Active Mode Failiures

[shujaat_tariq]

The GUI shows the active mode been set with the correct external IP address but still teh server replies with the internal ip address (LAN IP) of the client and says cannot establish connection. On checking through a Packet Sniffer it can be seen that filezilla is actually sending the LAN IP altough in the console/log/gui it shows its sending the external IP.

Issue with 3.0.9.2
and also with 3.0.9.3 - nightly build

[Alexander Schuch]

Can you please attach a log? Does the Network Configuration Wizard work for you in active mode?

[shujaat_tariq]

The wizard fails the active mode configuration, with this in the end

Response: 501 IP Mismatch. Tainted by router or firewall.
PORT command tainted by router or firewall.

but the thing is after the wizard finishes and a normal connection is made filezilla still tries to connect using active mode showing its using the external IP but if i run a packet sniffer it shows me that filezilla is infact sending the local IP.

here are the logs...

From the GUI (xx.xxx.xxx.xxxx is my external ip and is correct)

Status: Resolving IP-Address for emiratesresidence.com
Status: Connecting to 69.93.152.125:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [TLS] ----------
Response: 220-You are user number 2 of 50 allowed.
Response: 220-Local time is now 02:27. Server port: 21.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Command: USER emirates
Response: 331 User james_bond OK. Password required
Command: PASS *
Response: 230-User james_bond has group access to: james_bond
Response: 230 OK. Current restricted directory is /
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Extensions supported:
Response: EPRT
Response: IDLE
Response: MDTM
Response: SIZE
Response: REST STREAM
Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response: MLSD
Response: ESTP
Response: PASV
Response: EPSV
Response: SPSV
Response: ESTA
Response: AUTH TLS
Response: PBSZ
Response: PROT
Response: 211 End.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PORT xx,xxx,xxx,xxx,39,156
Response: 500 I won't open a connection to 192.168.0.5 (only to xx.xxx.xxx.xxx)
Command: PASV
Response: 227 Entering Passive Mode (69,93,152,125,86,131)
Command: LIST
Response: 150 Accepted data connection
Response: 226-ASCII
Response: 226-Options: -a -l
Response: 226 31 matches total

Here is from the packet sniffer (here again xx.xxx.xxx.xxx is my external ip and is fine.. but it never gets sent)

220---------- Welcome to Pure-FTPd [TLS] ----------

220-You are user number 2 of 50 allowed.

220-Local time is now 02:27. Server port: 21.

220 You will be disconnected after 15 minutes of inactivity.

USER james_bond

331 User emirates OK. Password required

PASS canputthisinthelog

230-User james_bond has group access to: james_bond

230 OK. Current restricted directory is /

SYST

215 UNIX Type: L8

FEAT

211-Extensions supported:

EPRT

IDLE

MDTM

SIZE

REST STREAM

MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;

MLSD

ESTP

PASV

EPSV

SPSV

ESTA

AUTH TLS

PBSZ

PROT

211 End.

PWD

257 "/" is your current location

TYPE I

200 TYPE is now 8-bit binary

PORT 192,168,0,5,19,137

500 I won't open a connection to 192.168.0.5 (only to xx.xxx.xxx.xxx)

PASV

227 Entering Passive Mode (69,93,152,125,86,131)

LIST

150 Accepted data connection

226-ASCII

226-Options: -a -l

226 31 matches total

[Tim Kosse]

Not a bug in FileZilla. Please read ​http://wiki.filezilla-project.org/Network_Configuration and configure your routers and firewalls accordingly.

[shujaat_tariq]

well i am running the packet sniffer on same pc. What is confusing me is that the GUI log is showing the filezilla sent my external ip and port to the server, but the packet sniffer is showing its sending my local ip... (btw in the settings of filezilla client i have specified/forced my IP)

I am running the packet sniffer on teh same pc so i am sure its not being mangled or altered in anyway by the firewall.. cause the firewall applies after the data leaves my computer (the firewall is on teh gateway).... and the sniffer sees the data before it .....

and secondly the firewall is bascially a very simple set of IP tables rules just blocking a few ports and not mangling anything...