Start a new topic
Answered

FTP login on Root Server refused

severus @ Wed Jan 28 07:35:38 EET 2015

I downloaded and installed CrushFTP 7.2.0 on a Root Server (Ubuntu 14.04) over the internet. I added a user with the User Manager and I can connect via CrushFTP html login. But I can not connect via FTP client. I tried Transmit and FileZilla on Mac OS X 10.10 and both clients disconnect after entering the passive mode. Connecting the server via the OS X terminal (simple ftp command) works!

Here are the logs for Transmit login:

Transmit.log

view plaincopy to clipboardprint?

xxx.xx.xx.xxx [1]: 220: welcome to ... xxx.xx.xx.xxx [1]: CrushFTP Server Ready! xxx.xx.xx.xxx [1]: Connected to xxx.xx.xx.xxx. xxx.xx.xx.xxx [1]: Cmd: USER letmein xxx.xx.xx.xxx [1]: 331: Username OK. Need password. xxx.xx.xx.xxx [1]: Cmd: PASS xxxxxxxx xxx.xx.xx.xxx [1]: 230: Password OK. Connected. logged in xxx.xx.xx.xxx [1]: Cmd: TYPE A xxx.xx.xx.xxx [1]: 200: Command ok : ASCII type selected. xxx.xx.xx.xxx [1]: Logged in to xxx.xx.xx.xxx as letmein. xxx.xx.xx.xxx [1]: Cmd: SYST xxx.xx.xx.xxx [1]: 215: UNIX Type: L8 xxx.xx.xx.xxx [1]: Cmd: FEAT xxx.xx.xx.xxx [1]: 211: Extensions supported: ... xxx.xx.xx.xxx [1]: Cmd: CLNT Transmit xxx.xx.xx.xxx [1]: 200: Noted. xxx.xx.xx.xxx [1]: Cmd: OPTS UTF8 ON xxx.xx.xx.xxx [1]: 200: UTF8 OPTS ON. xxx.xx.xx.xxx [1]: Cmd: PWD xxx.xx.xx.xxx [1]: 257: "/" PWD command successful. xxx.xx.xx.xxx [1]: Cmd: PASV xxx.xx.xx.xxx [1]: Could not read reply from control connection -- timed out. (SReadline 1) xxx.xx.xx.xxx [1]: Passive mode refused. xxx.xx.xx.xxx [1]: Verbindung greift zurück auf den Port-(PORT-)Modus.


CrushFTP.log

view plaincopy to clipboardprint?

01/28/2015 01:57:04 PM|[FTP:lookup:21][1467] Accepting connection from: xxx.xxx.xx.xxx:51493 01/28/2015 01:57:04 PM|[FTP:1467::xxx.xxx.xx.xxx] READ : *USER letmein* 01/28/2015 01:57:04 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] WROTE: *331 Username OK. Need password.* 01/28/2015 01:57:04 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] WROTE: *230 Password OK. Connected. logged in* 01/28/2015 01:57:04 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] READ : *TYPE A* 01/28/2015 01:57:04 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] WROTE: *200 Command ok : ASCII type selected.* 01/28/2015 01:57:04 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] READ : *SYST * 01/28/2015 01:57:04 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] WROTE: *215 UNIX Type: L8* 01/28/2015 01:57:05 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] READ : *PWD * 01/28/2015 01:57:05 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] WROTE: *257 "/" PWD command successful.* 01/28/2015 01:57:05 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] READ : *PASV * 01/28/2015 01:57:05 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] WROTE: *227 Entering Passive Mode (2a01:488:67:1000:b01c:3790:0:1,7,245)* 01/28/2015 01:57:25 PM|[FTP:1467:letmein:xxx.xxx.xx.xxx] *Disconnected.*


And for FileZilla login:

FileZilla.log

view plaincopy to clipboardprint?

Verbinde mit xxx.xx.xx.xxx:21... Status: Verbindung hergestellt, warte auf Willkommensnachricht... Status: Initialisiere TLS... Status: Überprüfe Zertifikat... Status: TLS-Verbindung hergestellt. Status: Verbunden Status: Empfange Verzeichnisinhalt... Befehl: PWD Antwort: 257 "/" PWD command successful. Befehl: TYPE I Antwort: 200 Command ok : Binary type selected. Befehl: PASV Antwort: 227 Entering Passive Mode (0,0,0,0,7,248) Befehl: MLSD Fehler: Die Datenverbindung konnte nicht hergestellt werden: ECONNREFUSED - Verbindung durch Server verweigert Antwort: 550-java.net.SocketTimeoutException: Accept timed out Antwort: 550 20 second timeout while waiting for PASV connection on port 2040. Fehler: Verzeichnisinhalt konnte nicht empfangen werden


CrushFTP.log

view plaincopy to clipboardprint?

01/28/2015 02:05:05 PM|[FTP:lookup:21][1479] Accepting connection from: xxx.xxx.xx.xxx:51554 01/28/2015 02:05:05 PM|[FTP:1479::xxx.xxx.xx.xxx] READ : *AUTH TLS* 01/28/2015 02:05:05 PM|[FTP:1479::xxx.xxx.xx.xxx] WROTE: *234 Changing to secure mode...* 01/28/2015 02:05:05 PM|[FTP:1479::xxx.xxx.xx.xxx] READ : *USER letmein* 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] WROTE: *331 Username OK. Need password.* 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] WROTE: *230 Password OK. Connected. logged in* 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] READ : *PBSZ 0* 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] WROTE: *200 PBSZ command OK. Using buffer size set to 0.* 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] READ : *PROT P* 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] WROTE: *200 PROT command OK. Using secure data connection.* 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] READ : *PWD * 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] WROTE: *257 "/" PWD command successful.* 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] READ : *TYPE I* 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] WROTE: *200 Command ok : Binary type selected.* 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] READ : *PASV * 01/28/2015 02:05:05 PM|[FTP:1479:letmein:xxx.xxx.xx.xxx] WROTE: *227 Entering Passive Mode (0,0,0,0,7,248)* 01/28/2015 02:05:30 PM|[HTTP:1354:lookup:8080] Accepting connection from: xxx.xxx.xx.xxx:51561 01/28/2015 02:05:30 PM|[HTTP:1354:crushadmin:xxx.xxx.xx.xxx] WROTE: *HTTP/1.1 200 OK* 01/28/2015 02:05:30 PM|[HTTP:1354:crushadmin:xxx.xxx.xx.xxx] WROTE: *Content-Length: 99* 01/28/2015 02:05:30 PM|[HTTP:1354:crushadmin:xxx.xxx.xx.xxx] WROTE: ** 01/28/2015 02:05:30 PM|[HTTP:1354:crushadmin:xxx.xxx.xx.xxx] WROTE: *<?xml version="1.0"encoding="UTF-8"?> 01/28/2015 02:05:30 PM|<commandResult><response>2960</response></commandResult>*


Any ideas why the FTP clients get refused?

I guess it has something to do with the passive mode. The passive port range I set in CrushFTP is 2000-2100, "FTP Aware Router / Firewall" is enabled and IP used for passive mode is "auto".

Thanks in advance for your help.

Best Answer

spinkb @ Wed Feb 04 14:17:17 EET 2015

 

You have it set, but the ports aren't open, or the IP returned that you masked out is the wrong IP for your server.

You set in CrushFTP, and you forward on your router and firewall. It needs to be forwarded everywhere, the entire range.

Thanks,
Ben


spinkb @ Wed Jan 28 08:46:27 EET 2015

Your OS is doing IPv6 by default, which is causing PASV issues. it needs to be doing IPv4.

Try setting the IP for the port to be your LAN IP and not just "lookup" or "0.0.0.0" to see if that resolves it.

Let me know what CrushFTP logs if it still fails.

