Cannot connect to FTP server from external host

linux ubuntu networking ftp
6,309

When putting an FTP server behind a NAT, you not only have to forward port 21/TCP to the server, you also need a NAT gateway that has an FTP ALG that supports FTP servers behind the NAT (note: this is a rare feature, and rarely advertised on the box or on the tech specs page or even in the manual), and knows to watch the FTP control data stream for commands from clients that indicate the client wants the FTP server to use passive mode (where the FTP server starts listening for a data TCP connection on another port, sends that port number to the client, and passively waits for the client to initiate data TCP connection to the server). The FTP ALG has to watch for what port the server told the client to connect on, and then automatically create a temporary port forwarding entry to allow that connection to get to the server.

Basically, Passive mode FTP, which is great when the client is behind a NAT, is a big problem when the server is behind the NAT. If it turns out that your client is NOT behind a NAT, then tell your client to use traditional "active" mode FTP, and you don't need to have a sophisticated "server behind the NAT" FTP ALG in your NAT gateway.

Another option would be to make your FTP server be your DMZ host (a.k.a. "default host", "bastion host"). Since all unexpected incoming connection attempts are forwarded to the DMZ, all those passive mode FTP data TCP connections would automatically go do your FTP server.

Share:
6,309

Related videos on Youtube

h3.
Author by

h3.

Updated on September 17, 2022

Comments

  • h3.
    h3. over 1 year

    I have a FTP server (vsftpd) setuped on a Linux box (Ubuntu server). When I try to connect with a computer on the same network everything works fine as expected.

    But as soon the IP is external it won't connect..

    I first assumed the port was blocked, but then:

    localserver:$ sudo tail -f /var/log/vsftpd.log
Wed Jan 13 14:21:17 2010 [pid 2407] CONNECT: Client "xxx.xxx.107.4"
remotemachine:$ netcat svn-motion.no-ip.biz 21
220 FTP Server

    And it hangs there. Do any ports other than 21 need to be open?

  • h3.
    h3. over 14 years
    sftp does not use multiple connection, it only use 21 and thus is passive by default.
  • h3.
    h3. over 14 years
    Oh, right.. when using ftp only I get "Unknown server error"
  • h3.
    h3. over 14 years
    When using the IP directly it works ..

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Using wget to download select directories from ftp server
SFTP failing with "Match Group" clause
How to connect to device via SSH over direct ethernet connection
How to access apache web server on Ubuntu from windows
"Connection closed by (ip adress) port 22" when trying to connect to raspberry pi with ssh
How do I map a network drive in Ubuntu? I want to save my Firefox downloads directly in the mapped network drive (folder)
Linux Ubuntu MATE 14.04.1 Connection Issues
How can I sniff traffic sent by POST method (on another computer)?
port 8082 on ubuntu 9.10
How to add a NIC in ubuntu 16.04.1 server?