Thanks Clint and Niklas, For port range configuration on pasv ports, the ' 123-125' seem to cause a IllegalNumberFormat Exception, '123,124,125' works for me. Why active mode data directory listing takes a sec to respond where as pasv mode almost instant ?
ran On 5/30/07, Clinton Foster <[EMAIL PROTECTED]> wrote:
Ran, I think you mentioned the firewall had been disabled, but just in case... To handle clients that are connecting in passive mode (which is preferred), it is not sufficient to simply open port 21 on the firewall. If the server is behind a firewall and the client is connecting from outside the firewall, the firewall must be configured to dynamically open ports for inbound passive connections from any IP address that already has a control connection to the server. Most modern corporate firewalls can be configured to do this. Note that this won¹t work for SSL connections because the firewall can¹t monitor the control connection to figure out what passive port to dynamically open. Also, it won¹t work with simple firewalls like the Windows firewall. In either of these cases you have to explicitly configure the firewall to allow a range of ports for passive connections, and configure the allowed passive ports on the FTP server with the same range. (In the case of the Windows firewall this is tedious because it does not allow configuring a range.) http://incubator.apache.org/ftpserver/configure-passive-ports.html The other potential issue, as Niklas pointed out, is NAT. When the client sends the PASV command to the server, the server¹s response includes both the IP address and the port to which the client must connect to perform the data transfer. If the firewall is FTP-aware it will automatically rewrite the IP address with the external address of the firewall (instead of the local address of the server). Here again, this won¹t work in the case of SSL, and I¹m pretty sure it won¹t work with the Windows firewall. To handle these cases the server must be explicitly configured with the external address of the firewall. I think the documentation has not yet been updated to reflect this, but I believe the configuration parameter is as follows: (Niklas, correct me if I¹m wrong...) config.listeners.default.data-connection.passive.external-address Don¹t confuse this parameter with config.listeners.default.data-connection.passive.address, which is the local network interface that server sockets for accepting passive connections should bind to. (Normally you can leave the default for this one.) Thanks to firewalls, hosting an FTP server is a little tricky from a configuration standpoint. Clients don¹t have to worry so much since passive connections are the norm these days, but this puts more onus on the server administrator. One thing that seems clear is that you should not use the Windows firewall if you are hosting an FTP server for non-trivial purposes. We should probably add a section to the documentation about this general subject. Clint Foster On 5/30/07 11:59 AM, "Niklas Gustavsson" <[EMAIL PROTECTED]> wrote: > From the log it looks like you have a problem with opening the data > connection socket. It's likely due to a firewall or NAT issue. Since > your in active mode, the server needs to be able to open a socket to the > client (and pass any firewalls, resolve the IP). You could try to run in > passive mode instead. > > /niklas > > Ran wrote: >> Now I the server can't seem to retrieve directory listing :-( >> i have my account directory set to E:\www\ftp\admin in database. Could >> it be >> a slash problem ? >> >> thanks again, >> ran >> ================================= >> Response: 230 User logged in, proceed. >> Command: FEAT >> Response: 211-Extensions supported >> Response: SIZE >> Response: MDTM >> Response: REST STREAM >> Response: LANG en;zh-tw;ja;is >> Response: MLST Size;Modify;Type;Perm >> Response: AUTH SSL >> Response: AUTH TLS >> Response: MODE Z >> Response: UTF8 >> Response: TVFS >> Response: 211 End >> Command: SYST >> Response: 215 UNIX Type: Apache FTP Server >> Status: Connected >> Status: Retrieving directory listing... >> Command: PWD >> Response: 257 "/" is current directory. >> Command: TYPE A >> Response: 200 Command TYPE okay. >> Command: PASV >> Error: Disconnected from server >> Error: Could not retrieve directory listing >> Error: Timeout detected! >> ======================================== >> >> On 5/30/07, Ran <[EMAIL PROTECTED]> wrote: >>> >>> Removing localhost worked for me :-) thanks Dave. >>> however I tried my real ip address instead of localhost in address >>> element, weird it didn't turn out any good. >>> >>> thanks, >>> ran >>> >>> On 5/30/07, Dave Roberts >>> <[EMAIL PROTECTED]> wrote: >>>> >>>> Ran wrote: >>>>> I tried turn off windows firewall, it didn't work. >>>>> I created a couple account, I could only login with them when >>>> connecting to >>>>> localhost. >>>> >>>> Your config is set to create the listener on the localhost only. >>>> This means the loopback interface (which has an IP address of >>>> 127.0.0.1). Therefore the server can only accept connections that >>>> come in on that interface - which results in what you are seeing: >>>> connections work when you use "localhost", but not when you use your >>>> real hostname or real IP address. >>>> >>>> In your config, remove the localhost setting from the <address> >>>> parameter, and this will tell the server to open up a listener on >>>> all interfaces for your system. You'll then be able to access it >>>> using your real hostname, and from other machines. >>>> >>>> Hope this makes sense. >>>> >>> >>> >> >
