LITTLEBLACKDOG.COM

Hey all

I just configured a pure-ftpd server and inside my network it works wonderfully....inside the network. When I access it outside the network the router forewards it to the correct machine, the logs indicate that the user logs in without a hitch, but then I get this message after waiting for about thirty seconds:

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

I've tried with both SSL on and off, with apssive mode disabled and enabled, yet the issue remains. I'm almost certian its' router based, but precisely what I'm uncertain. I know that I didn't have to do any settinsg to get the webserver running find which is what baffles me as to why this would have issues.

As always, any answeres would be appriciated.

Posted: Tue Mar 20, 2007 8:35 am Post subject:

Firewall issue maybe?

Posted: Tue Mar 20, 2007 8:44 am Post subject:

CheeseMonger The Great wrote:
Firewall issue maybe?

Thats' what I thought at first, but I disabled the firewall within the router (3COM OfficeConnect), but the issue remained.

Posted: Tue Mar 20, 2007 8:53 am Post subject:

FTP uses ports 20 and 21. Could anything be interfering with either port?

Posted: Tue Mar 20, 2007 9:17 am Post subject:

Toxin wrote:
FTP uses ports 20 and 21. Could anything be interfering with either port?

WEll I have it so that the server is running on 2000 instead of 21. I dont' have port 1999 open on the router so if my understanding is correct, would that block passive connections?

I set in the ftp server to use 30000 to 31000 for passive connectivity, and the router uses a trigger that if port 2000 is used, to open those ports. Granted I dont' know how well this router works with that, but would this be ineffective regardless?

Posted: Tue Mar 20, 2007 9:37 am Post subject:

You might consider setting everything back to the default ports, making sure it works, then screwing around with your ports.

I'm guessing that you are having some port forwarding issues

Posted: Tue Mar 20, 2007 10:06 am Post subject:

Check to make sure the default route is correct on the ftp server.

Posted: Tue Mar 20, 2007 10:09 am Post subject:

does your router support loopback?

some routers do not. so try a third party machine to access the server.
Make sure that you are not blocking the ip's in the config file.
some daemon progs are setup to accept ONLY from inside the network

validip 192.168.1.*

or some crap like that

Posted: Tue Mar 20, 2007 10:51 am Post subject:

fathertyme wrote:
You might consider setting everything back to the default ports, making sure it works, then screwing around with your ports.

I'm guessing that you are having some port forwarding issues

I'll give that a try tonight. Right now my ISP's modem has died yet again (damn piece of shit), so I can't access it remotely. I'll give feedback on this.

onefast1 wrote:
Check to make sure the default route is correct on the ftp server.

I beleive this is correct. The default route is pointing to the router, and other services such as ssh and web are working fine.

fathertyme wrote:
does your router support loopback?

some routers do not. so try a third party machine to access the server.
Make sure that you are not blocking the ip's in the config file.
some daemon progs are setup to accept ONLY from inside the network

validip 192.168.1.*

or some crap like that

I'm assuming that it does as other than ftp everything else is accessible from the internet that I want to be.

Posted: Tue Mar 20, 2007 2:40 pm Post subject:

Ok routing info is correct, and I can connect from a third party machine as long as I am accessing an internal system. If I use an external system it does the same thing.

fathertyme wrote:
You might consider setting everything back to the default ports, making sure it works, then screwing around with your ports.

I'm guessing that you are having some port forwarding issues

Done back to 21, and still no dice.. I'll be hoenst, Im at a complete loss

Posted: Wed Mar 21, 2007 5:15 am Post subject:

Doubt this will help but might lead you on the right track.
From http://download.pureftpd.org/pub/pure-ftpd/doc/README

Quote:
- '-N': NAT mode. Force ACTIVE mode. If your FTP server is behind a NAT box
that doesn't support applicative FTP proxying, or if you use port
redirection without a transparent FTP proxy, use this. Well... the previous
sentence isn't very clear. Okay: if your network looks like this:
(FTP server)-------(NAT/masquerading gateway/router)------(Internet)
and if you want people coming from the internet to have access to your FTP
server, please try without this option first. If Netscape clients can
connect without any problem, your NAT gateway rulez. If Netscape doesn't
display directory listings, your NAT gateway sucks. Use '-N' as a workaround.

Posted: Wed Mar 21, 2007 6:56 am Post subject:

dugg wrote:
Doubt this will help but might lead you on the right track.
From http://download.pureftpd.org/pub/pure-ftpd/doc/README

Quote:
- '-N': NAT mode. Force ACTIVE mode. If your FTP server is behind a NAT box
that doesn't support applicative FTP proxying, or if you use port
redirection without a transparent FTP proxy, use this. Well... the previous
sentence isn't very clear. Okay: if your network looks like this:
(FTP server)-------(NAT/masquerading gateway/router)------(Internet)
and if you want people coming from the internet to have access to your FTP
server, please try without this option first. If Netscape clients can
connect without any problem, your NAT gateway rulez. If Netscape doesn't
display directory listings, your NAT gateway sucks. Use '-N' as a workaround.

Well at least that did something different. Instead of timing out, it isntatly comes back with

Code: Select all

Could not open data connection to port ****: Connection refused

Where the port number is somewhere around the 3500-3700 range. Opening these ports on my router of course, did nothing Sad

Posted: Wed Mar 21, 2007 7:33 am Post subject:

Just inquiring why you are using FTP instead of OpenSSH? Was just wondering if SFTP works ok using FileZilla from the outside?

Posted: Wed Mar 21, 2007 7:34 am Post subject:

squashman wrote:
Just inquiring why you are using FTP instead of OpenSSH? Was just wondering if SFTP works ok using FileZilla from the outside?

I was always told that OpenSSH was the protocol, while FTP was the delivery method. Once I get this working I can have it so all FTP traffic is encrypted, it's just a matter of getting it working that is the problem.

Posted: Wed Mar 21, 2007 7:45 am Post subject:

You don't need an FTP server running to use SFTP over OpenSSH. Just install OpenSSH, forward port 22 or run it on whatever port you want to and forward that port to your server. That is all I have ever done.

I usually change the port number otherwise you log files tend to fill up with Failed login attempts from Script Kiddies.