Sunday, May 5, 2024
Homepage · ftp
 Popular · Latest · Hot · Upcoming
4
rated 0 times [  4] [ 0]  / answers: 1 / hits: 20952  / 2 Years ago, wed, may 18, 2022, 2:54:15

Here is the scenario:



  • We have one AWS Ubuntu server Server

  • This server is working as ftp client

  • Now when we try to connect to XYZ companies ftp server using this AWS server as client, it is sending it's local LAN IP while connecting to the ftp server, because of which listing of directories does not work.

  • Log shows that we are connected to the FTP server + we are authenticated correctly... port listing goes successful + only directory listing fails.

  • we can provide specific IP in FTP using filezilla which it will use while going out of the gateway.

  • here we can't use that because it does not have GUI & it is going to be used by a php script.

  • This problem was also there in windows at that time we solved it by giving a elastic IP to FileZilla. before the solution we used to receive the error & log showed like
    This. this point is added just to give you more details. & it's the same issue with Ubuntu & we want to give a elastic IP somewhere in ftp so that it will start working... we hope so at least. ;)


Recent updates



  • please click here for vsftpd.conf file.



  • little more clarification :


    In this case machine "A" is our FTP Server (which is AWS Ubuntu server) for internal usage, because of the lot of other process and data which is regularly uploaded on this FTP Server (Machine "A") & Machine "B" is our client's FTP Server which they use for their internal purposes. Now we need to pull some data from our clients FTP Server (i.e. Machine "B") to our server (i.e. Machine "A") and then process it. after that we need to put the processed data back on to the client's FTP Server (i.e. Machine "B"). that's what is not working



  • Logs of clients firewall when we tried to connect with machine "B" as shown in below image.




Firewall Log 1


Firewall Log 2


More From » ftp
 Answers
4

This is my understanding of your scenario:




  • You have Machine A in Your Network with an FTP Server and an FTP Client;

  • You want to pull files from Machine B that is in Client's Network;

  • There is a firewall in Your Network and possibly in Client's Network;

  • You will use FTP client to push and pull files from Machine B.



Network



FTP works in two modes:



- Active Mode -



In active mode FTP, the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port (...)



Example:




  1. FTP client in machine "A" connects to FTP server in machine "B" on port 21;

  2. Machine "A" sends "ls" to machine "B", but because it is Active Mode, the result of "ls" will be delivered to port N+1 (N>1023) of machine "A";

  3. This fails because FTP client in machine "A" asks machine "B" to connect to a private IP. Even if the IP is public, the ports N+1 must be open in the firewall.



- Passive Mode -



In passive mode FTP, the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends P back to the client in response to the PASV command. The client then initiates the connection from port N+1 to port P on the server to transfer data. (...)



Example:




  1. FTP client in machine "A" connects to FTP server in machine "B" on port 21;

  2. Machine "A" sends "ls" to machine "B";

  3. This time, the result will not be delivered to port N+1 of machine "A". Instead, machine "B" informs machine "A" that the result is waiting to be fetched in a given IP and port of machine "B".

  4. This fails when this IP is private and port is not open in client's firewall. That is why the client must configure his FTP server to use a public IP and a known port (see Cubiq's answer).



These are the solutions you have:




  1. Using Active Mode (considering that machine "A" has IP 175.41.135.142): Right after connection and authentication, issue this command: PORT 175,41,135,142,14,178 You will need to open port 3762 in you firewall. The ,14,178 comes from the convertion of octets to decimal ((14*256) + 178).

  2. Using Passive Mode: For this method to work, the client must have a configuration like Cubiq's answer. Right after the connection and authentication, issue this command: passive



Now you should be able to "ls".



You can read more about how FTP works here: http://slacksite.com/other/ftp.html



This page is also good to understand the FTP modes: http://www.deskshare.com/resources/articles/ftp-how-to.aspx


[#31006] Thursday, May 19, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
nuehan
Add To Favorites
Follow
Total Points: 253
Total Questions: 109
Total Answers: 120
Location: Singapore
Member since Sat, Jul 25, 2020
4 Years ago
nuehan questions
Sun, Dec 18, 22, 17:34, 1 Year ago
Mon, Mar 28, 22, 00:10, 2 Years ago
Fri, Jun 24, 22, 11:39, 2 Years ago
Thu, Apr 28, 22, 20:54, 2 Years ago
Fri, Aug 20, 21, 01:06, 3 Years ago
View All
;