Cannot connect using FTP

Community Support FTP
1

Hi

I can connect to FTP but it cannot list the directories, I get the following error:

|Status:      |Resolving address of eustorage.quexhost.com|
|---|---|
|Status:      |Connecting to 88.99.163.115:50352...|
|Status:      |Connection established, waiting for welcome message...|
|Status:      |Plain FTP is insecure. Please switch to FTP over TLS.|
|Status:      |Logged in|
|Status:      |Retrieving directory listing...|
|Command: |PWD|
|Response: |257 / is the current directory|
|Command: |TYPE I|
|Response: |200 Switching to Binary mode.|
|Command: |PASV|
|Response: |227 Entering Passive Mode (88,99,163,115,98,233).|
|Command: |LIST|
|Error:         |The data connection could not be established: ECONNREFUSED - Connection refused by server|
|Error:         |Connection timed out after 20 seconds of inactivity|
|Error:         |Failed to retrieve directory listing|

How can I solve this? I have passive mode on in /etc/vsftpd.conf settings.

2

Hello @Chalipa,

Did you modify directives pasv_min_port and/or pasv_max_port in vsftpd.conf file?

I’m asking because if we check the port that is using the passive mode, it is 25321 (98*256+233) and that port is not in the range 12000-12100 (default in HestiaCP).

If you modified the port range in vsftpd.conf file, remember to create a firewall rule to allow those ports.

Cheers,
sahsanu

3

Hi,

I have the following in vsftpd.conf:

pasv_min_port=12000
pasv_max_port=50352

And currently this in firewall:

FTP

TCP

21,12000-12100,50352

restarted firewall, but still I cannot get the files listing in FTP

4

Why are you using that huge range (12000-50352)?

That allows port 21, port range from 12000 to 12100 and port 50352 so for example, it doesn’t allow port 25321 as I showed you in above post.

Change pasv_max_port to 12100 and restart vsftpd or if you want to use another range, choose no more than 100 ports and modify the firewall rule to fit that ports.

5

It’s because the server has a shared ipv4 (NAT VPS) and port 50352 is forwarded to 21

6

And how would you redirect the other ports you will need? Do you have ports reserved for your server?

7

I have some set and have option to add more.

8

Then redirect a range to your server, configure your vsftpd to use the same range you have redirected (modify pasv_min_port and pasv_max_port) and add the firewall rule for that range of ports.

9

I have opened the ports in firewall, which port should i add more?

10

What you need to do is:

1.- Configure the redirection of a range of ports to the same ports of your server

50356 -> 50356
50357 -> 50357
50358 -> 50358
50359 -> 50359
50360 -> 50360

2.- Configure vsftpd to use that range of ports

pasv_min_port=50356
pasv_max_port=50360

Remember to restart vsftpd to apply the changes.

3.- Create a firewall rule to allow the port 21 and port range 50356-50360

11

Do you mean configure redirection in vps cp for all these ports which i have in hestia ?

12

Yes, I do.

13

Hi,

I have added them all, but still i cannot get it work.

14

Could you please show again the log of a failed connection (like you did in the first post)?

And show the output of these commands:

grep -i 'pasv\|port' /etc/vsftpd.conf
v-list-firewall
15

root@storage:~# grep -i ‘pasv|port’ /etc/vsftpd.conf
connect_from_port_20=YES
pasv_enable=YES
pasv_promiscuous=YES
pasv_min_port=50350
pasv_max_port=50360
pasv_address=88.99.163.115

and

root@storage:~# v-list-firewall
RULE  ACTION  PROTO  PORT            IP         SPND  DATE
----  ------  -----  ----            --         ----  ----
1     ACCEPT  ICMP   0               0.0.0.0/0  no    2014-09-16
2     ACCEPT  TCP    8083            0.0.0.0/0  no    2014-05-25
8     ACCEPT  TCP    21,50356-50360  0.0.0.0/0  no    2023-08-27
9     ACCEPT  TCP    80,443          0.0.0.0/0  no    2014-09-24
10    ACCEPT  TCP    22              0.0.0.0/0  no    2014-09-16
16 
|Status:      |Resolving address of eustorage.afghanserver.com|
|---|---|
|Status:      |Connecting to 88.99.163.115:50352...|
|Status:      |Connection established, waiting for welcome message...|
|Status:      |Initializing TLS...|
|Status:      |TLS connection established.|
|Status:      |Logged in|
|Status:      |Retrieving directory listing...|
|Command: |PWD|
|Response: |257 / is the current directory|
|Command: |TYPE I|
|Response: |200 Switching to Binary mode.|
|Command: |PASV|
|Response: |227 Entering Passive Mode (88,99,163,115,196,183).|
|Command: |LIST|
|Error:         |The data connection could not be established: ECONNREFUSED - Connection refused by server|
17

That should be pasv_min_port=50356, change it and restart vsftpd.

For the rest, you are announcing your external ip using pasv_address and that is good and you have the right firewall rules.

Also, in the example connection you sent, the port for passive mode to be used is 50359 and that should work with your conf.

Just in case, show the output of:

iptables -S

The only thing I can think is that you are not redirecting correctly the ports from your VPS Panel to your server or it is failing for some reason.

If you have a test user I could test, you could send me a private message with the user name and password to test whether I receive the same error from my side.

18

Private message is somehow not visible here for me, can you pm me so i can reply?

1 Like
19

Just for the records. @Chalipa forgot to add the redirections in the VPS Panel, once done, passive mode worked fine.

20

Thanking you again for all your help, the issue has been resolved.

1 Like