Problem completing connection to FTP server from FileZilla - malformed FEAT reply?

mgreis

• January 22, 2020 09:43

I've been using FileZilla Pro for a long time to connect to FTP on a VPS running CentOS6. I just provisioned a new CentOS7 VPS and am now having problems connecting to it using FileZilla PRO 3.46.3. The message log provides the following: Status: Connecting to :21... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Logged in Status: Retrieving directory listing of "/public_html"... Command: CWD /public_html Response: 250 OK. Current directory is /public_html Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (64,202,160,248,211,75) Command: MLSD Error: Connection timed out after 20 seconds of inactivity Error: Failed to retrieve directory listing The message log seems to indicate that the connection is being made and the directory on the server is selected. But FileZilla never displays the contents of the remote directory, then times out saying that it failed to retrieve the directory listing. I'm using the exact same configuration in FileZilla PRO that I've been using for years for my CentOS 6 server). I can use FTP from a Windows workstation to log in to the new server with no problems. In an exchange on the FileZilla PRO support forums, I provided a log from a test of this server using the ftptest.net site, showing the following error: (The same test from my CentOS 6 server completes with no errors.) Command: FEAT Reply: 211-Extensions supported: Reply: EPRT Reply: IDLE Reply: MDTM Reply: SIZE Reply: MFMT Reply: REST STREAM Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; Reply: MLSD Reply: AUTH TLS Reply: PBSZ Reply: PROT Reply: UTF8 Reply: TVFS Reply: ESTA Reply: PASV Reply: EPSV Error: Carriage return without line feed received FileZilla PRO support reported back that the error indicated that: "Your server sends a malformed FEAT reply in violation of the FTP specifications. This isn't a configuration issue, this requires fixing the server software itself." The CentOS 6.10 server and the CentOS 7.7 server are both running cPanel 84.0.20. Thanks for any help you can provide!

• 

  cPanelLauren

  • January 22, 2020 21:18

  Hello, Firstly I would like to point out that we don't recommend using FileZilla, instead, we recommend CoreFTP on Windows and Cyberduck on MAC and we offer configuration files for them. Secondly, is the server NAT routed (meaning do you have a separate private IP and public IP as a result of a hardware appliance)? If not have you tried using ACTIVE mode only for FTP? Furthermore, you may want to check if NAT routing is being forced: How to Edit FTP Server Configuration from the Command Line | cPanel & WHM Documentation If you are NAT routed and need to use PASV mode - the following goes over how to enable it: How to Enable FTP Passive Mode | cPanel & WHM Documentation

  0
• 

  mgreis

  • January 23, 2020 17:50

  Thanks. My devices are behind a cable modem router, so NAT is in use. Here's the thing. I've been using this configuration between FileZilla and my CentOS6 server for years. It has always worked and still does. FileZilla specifies default (neither active nor passive), so I'm not sure what's been used. The only thing that's changed is the new server (same FileZilla, same level of cPanel). But I did see the article about enabling passive mode. Perhaps there's a new level of the FTP server in this new CentOS7 server that requires passive mode to be specified. I first try specifying passive mode from the FiileZilla client, since that is a trivial change. Nothing. I then followed the instructions in the article to add a local configuration file /var/cpanel/conf/pureftpd/local with the ForcePassiveIP: ~ entry and restarted the FTP server. Still nothing. BTW, - the /var/cpanel/conf/pureftpd/main file entry as configured by cPanel is explicit - ForcePassiveIP: 64.202.xxx.xxx - when restarting the PureFTPd service, I did receive the following notice: Jan 23 11:28:09 ip-107-180-xx-xxx.ip.secureserver.net pure-ftpd[4343]: (?@?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem I also looked at the /var/cpanel/conf/pureftpd/mail file on the CentOS6 server where FTP is working. There is no ForcePassiveIP: statement in it. So, to recap: - Confiiguring explicit passive mode on the PureFTPd server didn't work - This configuration works with no problems on the CentOS6 server What might I try next? Thanks!

  0
• 

  cPanelLauren

  • January 24, 2020 00:10

  On the new server does the firewall have the passive ports range open?

  0
• 

  mgreis

  • January 24, 2020 14:43

  It does. The configuration file main includes the line: PassivePortRange: 49152 65534
  Michael

  0
• 

  rackaid

  • January 24, 2020 19:12

  That is not the firewall but the FTP configuration. You need to check your firewall. Firewalls will block the ports unless they are opened. iptables -nL
  Will list your firewall rules. Some cPanel boxes use CSF, which you can access from WHM. Under FTP Server Configuration, make sure TLS Encryption is set to optional. If you happen to have a stateful firewall on the server, it will not work with STARTTLS. I think Filezilla tries STARTTLS by default.

  0
• 

  arnisraido

  • May 21, 2020 07:53

  One thing to note - check if Your serves has "ConfigServer Security & Firewall" installed. Mine have `csf v14.02.` FTP server with "passive" connections has to be tuned in csf. Workaround is to add specific IP address to firewall whitelist under ConfigServer Security & Firewall > csf > Firewall Allow IPS Include /etc/csf/cpanel.comodo.allow Include /etc/csf/cpanel.allow 11.22.33.44 # Manually allowed for Passive FTP 1 88.99.22.11 # Manually allowed for Passive FTP 2
  Or just add Your Ip under ConfigServer Security & Firewall > csf > Quick Allow

  0

Please sign in to leave a comment.