Skip to main content

FTP Connects but Timeout with Error Failed to retrieve directory listing

Comments

28 comments

  • mtindor
    You should follow the directions on cPanel's site for enabling Passive Mode FTP support on the server. How to Enable FTP Passive Mode - cPanel Knowledge Base - cPanel Documentation [removed outdated instructions] Mike
    0
  • cPanelMichael
    Hello, Yes, as mentioned in the previous post, you should be able to follow the instructions on the following document to address the problem: How to Enable FTP Passive Mode - cPanel Knowledge Base - cPanel Documentation Starting with version 60, the cPanel installation process will automatically enable passive mode and ensure the required ports are open as part of the standard firewall configuration. Thank you.
    0
  • Ally
    Hello, Yes, as mentioned in the previous post, you should be able to follow the instructions on the following document to address the problem:
    0
  • cPanelMichael
    Hello @Ally, Do you have root access to the system? If so, you need to access the server via the command line as the "root" user in order to make the documented changes to the Pure-FTPd configuration file. Thank you.
    0
  • Mario Rocha
    ports are opened in the firewall. Everything was working fine until the last update for cPanel.
    0
  • Dave Smith
    Run in terminal as Root: /sbin/modprobe ip_conntrack_ftp
    0
  • cPanelMichael
    ports are opened in the firewall. Everything was working fine until the last update for cPanel.

    Hello, Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0
  • kwdamp
    You should follow the directions on cPanel's site for enabling Passive Mode FTP support on the server. 30000:35000" Notice how the allowing of ranges of ports is set up in CSF - you use 30000:35000. 4. Run csf -r to apply the CSF config change 5. In your FTP client make sure you are using Passive mode FTP. I never do this. But I know my firewall on my PC will not block outbound connections from my FTP client. If you aren't sure, then on your PC you will want to force passive mode. Mike

    Had the same issues, and this fixed it perfectly. Thank you for taking the time to type this out. The Passive Port range was there in pure-ftpd.conf from the start, though a slightly higher range. But the ports were NOT open in CSF's TCP_IN. I added them and it worked immediately. My only question is: was opening the ports some kind of security risk? If not, why were they not there (listed) in the first place?
    0
  • mtindor
    Had the same issues, and this fixed it perfectly. Thank you for taking the time to type this out. The Passive Port range was there in pure-ftpd.conf from the start, though a slightly higher range. But the ports were NOT open in CSF's TCP_IN. I added them and it worked immediately. My only question is: was opening the ports some kind of security risk? If not, why were they not there (listed) in the first place?

    Any time you have to open a port for inbound/outbound access, the cost of doing so needs to be weighed. Because some admins might not allow FTP or some environments might not allow TCP 20 through corporate firewalls, and because people may set their own preference for passive ports, Chirpy probably figured it was best that the admin actually add the passive ports manually rather than have CSF actually try and guess. Just a hunch. If you are a server admin who allows FTP access, then you almost certainly will want to make sure that passive mode is supported. I'm glad the post helped you out! M
    0
  • Samet Chan
    Hi @cPanelMichael, @mtindor , I can still connect to FTP server "Pure-FTP", But I tried to look this and any tutorial won't help. I'd like to enable Pure-FTP firewall to allow IP. I checked in CSF Firewall TCP_IN: there is no for a port in FTP `49152 65534`. I'm confused so. I need to enable FTP firewall to allow IP well.
    0
  • cPanelMichael
    I'd like to enable Pure-FTP firewall to allow IP. I checked in CSF Firewall TCP_IN: there is no for a port in FTP `49152 65534`. I'm confused so. I need to enable FTP firewall to allow IP well.

    You'd need to add the port range at the end of the existing TCP_IN line. For example:
    49152:65534
    Thank you.
    0
  • Samet Chan
    You'd need to add the port range at the end of the existing TCP_IN line. For example:
    49152:65534
    Thank you.

    Solved problem. Thanks!
    Status: Connecting to xxx.xxx.xxx.xx:21... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Logged in Status: Retrieving directory listing... Command: PWD Response: 257 "/" is your current location Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (xxx.xxx.xxx.xx,235,111) Command: MLSD Error: The data connection could not be established: ECONNREFUSED - Connection refused by server Error: Connection timed out after 20 seconds of inactivity Error: Failed to retrieve directory listing Status: Disconnected from server
    Using from VPN test it, they will not let connect another IP from SSH/SFTP, FTP it's working now.
    0
  • cPanelMichael
    Solved problem. Thanks!

