I’ve been using the FTP client for many years and in that time have had only a few occasions where the application didn’t perform with the default settings. One of those instances was yesterday, when I was trying to connect to my firm’s FTP site from an external network connection. From inside the office, using the internal IP address, FileZilla connected normally and displayed the contents of the root directory after I authenticated. From outside the office, connecting via the hostname ftp.domain.com, FileZilla would connect normally and authenticate successfully, but it would not display the contents of the root directory. Instead, the server would send a “425 Can’t open data connection” message. FileZilla would then report “Error: Failed to retrieve directory listing”. Here’s the complete conversation between the client and the server (names and IP addresses changed to protect the firm’s identity): Status: Resolving address of ftp.domain.com Status: Connecting to 38.98.xxx.xxx:21. Status: Connection established, waiting for welcome message. Response: 220-Microsoft FTP Service Response: 220 Company Name Command: USER ftp_username Response: 331 Password required for ftp_username. Command: PASS ********** Response: 230-Welcome to the Company Name FTP service. Unauthorized use is strictly prohibited. Response: 230 User ftp_username logged in. Status: Connected Status: Retrieving directory listing. For Squid 2.x and 3.0 after you make install, a sample squid.conf.default file will exist in the etc directory under the Squid installation directory. From 2.6 the Squid developers also provide a set of Configuration Guides online. Command: PWD Response: 257 '/' is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (192,168,0,114,13,156). Status: Server sent passive reply with unroutable address. ![]() Using server address instead. Command: LIST Response: 425 Can't open data connection. Error: Failed to retrieve directory listing Response: 421 Timeout (120 seconds): closing control connection. Error: Could not read from socket: ECONNRESET - Connection reset by peer Error: Disconnected from server The interesting thing, I thought, was that when the server agreed to use passive mode, it did so with a port on the internal IP address, which is unroutable from outside the network. The fix is to use active mode OK, if you’re reading this, you probably just want to know how to make it work. FileZilla uses passive mode by default, but due to the network configuration of certain servers, active mode is required to establish a data connection. A bit of background reading with some explanation is farther down. In FileZilla, click on Edit| Settings. Under Connection, click on FTP and choose Active as the Transfer Mode. Under Connection, under FTP, click on Active mode and choose “Ask your operating system for the external IP address” (the default setting). Under Connection, under FTP, click on Passive mode and choose “Fall back to active mode” (this is an optional setting). What is the difference between active and passive mode? According to the: In passive mode, which is recommended (see below), the client sends the PASV command to the server, and the server responds with an address. The client then issues a command to transfer a file or to get a directory listing, and establishes a secondary connection to the address returned by the server. In active mode, the client opens a socket on the local machine and tells its address to the server using the PORT command. Once the client issues a command to transfer a file or listing, the server will connect to the address provided by the client. The difference, then, is which side gets to determine the address used during the connection. In passive mode, the server provides the address, while in active mode, the client provides the address. Why do I need to use active mode? You probably shouldn’t need to use active mode, and in fact, it requires more configuration by the user of the FTP client to use active mode. In passive mode, the router and firewall on the server side need to be configured to accept and forward incoming connections. On the client side, however, only outgoing connections need to be allowed (which will already be the case most of the time). Analogously, in active mode, the router and firewall on the client side need to be configured to accept and forward incoming connections. Only outgoing connections have to be allowed on the server side. ![]() So, it boils down to who’s going to be responsible for the NAT and firewall configuration. Using passive mode places the responsibility on the server side of the connection, while using active mode places it on the client side. Typically, the FTP server administrator should be better equipped to handle this responsibility than the average FTP client user. Passive mode In passive mode, the client has no control over what port the server chooses for the data connection.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |