Has he been able to list the files in the directories at all?
Does it always fail or does it work sometimes?

it connects straight away and sometimes it shows the list, and sometimes it doesn't.

the moment he starts to navigate or up or download, it times out.

Make sure he is in passive mode and that his authoritative dns server works correctly.

Thanks for your reply but we don't think the problem lies in the DNS because of the fact he had no problem connecting with our old FTP server (pro-FTP). He also has no problems connecting to other FTP servers.

Here is a transcript from a typical connection through cute FTP pro (user name and IP edited edited out). In this case he did not even get a directory listing.

It seems to be the new data socket which is not being received (or sent)?

STATUS:> Getting listing "/htdocs"...

STATUS:> Connecting to ftp server 62.73.123.123:21 (ip = 62.73.123.123)...

STATUS:> Socket connected. Waiting for welcome message...

220 ServerName FTP server (Version wu-2.6.1-20) ready.

STATUS:> Connected. Authenticating...

COMMAND:> USER (**edited**)

331 Password required for (**edited**).

COMMAND:> PASS *****

230 User (**edited**) logged in. Access restrictions apply.

STATUS:> Login successful.

COMMAND:> PWD

257 "/" is current directory.

STATUS:> Home directory: /

COMMAND:> FEAT

500 'FEAT': command not understood.

STATUS:> This site doesn't support the 'features' command.

COMMAND:> REST 100

350 Restarting at 100. Send STORE or RETRIEVE to initiate transfer.

STATUS:> This site can resume broken downloads.

COMMAND:> REST 0

350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer.

COMMAND:> CWD /htdocs

250 CWD command successful.

STATUS:> PWD skipped. Current dir: "/htdocs".

COMMAND:> PASV

227 Entering Passive Mode (62,73,123,123,80,3)

COMMAND:> LIST

STATUS:> Connecting ftp data socket 62.73.123.123:20483...

150 Opening ASCII mode data connection for directory listing.

ERROR:> Timeout (60000 ms) occurred on receiving server response.

STATUS:> This site can resume broken downloads.

You used pro-ftpd on the same box and he didn't have a problem?
And you didn't modify any firewall settings on the server or on his nat router?

bcc,

they are two different boxes. the old server was a cobalt raq4 with pro-ftp installed. the new server is redhat 7.2 with wu-ftpd 2.6.1 installed.

no settings have been changed on his nat. he could upload perfectly to the old raq4 with pro-ftp. on the new one, it gets the above response.

we have been investigating and there evidently are problems with version 2.6.1 and firewalls / nats. we just haven't found solution yet.

cheers

p.s. upgrading to 2.6.2 might be the solution - but there is no rpm package yet, so it would be a compile job (i am a linux relative newbie and have not yet compiled ;-) *groan*

I try not to use linux, especially not redhat distro, so I don't follow the rpm package versions.

Still, my bet would be the dns problem.
wu-ftpd and tcp wrappers you might use do reverse dns lookups to prevent spoofing. If your designer's authoritative dns does not respond correctlly - that might be the problem.

You can also disable lookups in tcp wrappers and in wu-ftpd, but that's just one bad idea.

hi bcc,

well out with wu-ftpd and in with proftpd (which allowed connections from the nat on the last server we had - a cobalt raq4)

proftpd now works perfectly.... except

he still hangs when requesting a directory listing. it has to do with his nat masquerading his ip - but all i can find in the net (and believe me i've searched ;-) is config for proftpd behind a nat - NOT a client behind a nat.

we are both at our wits ends. anyway thanks for support, maybe another redhat guru is reading.

regards

jamie,

bcc1234: Make sure he is in passive mode

Did you check this?

Jim

hi jd

yes. there is nothing funny in the proftpd.conf file either. just standard stuff.

and it works fine for other users - just the ones behind a nat don't work.

we've also tried from other nat computers and failed, so it's not specific to him.

The passive mode should be enabled in the client config.

The way ftp works - it has one command connection and multiple data connections.

The command connection is on port 21, the data connections are opened and closed on other ports as needed.

The directory listing is transferred over data connection, but login info isn't.

So if you can login, but not list the files - you got a problem with opening data connections.

Most common problems with nats/firewalls/dns are:
- a firewall might block random ports which the server (or the client) picks for transferring data
- a client behind nat picks ip and port for a connection (in active mode), and since it's behind nat - that ip does not make sense for the server; thus, use passive mode and let server pick connection info
- a server does reverse dns lookups on each connection to prvent spoofing, and if your client's auth dns does not respond or is slow - you would see delays or timeouts

I just described you 90% of problems that occur with ftp. Chances are your problem is in there so double check your set-up.

thanks bcc will do.

hi bcc,

this is what he has replied ;-)

Yeah believe me I've checked my set-up. why don't I have any problems with any other server? This must indicate that my router is alowing FTP connections and socket changes to other servers?

anyway, lo and behold, suddenly today it works! would you believe it. the only thing i have done to the server is to reboot. nothing else... sounds more reminiscent of a windows solution ;-)

anyway we are really relieved! thanks loads for all the support.

