So I installed ProFTP on my Ubuntu 10.10 server. Using FileZilla, I can connect and authenticate, but I cannot get the directory listing. Here are the last few lines returned to me:
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/home/todolist" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Error: Disconnected from server: ECONNABORTED - Connection aborted
Error: Failed to retrieve directory listing
I haven't changed anything in the config, so what should I change / set so that I can correctly use the FTP?
My config:
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "Chigstuff FTP"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
You either forgot to open/forward the passive ports on your firewall or you didn't enable them in your config.
Uncomment this line in your config:
Making it:
Then open up these ports in your firewall:
20
,21
and the range49152-65534
.Make sure you restart the ProFTP service after this.
To understand active vs. passive FTP: link.
I got the following Error when connecting to my server via Windows FileZilla AND linux konqueror through ftp.myserver.com:
Here is what I did that caused the problem
I discovered that my Netgear wifi Repeater was to blame. It was reset by someone else to factory defaults which knocked out the special settings made previously to let Filezilla and ftp do it's thing. The Netgear wifi repeater was used as a router to multiple computer and was preventing SOME commands that the filezilla uses, but not all. This phenomenon caused bizarre behavior where my connection would partially work for a few minutes, then would crash and deliver the above mentioned error.
Summary Netgear routers are crappy and a poweroff can unexpectedly cause them to reset them to the highest security levels.
Resolution To diagnose, isolate which repeater/router might be set to too-high a security level by using an alternate connection (alternate route) to the internet, use the connection over at mc-donalds or a friends house or a neighbor's wifi. (I used tethering on my android phone). When I did this, my connection to my server worked correctly and I could backtrack and use elimination to find out which device is the problem. The solution was to go into my netgear wireless repeater and change the restriction settings to a wearker security level, and everything worked.
Other possible reasons this could occur
Also, I was running "ZoneAlarm" software on my Windows box, which was denying filezilla. If you have any third party security software, you might want to try briefly turning it off to see if that is what is blocking you.
Your router could be suffering from sporadic errors due to hardware failure or wireless interference. When wireless routers get old, sometimes they drop connections randomly, login to 192.168.1.1 to check it out.
FTP needs port 443 to be open. Try enabling port 443 on firewall to server. login to 192.168.1.1, your router, and look at "port range forwarding" both TCP and UDP for your ip addresses. See if that helps.
For me, this was caused by using IPv6. Reverting to IPv4 solved the issue. So, in your instance, if you are not already, try specifying an IPv4 address in your FTP client connection to test if this might be the cause.