Thanks,
Ben

severus @ Wed Jan 28 10:26:28 EET 2015

Hi Ben,

I set the IP from "lookup" to the server IP, saved the changes and now it's working.

Thank you so much! 

severus @ Wed Feb 04 12:06:53 EET 2015

I need to come back to this thread, because the log in with FileZilla is still not working. FileZilla throughs a timeout error after the MLSD command. The CrushFTP.log does not show this command. CrushFTP accepts the connection and after a few seconds it shows *Disconnected*. So I guess it does not understand the MLSD command. Anyone knows this issue?

view plaincopy to clipboardprint?

02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] WROTE: *331 Username OK. Need password.* 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] WROTE: *230 Password OK. Connected. logged in* 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] READ : *SYST * 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] WROTE: *215 UNIX Type: L8* 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] READ : *PBSZ 0* 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] WROTE: *200 PBSZ command OK. Using buffer size set to 0.* 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] READ : *PROT P* 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] WROTE: *200 PROT command OK. Using secure data connection.* 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] READ : *PWD * 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] WROTE: *257 "/" PWD command successful.* 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] READ : *TYPE I* 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] WROTE: *200 Command ok : Binary type selected.* 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] READ : *PASV * 02/04/2015 06:51:08 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] WROTE: *227 Entering Passive Mode (xxx,xx,xx,xxx,8,7)* 02/04/2015 06:51:27 PM|[HTTP:3061:lookup:8080] Accepting connection from: xxx.xxx.xx.xxx:55771 02/04/2015 06:51:27 PM|[HTTP:3061:admin:xxx.xxx.xx.xxx] WROTE: *HTTP/1.1 200 OK* 02/04/2015 06:52:17 PM|[HTTP:3061:lookup:8080] Accepting connection from: xxx.xxx.xx.xxx:55776 02/04/2015 06:52:17 PM|[HTTP:3061:admin:xxx.xxx.xx.xxx] WROTE: *HTTP/1.1 200 OK* 02/04/2015 06:53:09 PM|[HTTP:3061:lookup:8080] Accepting connection from: xxx.xxx.xx.xxx:55789 02/04/2015 06:53:09 PM|[HTTP:3061:admin:xxx.xxx.xx.xxx] WROTE: *HTTP/1.1 200 OK* 02/04/2015 06:53:59 PM|[HTTP:3061:lookup:8080] Accepting connection from: xxx.xxx.xx.xxx:55790 02/04/2015 06:53:59 PM|[HTTP:3061:admin:xxx.xxx.xx.xxx] WROTE: *HTTP/1.1 200 OK* 02/04/2015 06:54:14 PM|Server Memory Stats: Max=341.5 MB, Free=265.0 MB 02/04/2015 06:54:16 PM|[FTP:3065:letmein:xxx.xxx.xx.xxx] *Disconnected.*


Thanks,
severus

spinkb @ Wed Feb 04 13:20:35 EET 2015

The issue is FZ used FTPES by default now (since roughly 3 weeks ago they do that).

S your server needs to have its PASV port range set on the FTP port, and mapped on your router/firewall. We suggest something like 2000-2100.

MLSD is just fine, it just never really got to processing it since it was waiting for the data connection...

Thanks,
Ben

severus @ Wed Feb 04 14:10:31 EET 2015

 Hi Ben, 


thanks for the quick reply, but as I described in my first post, I already set the passive port range to 2000-2100. Can it be anything else?


Answer

spinkb @ Wed Feb 04 14:17:17 EET 2015

 

You have it set, but the ports aren't open, or the IP returned that you masked out is the wrong IP for your server.

You set in CrushFTP, and you forward on your router and firewall. It needs to be forwarded everywhere, the entire range.

Thanks,
Ben

severus @ Wed Feb 04 14:35:32 EET 2015

 Hi Ben,

yes, you're right, the ports were blocked by ufw. I opened the ports and now it's working.

Again, thank you very much for your help!

Login to post a comment