When I try to switch directory I get a timeout error, any idea ? ========================================== Response: 257 "/d" is current directory. Command: TYPE A Response: 200 Command TYPE okay. Command: PASV Error: Disconnected from server Error: Could not retrieve directory listing Error: Timeout detected! ==========================================
On 5/30/07, Ran <[EMAIL PROTECTED]> wrote:
Thanks Clint and Niklas, For port range configuration on pasv ports, the ' 123-125' seem to cause a IllegalNumberFormat Exception, '123,124,125' works for me. Why active mode data directory listing takes a sec to respond where as pasv mode almost instant ? ran On 5/30/07, Clinton Foster <[EMAIL PROTECTED]> wrote: > > Ran, > > I think you mentioned the firewall had been disabled, but just in > case... > > To handle clients that are connecting in passive mode (which is > preferred), > it is not sufficient to simply open port 21 on the firewall. If the > server > is behind a firewall and the client is connecting from outside the > firewall, > the firewall must be configured to dynamically open ports for inbound > passive connections from any IP address that already has a control > connection to the server. Most modern corporate firewalls can be > configured > to do this. Note that this won¹t work for SSL connections because the > firewall can¹t monitor the control connection to figure out what passive > > port to dynamically open. Also, it won¹t work with simple firewalls like > the > Windows firewall. In either of these cases you have to explicitly > configure > the firewall to allow a range of ports for passive connections, and > configure the allowed passive ports on the FTP server with the same > range. > (In the case of the Windows firewall this is tedious because it does not > allow configuring a range.) > > http://incubator.apache.org/ftpserver/configure-passive-ports.html > > The other potential issue, as Niklas pointed out, is NAT. When the > client > sends the PASV command to the server, the server¹s response includes > both > the IP address and the port to which the client must connect to perform > the > data transfer. If the firewall is FTP-aware it will automatically > rewrite > the IP address with the external address of the firewall (instead of the > > local address of the server). Here again, this won¹t work in the case of > SSL, and I¹m pretty sure it won¹t work with the Windows firewall. To > handle > these cases the server must be explicitly configured with the external > address of the firewall. I think the documentation has not yet been > updated > to reflect this, but I believe the configuration parameter is as > follows: > (Niklas, correct me if I¹m wrong...) > > config.listeners.default.data-connection.passive.external-address > > Don¹t confuse this parameter with > config.listeners.default.data-connection.passive.address, which is the > local > network interface that server sockets for accepting passive connections > should bind to. (Normally you can leave the default for this one.) > > Thanks to firewalls, hosting an FTP server is a little tricky from a > configuration standpoint. Clients don¹t have to worry so much since > passive > connections are the norm these days, but this puts more onus on the > server > administrator. One thing that seems clear is that you should not use the > Windows firewall if you are hosting an FTP server for non-trivial > purposes. > > We should probably add a section to the documentation about this general > > subject. > > Clint Foster > > > On 5/30/07 11:59 AM, "Niklas Gustavsson" <[EMAIL PROTECTED]> wrote: > > > From the log it looks like you have a problem with opening the data > > connection socket. It's likely due to a firewall or NAT issue. Since > > your in active mode, the server needs to be able to open a socket to > the > > client (and pass any firewalls, resolve the IP). You could try to run > in > > passive mode instead. > > > > /niklas > > > > Ran wrote: > >> Now I the server can't seem to retrieve directory listing :-( > >> i have my account directory set to E:\www\ftp\admin in database. > Could > >> it be > >> a slash problem ? > >> > >> thanks again, > >> ran > >> ================================= > >> Response: 230 User logged in, proceed. > >> Command: FEAT > >> Response: 211-Extensions supported > >> Response: SIZE > >> Response: MDTM > >> Response: REST STREAM > >> Response: LANG en;zh-tw;ja;is > >> Response: MLST Size;Modify;Type;Perm > >> Response: AUTH SSL > >> Response: AUTH TLS > >> Response: MODE Z > >> Response: UTF8 > >> Response: TVFS > >> Response: 211 End > >> Command: SYST > >> Response: 215 UNIX Type: Apache FTP Server > >> Status: Connected > >> Status: Retrieving directory listing... > >> Command: PWD > >> Response: 257 "/" is current directory. > >> Command: TYPE A > >> Response: 200 Command TYPE okay. > >> Command: PASV > >> Error: Disconnected from server > >> Error: Could not retrieve directory listing > >> Error: Timeout detected! > >> ======================================== > >> > >> On 5/30/07, Ran <[EMAIL PROTECTED]> wrote: > >>> > >>> Removing localhost worked for me :-) thanks Dave. > >>> however I tried my real ip address instead of localhost in address > >>> element, weird it didn't turn out any good. > >>> > >>> thanks, > >>> ran > >>> > >>> On 5/30/07, Dave Roberts > >>> <[EMAIL PROTECTED]> wrote: > >>>> > >>>> Ran wrote: > >>>>> I tried turn off windows firewall, it didn't work. > >>>>> I created a couple account, I could only login with them when > >>>> connecting to > >>>>> localhost. > >>>> > >>>> Your config is set to create the listener on the localhost only. > >>>> This means the loopback interface (which has an IP address of > >>>> 127.0.0.1). Therefore the server can only accept connections that > >>>> come in on that interface - which results in what you are seeing: > >>>> connections work when you use "localhost", but not when you use > your > >>>> real hostname or real IP address. > >>>> > >>>> In your config, remove the localhost setting from the <address> > >>>> parameter, and this will tell the server to open up a listener on > >>>> all interfaces for your system. You'll then be able to access it > >>>> using your real hostname, and from other machines. > >>>> > >>>> Hope this makes sense. > >>>> > >>> > >>> > >> > > > >
