I think I had this same problem with my last on tall with cents 5 but gave up and just used sfpt but this time I need it :)
I'm behind a NAT with port forwarding confirmed open on 21. I'm trying to use filezilla with all default settings including "passive" and "allow fallback to other transfer mode on failure" and it does connect but is having trouble retrieving the directory listings. Have tried mod probe nf_conntrack_ftp and checked /etc/services 21 is registered for FTP. Here the connection the the error:
Status: Resolving address of xxx.xxx.xxx Status: Connecting to xx.xx.xx.xx:21... Status: Connection established, waiting for welcome message... Response: 220 ProFTPD 1.3.3g Server (xxxxxnet) [::ffff:192.x.xxx.xxx] Command: USER tom.xxx Response: 331 Password required for tom.xxx Command: PASS *********** Response: 230 User tom.xxx logged in Command: OPTS UTF8 ON Response: 200 UTF8 set to on Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/home/xxx/domains/xxx.xxx.xxx/homes/tom" is the current directory Command: TYPE I Response: 200 Type set to I Command: PASV Error: Connection timed out Error: Failed to retrieve directory listing
iptables -L -n looks like this:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:20
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp multiport ports 3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Thanks!
Comments
Submitted by andreychek on Wed, 07/04/2012 - 11:36 Comment #1
Howdy -- take a peek at the section titled "FTP Service isn't working" at the following URL, I think the instructions there will resolve the issue you're seeing:
http://www.virtualmin.com/documentation/web/faq
Submitted by gl3ny on Wed, 07/04/2012 - 16:27 Comment #2
Sorry that didn't work, I gave command 'mod probe ip_conntrack_ftp' as root and restarted proFTPd server, still the same.
Submitted by andreychek on Wed, 07/04/2012 - 16:30 Comment #3
So just to verify -- you loaded the kernel module, and didn't see any errors or warnings when doing so?
Also, what output do you receive if you run the command "lsmod"?
Submitted by gl3ny on Wed, 07/04/2012 - 19:12 Comment #4
No nothing, just back to the command prompt.
Module Size Used by nf_conntrack_ftp 12913 0 iptable_nat 6158 0 nf_nat 22726 1 iptable_nat iptable_mangle 3349 0 nf_conntrack_ipv4 9506 5 iptable_nat,nf_nat nf_defrag_ipv4 1483 1 nf_conntrack_ipv4 iptable_filter 2793 1 ip_tables 17831 3 iptable_nat,iptable_mangle,iptable_filter xt_multiport 2700 1 xt_dscp 1831 0 ipt_REJECT 2351 2 ip6t_REJECT 4628 2 nf_conntrack_ipv6 8748 2 nf_defrag_ipv6 12182 1 nf_conntrack_ipv6 xt_state 1492 4 nf_conntrack 79453 6 nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state ip6table_filter 2889 1 ip6_tables 19458 1 ip6table_filter ipv6 322029 55 ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6 tg3 140883 0 hpilo 7865 0 hpwdt 7094 0 sg 30124 0 k8temp 3901 0 amd64_edac_mod 21461 0 edac_core 46773 6 amd64_edac_mod edac_mce_amd 15488 1 amd64_edac_mod i2c_amd756 8058 0 i2c_core 31276 1 i2c_amd756 amd_rng 1781 0 shpchp 33482 0 ext4 364410 3 mbcache 8144 1 ext4 jbd2 88866 1 ext4 hpsa 52049 0 cciss 115845 3 sr_mod 16228 0 cdrom 39803 1 sr_mod ata_generic 3837 0 pata_acpi 3701 0 pata_amd 11964 0 dm_mirror 14101 0 dm_region_hash 12170 1 dm_mirror dm_log 10122 2 dm_mirror,dm_region_hash dm_mod 81692 11 dm_mirror,dm_log
Submitted by andreychek on Wed, 07/04/2012 - 19:55 Comment #5
Okay, that module did indeed load properly.
In most cases, FTP should work fine by default. In some cases, that module can provide assistance in situations where a firewall or router is interfering with FTP functionality.
If it still isn't working after that module is loaded, that typically means that the router or firewall in front of your server is preventing FTP from working.
Now that you've loaded that module, you may want to try switching the FTP mode in your client one last time (setting the mode to passive or post) -- but if that doesn't work, that unfortunately points to a an issue within your firewall/router.
Submitted by gl3ny on Wed, 07/04/2012 - 20:48 Comment #6
Ok thank you I'll look into that.