    You're very welcome. I'm glad to see that helped.
    Using from VPN test it, they will not let connect another IP from SSH/SFTP, FTP it's working now.

    Please open a new thread if you are facing a separate issue with the SSH/SFTP service. Thanks!
    0
  • Samet Chan
    You're very welcome. I'm glad to see that helped. Please open a new thread if you are facing a separate issue with the SSH/SFTP service. Thanks!

    Not really, any IP random will not allow connecting to our server. It's working on firewall added for port SFTP/FTP, SSH. You just helpfully me. ;)
    0
  • Benjamin D.
    Same problem as described in OP, tried the solution provided on here (tough I only found a /etc/pure-ftpd.conf file, not a /etc/pureftpd.conf file like the solution stated) aand even tough the contents of that conf file was adjusted to PassivePortRange 30000 50000 and that CSF has the TCP_IN [...]30000:50000 rule and that both CSF and Pure-FTPd services were restarted, my FTP client still tries to handshake to a 60000-ish port and fails. I also saw that since WHM 60.0 you have to use these instructions. I tried them as well and it's still the same: How to Enable FTP Passive Mode - cPanel Knowledge Base - cPanel Documentation What's going on with WHM 72.0 ?
    0
  • cPanelMichael
    Hello @Benjamin D., Can you post the output from the following command?
    grep PassivePortRange /var/cpanel/conf/pureftpd/local
    Thank you.
    0
  • Benjamin D.
    PassivePortRange: 30000 50000
    0
  • Benjamin D.
    I mitigated the issue by opening every TCP_IN, TCP_OUT, IP6_IN and IP6_OUT... Yes, to have it working, it would seem as tough I actually need the OUT ports unlocked too. Not sure why, but now it works reliably... thanks to those tens of thousands of open ports :-/
    0
  • cPanelMichael
    I mitigated the issue by opening every TCP_IN, TCP_OUT, IP6_IN and IP6_OUT... Yes, to have it working, it would seem as tough I actually need the OUT ports unlocked too. Not sure why, but now it works reliably... thanks to those tens of thousands of open ports :-/

    Hello @Benjamin D., You shouldn't have to enable those ports for outgoing connections to allow users to access FTP (via passive mode) on your server from their FTP clients. Have you tried closing the outgoing ports again and confirming that FTP stops working? Thank you.
    0
  • Benjamin D.
    Again, the TCP_OUT, UDP_OUT, TCP6_OUT and UDP6_OUT need to be opened in CSF for Pure-FTP to work on my server for some super obscure reason. I just tried again what you wanted me to test and yes, it stops working properly when I remove the OUT ports, here's the first try from my FileZilla client: 425 Could not open data connection to port 55038: Connection refused The funniest thing is that port 55038 is NOT EVEN SUPPOSED TO BE ACCEPTABLE as per the directive in /etc/pure-ftpd.conf: PassivePortRange: 30000 50000 Quite puzzling really.
    0
  • cPanelMichael
    Hello @Benjamin D., Can you open a support ticket so we can take a closer look at the affected system to see what's happening? You can post the ticket number here and we will link this thread to the ticket. Thank you.
    0
  • JIKOmetrix
    Again, the TCP_OUT, UDP_OUT, TCP6_OUT and UDP6_OUT need to be opened in CSF for Pure-FTP to work on my server for some super obscure reason. I just tried again what you wanted me to test and yes, it stops working properly when I remove the OUT ports, here's the first try from my FileZilla client: 425 Could not open data connection to port 55038: Connection refused The funniest thing is that port 55038 is NOT EVEN SUPPOSED TO BE ACCEPTABLE as per the directive in /etc/pure-ftpd.conf: PassivePortRange: 30000 50000 Quite puzzling really.

