

What if FTP still doesn’t work?

The first thing we recommend is turning off any firewall software as a test. If this fixes the problem, consult your firewall’s documentation or support to learn how to allow FTP connections with the firewall turned on.

On a Mac, make sure the firewall is turned off in System Preferences > Security & Privacy > Firewall.

If it doesn’t help, try disabling SSL/TLS encryption in your FTP program if you’ve enabled it. Encryption is not compatible with all firewalls.

If it still doesn’t work, try restarting your computer, Internet modem and router, all of which can have temporary problems with FTP connections.

If that doesn’t solve it, try connecting to a completely different public FTP server. This will show whether the problem is just with the connection to our FTP server or if your computer is having problems connecting to any FTP servers. An example of a public FTP server is:

• Server hostname: ftp.earthlink.net
• Username to use: anonymous
• Password to use: anonymous

If your computer cannot connect to that server, then either your FTP software is not working correctly, or something on your computer (probably a firewall or other security software) is blocking all FTP connections. You may want to try using other FTP software such as the free FileZilla.

If you still having problems connecting, try making a text connection as described in the next section.

Try a text connection to our servers

These instructions explain how to make a text-based connection to our servers, mimicking what your FTP program usually does invisibly. This allows you to see exactly what response our servers send back to your FTP program, and we can use that information to determine the source of the problem.

You can do this in a few easy steps:

telnet ftp.tigertech.net 21

nc ftp.tigertech.net 21

220-This is a private system - No anonymous login
220 You will be disconnected after 2 minutes of inactivity.

If you don’t see these lines in the response, contact us and let us know exactly what you do see, because it means that something is blocking your computer’s connections to our FTP server. Please be sure to copy and paste all of the command window text into your message to us, since it’s all important. We’ll do our best to help you figure out what’s causing the problem, although in some cases you may need to ask your network administrator.

(By the way, you can just close the command window when you’re finished with the tests above.)

Is there any other way to publish files?

If your FTP program supports it, you can use SFTP instead. SFTP is a newer connection method that’s far more reliable and doesn’t have so many problems with firewalls.

Programs like FileZilla and Cyberduck offer the ability to connect using SFTP.

The only thing to keep in mind with SFTP is that after connecting, you will need to change to the directory named html to make sure you’re putting files in the right place.

Watch this video for a step by step process on how to Fix Failed to Retrieve Directory Listing Error in FileZilla FTP

While using FileZilla for connecting to your FTP you might get an error as below:

There can be different reasons for this error to occur and also different solutions for it.

This error can be easily fixed by going into the Site Manager and using plain FTP by adjusting your connection details.

1. Wrong Encryption Settings in FTP Client

For example, while using FileZilla, when you connect to FTP server you might get an error as below:

This error occurs when encryption is set to “Use explicit FTP over TLS if available” in FTP client settings.

Check the steps below to fix the problem:

1. Go to FileZilla, click on “File” menu and select “Site Manager”.

2. If the site or server you want to connect to isn’t already mentioned in site manager, add it.

a. Add hostname.
b. Make the Encryption to “Only use plain FTP”.
c. Change logon type to “Normal”.
d. Enter username/password.
e. Ok/Connect to continue.

In case you are still getting the error, disable your firewall then try once more!

2. Problem with Passive mode

FTP works in both active and passive mode. FTP clients like FileZilla, CuteFTP, etc. use passive mode for transfer. But sometimes you may get an error such as “FTP can’t retrieve directory listing” in passive mode, then follow the below steps to resolve the error:

• Open Filezilla, click on Edit -> Settings.
• Next, click on Connection -> FTP: Select Active.
• Click on Connection -> FTP -> Active Mode: Choose “Ask your operating system for the external IP address”.
• Click on Connection -> FTP -> Passive Mode: Select Fall Back to Active Mode
• Press OK.

Try connecting to your FTP again!

3. Missing Passive Port Range in FTP Server

In most of the cases “FTP cannot retrieve directory listing” error occurs when passive port range is not mentioned FTP server configuration.

In cPanel for FTP servers like PureFTP, follow the below steps.

1. Log in to the server via SSH.

2. Open the /var/cpanel/conf/pureftpd/local file and add the entry as below:

These changes are then added to the file because FTP server exists behind the firewall.

3. Then change the server’s default passive port range, by running the below command:

4. Next, configure the server so that the passive port range will pass through the firewall.

5. Lastly, restart the PureFTP service.

4. Lacking Port Range in Firewall Settings

This error usually occurs when a firewall blocks passive FTP ports.

Check the following steps to add the passive port range to the firewall to solve this error:

1. For firewall like iptables, open the /etc/sysconfig/iptables file in a text editor.

2. Then add the entry as below:

3. Lastly, run the below command to save.

In this way, you can fix the error like “FTP cannot retrieve directory listing”.

Also Read:
Steps to Display Hidden Files on Your FTP Client

How to Create and Edit a File via FTP?