Hi, I'm the NAT router guy that Jaime has been posting about. Unfortunatley The champagne got broken out too soon. I connected while talking to James and everything went fine....I even managed to upload 3 files with no waiting.....and no timeout message. Then after that I disconnected and tried again only to find the problem is back. but now intermittent. (4 out of 5 times) :(

I have always had all filters disabled on the router.

Because I have no problems with any other server this must mean the my config is ok. no?

anyway thanks for your help....I'm getting a new router next week so I'll see what happens then.

Pete

You guys keep missing the DNS part :)

Log into your box and do a revense dns lookup for the ips of the client machines you are having problems with.

After that, do a forward lookup for the hostnames you'll get.

If everythin works fine - then start worrying about routers and other stuff.

Hi, have you realised that I am a networking dummy yet? how do i do a reversed dns lookup? the other thing maybe to note is that telefonica are using a proxy as you can maybe see in this trace i did. but i still am not having problems with any other servers.

[focifum.com...]

"butter" is me

172.26.0.1 is my router (3com 812) with all filters off

80.36.221.10 is my public address which doen't appear on the trace?

Thanks again for all your help.

Peter

Hi, have you realised that I am a networking dummy yet? how do i do a reversed dns lookup? the other thing maybe to note is that telefonica are using a proxy as you can maybe see in this trace i did. but i still am not having problems with any other servers.

Hi bcc1234

Peter had no problems connecting to one of my FTP servers running RH 7.3 with ProFTPD 1.2.6

The problem appears to be specific to Jamie's RH 7.2 box. I have a couple of ideas where the problem may lie and will try to sort it out for him.

So are both of those pro-ftpd, or is one of them wu-ftpd?

Cause wu-ftpd does have more problems with DNS.

Pro-FTP. (now) originally James installed wu-ftpd but we gave up on that and changed to pro-ftp becuase it's what we had on the old server and i had no problems with it then.

It seems to be something with this particular server? I don't have any more clues.....I'm baffled,

Peter.

oh here's a quite a long session I had before timed out.
ProFTPD 1.2.7 Server (Ibiza Spotlight) [62.73.174.58]
STATUS:> Connected. Authenticating...
COMMAND:>USER (changed)
331 Password required for (changed).
COMMAND:>PASS *****
230 User (changed) logged in.
STATUS:> Login successful.
COMMAND:>PWD
257 "/" is current directory.
STATUS:> Home directory: /
STATUS:> This site doesn't support the 'features' command.
STATUS:> This site can resume broken downloads.
COMMAND:>REST 0
350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer
COMMAND:>CWD /htdocs
250 CWD command successful.
STATUS:> PWD skipped. Current dir: "/htdocs".
COMMAND:>PASV
227 Entering Passive Mode (62,73,174,58,227,63).
STATUS:> Connecting ftp data socket 62.73.174.58:58175...
COMMAND:>LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete.
STATUS:> Transfer complete.
STATUS:> Getting listing "/htdocs/night"...
COMMAND:>CWD /htdocs/night
250 CWD command successful.
STATUS:> PWD skipped. Current dir: "/htdocs/night".
COMMAND:>PASV
227 Entering Passive Mode (62,73,174,58,227,64).
STATUS:> Connecting ftp data socket 62.73.174.58:58176...
COMMAND:>LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete.
STATUS:> Transfer complete.
STATUS:> Getting listing "/htdocs/aquarium"...
COMMAND:>CWD /htdocs/aquarium
250 CWD command successful.
STATUS:> PWD skipped. Current dir: "/htdocs/aquarium".
COMMAND:>PASV
227 Entering Passive Mode (62,73,174,58,227,65).
STATUS:> Connecting ftp data socket 62.73.174.58:58177...
COMMAND:>LIST
150 Opening ASCII mode data connection for file list
226 Transfer complete.
STATUS:> Transfer complete.
STATUS:> Getting listing "/htdocs/balansat"...
COMMAND:>CWD /htdocs/balansat
250 CWD command successful.
STATUS:> PWD skipped. Current dir: "/htdocs/balansat".
COMMAND:>PASV
227 Entering Passive Mode (62,73,174,58,227,66).
STATUS:> Connecting ftp data socket 62.73.174.58:58178...
COMMAND:>LIST
150 Opening ASCII mode data connection for file list
ERROR:> Timeout (60000 ms) occurred on receiving server response.

Well, I can't really tell you a solution just from the logs of the ftp client.

Try hiring somebody on elance to check your server and client.