    I am having the exact same issue. However, I cannot get this to work. The client keeps getting a port that is not in the configured range. I have a ticket open with support too. They are not making any progress on this yet. - Mike
    0
  • JIKOmetrix
    Hello, More testing revealed I was able to reproduce the the connection issue where with the out of range ports. After first logging in I ran ls command and get the refused connection. The client had to have the ports open on the client firewall. It enters passive mode and works. You can see that in second section. Turning off passive mode is intermittent. Meaning with passive mode off the FTP server assumes the client is NOT behind a firewall and will randomly give any port in the non-standard range for communication. You can see that in third and fourth section with the fourth section show the refused connection for port 42463. This port is not open on the ftp server. When passive mode is ON the client will be given ports in the configured server port range. The FTP server must have the passive ports open and the client must have these ports open as well. See data below. For this to work with this server, the client behind a firewall requires passive mode on.
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 2 of 100 allowed. 220-Local time is now 17:21. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. Name (example.com:root): user@example.com 331 User user@example.com OK. Password required Password: 230-OK. Current restricted directory is / 230 12837 Kbytes used (0%) - authorized: 2048000 Kb Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,99,203,227,255,117) ftp: connect: Connection refused ftp> ls 227 Entering Passive Mode (192,99,203,227,193,98) 150 Accepted data connection drwxr-xr-x 5 example example 4096 Jul 30 15:24 . drwxr-xr-x 5 example example 4096 Jul 30 15:24 .. -rw------- 1 example example 14 Jul 31 14:30 .ftpquota drwxr-xr-x 3 example example 4096 Jul 31 16:10 incoming drwxr-xr-x 3 example example 135168 Jul 31 07:45 outgoing drwxr-xr-x 3 example example 4096 Jan 12 2018 personify -rw-r--r-- 1 example example 166993 Nov 19 2016 wp-info.php 226-Options: -a -l 226 7 matches total ftp> pass Passive mode off. ftp> ls 200 PORT command successful 150 Connecting to port 60211 drwxr-xr-x 5 example example 4096 Jul 30 15:24 . drwxr-xr-x 5 example example 4096 Jul 30 15:24 .. -rw------- 1 example example 14 Jul 31 14:30 .ftpquota drwxr-xr-x 3 example example 4096 Jul 31 16:10 incoming drwxr-xr-x 3 example example 135168 Jul 31 07:45 outgoing drwxr-xr-x 3 example example 4096 Jan 12 2018 personify -rw-r--r-- 1 example example 166993 Nov 19 2016 wp-info.php 226-Options: -a -l 226 7 matches total ftp> ls 200 PORT command successful 425 Could not open data connection to port 42463: Connection refused ftp> pass Passive mode on. ftp> ls 227 Entering Passive Mode (192,99,203,227,218,116) 150 Accepted data connection drwxr-xr-x 5 example example 4096 Jul 30 15:24 . drwxr-xr-x 5 example example 4096 Jul 30 15:24 .. -rw------- 1 example example 14 Jul 31 14:30 .ftpquota drwxr-xr-x 3 example example 4096 Jul 31 16:10 incoming drwxr-xr-x 3 example example 135168 Jul 31 07:45 outgoing drwxr-xr-x 3 example example 4096 Jan 12 2018 personify -rw-r--r-- 1 example example 166993 Nov 19 2016 wp-info.php 226-Options: -a -l 226 7 matches total ftp>
    0
  • cPanelMichael
    Hello @JIKOmetrix, Thank you for sharing your testing results. I'm monitoring the support ticket and will update this thread with the outcome once it's closed. Thank you.
    0
  • Michael Legg
    FTP just suddenly stopped working for me today. I've been using a custom passive port range for years, Pure FTP is configured correctly and CSF Firewall is allowing the ports both in and out. I've even resorted to connecting from the local network, to get around any external firewall issues but although it connects it can't list the directory contents. This was working last week and it can't have been a cPanel update because cPanel updates stopped working a couple of weeks ago. I feel like my cPanel installation is slowly falling apart. Each week something else stops working. I've opened a support ticket.
    0
  • Michael Legg
    Interestingly, if I run netstat -tulnp it only shows Pure-FTP only running on port 21. Could there be another ftp config file lurking on the server and it's not using /var/cpanel/conf/pureftpd/local ?
    0
  • quietFinn
    Interestingly, if I run netstat -tulnp it only shows Pure-FTP only running on port 21. Could there be another ftp config file lurking on the server and it's not using /var/cpanel/conf/pureftpd/local ?

    Pure-FTP is listening on port 21, but it needs other ports for passive mode. " In the passive mode, the client uses the control connection to send a PASV command to the server and then receives a server IP address and server port number from the server, which the client then uses to open a data connection to the server IP address and server port number received."
    0
  • 000
    FTP just suddenly stopped working for me today. I've been using a custom passive port range for years, Pure FTP is configured correctly and CSF Firewall is allowing the ports both in and out. I've even resorted to connecting from the local network, to get around any external firewall issues but although it connects it can't list the directory contents. This was working last week and it can't have been a cPanel update because cPanel updates stopped working a couple of weeks ago. I feel like my cPanel installation is slowly falling apart. Each week something else stops working. I've opened a support ticket.

    me too, many errors from installation, config DNS, etc... now: FTP How we can solve this problem in FTP?
    0

Please sign in to leave a comment.