Server Sent Passive Reply with Unroutable Address Passive Mode Failed

Enormous quantities of our customers grant their site architects to have restricted permission to the server due to wellbeing reasons.

Consequently, planners routinely use FTP clients like FileZilla to move and download records from the server, they go over this slip-up message. Around here at ARZHOST, we have seen a couple of such FTP-related errors as a component of our Server Management Services for the web has an online expert center.

Today “Server-Sent Passive Reply with Unroutable Address Passive Mode Failed”, will examine the causes and their specific fixes for this error message.

How do we fix the FTP error Server sent a dormant reply with an Unroutable area?

As of now, “Server-Sent Passive Reply with Unroutable Address Passive Mode Failed”, let’s see the critical purposes behind this FTP misstep and how our Hosting Expert Planners fix it.

1. Dreadful firewall settings

Lately, one of our customers advanced toward us with this mix-up message. Using server address rather while interfacing with an FTP site. On checking, we saw that disconnected ports were not allowed on the firewall settings. This results in clients inadequate to connect with their server from the outer association.

Subsequently, “Server-Sent Passive Reply with Unroutable Address Passive Mode Failed”, we teak the firewall setting as adding segregated ports range in firewall settings.

2. NAT game plan

One more customer protested his FTP connection when he endeavored to interface the FTP server with FileZilla and get the going with errors. The server sent an inactive reply with an Unroutable area. Using server address taking everything into account.

On exploring, we saw that the FTP client was behind NAT. Regardless, the FTP show doesn’t support NAT using any means. Also, the client unequivocally enlightens the server in unique mode to open a discretionary relationship with the server IP address, which will not work if the client is behind NAT.

Consequently, “Server-Sent Passive Reply with Unroutable Address Passive Mode Failed”, we change the, etc/vsftpd.conf record as underneath

• pasv_address=<you. external. IP>

Finally, this appropriates the screw-up.

People Frequently Ask

Question # 1: How do I fix Server sent passive reply with an Unroutable address?

Answer: Go to the Serv–U settings at Global Limits & Settings > Settings – Network Settings. Ensure the Auto-configure firewall through the UPnP checkbox is not checked. Ensure the Packet time-out is set to 300 seconds. Set PASV Port Range is 50,000-50,009, and port forward these ports to your router.

Question # 2: How do I turn on the passive mode in FileZilla?

Answer: Enabling passive mode

FTP Client Operations in PASSIVE mode crash and burn directly following fixing with 5020402_1 fix pack

“Server-Sent Passive Reply with Unroutable Address Passive Mode Failed”, Genuine B2B Integrator’s (SBI) FTP Client Business Process (BP) is interfacing with an outcast FTP server in PASSIVE mode and FTP Client undertakings (exercises that require data connection e.g., list, put, get, etc) misfire with an error message “Response not set in stone break came to. Closing connections.”

Cause FTP Client Operations in PASSIVE mode crash

Right when the SBI FTP Client issues a PASSIVE request to the server, FTP Server is returning an IP address that isn’t exactly as old as is used in FTP Begin Session. Exactly when the Client issues data relationship with this new IP and port, the server doesn’t complete it therefore client BP keeps it together for Response Timeout long and times out. Additionally, it is the right lead from the Client.

Be that as it may, “Server-Sent Passive Reply with Unroutable Address Passive Mode Failed”, is an issue with an untouchable FTP server being used. Either server needs to respond to the Client with the right IP or fit for regarding data relationship at the IP/port it is responding with.

Fix made through APAR IC92859 in SBI fix pack 5020402_1 to meet FTP RFC grants SBI FTP client to regard IP returned by the server. Prior SBI fix packs don’t have this issue regardless when a server doesn’t act adequately as referred to above and reliably uses the IP address used in Begin Session.

Background

“Server-Sent Passive Reply with Unroutable Address Passive Mode Failed”, Genuine B2B Integrator fix pack 5020402_1 and later

Settling The Problem

Anyhow the way that it is a pariah FTP server issue, the SBI FTP Client has a workaround to smother fix made in APAR IC92859 to allow a client to use an IP address from FTP Begin Session reliably.

Here is the default property arrangement from the sFTP client. properties.

• ##Flag to enable or injure to regard PASV request.
• ######If the flag is set to substantial, FTP Client will interface with have returned by PASV request
• # If the pennant is set to counterfeit, FTP Client will connect with the principal have which is referred to in the client bp.
• Valid characteristics:
• ## ##substantial: (default)
• ## false:

honourPASV=true

Follow this workaround –

1. Add this line in present/properties/customer_overrides.properties [create archive, it doesn’t exist]

• honourPASV=false

1. restart SBI center points

Conclusion

To lay it out simply, this error happens in light of terrible server settings or when an FTP client is behind NAT. Today, “Server-Sent Passive Reply with Unroutable Address Passive Mode Failed”, we saw how our Hosting Expert Planners fix it.

Moderator: Project members