FTP client unable to LIST server contents due to local firewall
TL;DR -
- Local Firewall On: FTP connects successfully, LIST / LS / DIR return Error 425 Could not open data connection to port [large port number]: Connection timed out.
- Local Firewall Off: FTP connects successfully, LIST / LS / DIR also succeed.
Before we get on to FTP:Passive vs. FTP:Active - it's not that. Both Passive and Active essentially do the same thing.
The connection goes like this:
<Standard beginning connection bumf to remote Pure-FTP server>
230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
200 PORT command successful
425 Could not open data connection to port 46811: Connection timed out
ftp> quit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.When not on Windows, I come from the Red Hat / Fedora / CentOS camp, but I'm trying Zorin on a salvaged Lenovo R61. And I've never had so many issues trying to do something "simple". Have I overlooked something basic?
Maybe? Have you allowed it through the firewall?
Right, of course. I tried that, but couldn't get it to work.
As above, I've tried FTPing with the local machine's software firewall disabled (via GUI), and that allows the connection. I've tried adding a large swathe of ephemeral ports in as allowing - that didn't work either. And I've tried adding "FTP" as a service into the GUI firewall->Add, and I tried adding FTP via UFW too.
Have you tried Googling it?
Yes, I've tried that too. It's flooded with so much FTP server info/config/issues that I couldn't find anything much specifically for this issue that wasn't actually a Passive FTP solution. And as I said, in this case, PASS doesn't make any difference, and Active works when local firewall is off.
Also, I happen to have wireshark on this machine, and I watched the connections during a 'failure', the output of wireshark showed no activity.
Question:How does one successfully allow FTP through the local firewall of a workstation?
Edit
So I tried this on my Win10 machine using WinSCP, and at first experienced the same problem. So I tried it via the Windows command line, and the firewall permission box popped up, which then allowed me to successfully LIST on FTP via CLI. (... and upon retrying the WinSCP, that got the auth box too, and then worked as expected.)
I've added this to show that: same network, same destination server, same pathways etc work when on a different machine.
3 Reset to default
