WTF FTP?
September 26, 2007 8:53 PM   Subscribe

Using XP / Vista? If so, have you checked to see that the firewall is allowing incoming connections?
posted by Dipsomaniac at 8:59 PM on September 26, 2007

When you say you 'opened the ports', are you talking about the Windows firewall, or your router? For that matter, do you even have a router? How are you connected to the net?
posted by pompomtom at 9:04 PM on September 26, 2007

Can you connect locally?
posted by McSly at 9:15 PM on September 26, 2007

If your router uses NAT it may be an issue with whether the FTP server and/or client are set up properly regarding passive/active transfers.

In passive transfers, the client opens a connection to the FTP server, and all data comes back over that connection.

In active, the client opens a connection to the FTP server, but the FTP server opens a connection BACK to the client to transfer the data. There are all kinds of misconfiguration woes that can make this not work, on either the client or the server side.

If the client is in passive mode, try active, if it's in active, try passive.
posted by RustyBrooks at 9:15 PM on September 26, 2007

Also, if the server keeps any logs anywhere, look at those... I don't do FTP on windows but most unix ftp servers will log incoming connections (and failures), transfers, etc.
posted by RustyBrooks at 9:16 PM on September 26, 2007

I would try first connecting using your IP, and not your dyndns name. If that doesn't work, I'd try using nmap (or similar portscanner for windows) from outside to see what can be accessed on your IP (ie: in case your ISP is blocking something).
posted by pompomtom at 9:18 PM on September 26, 2007

not even my wife's machine in the next room.

On your wife's machine are you trying to connect to your routable IP address or your local NATed address (192.168.x.x / 10.x.x.x)? I feel like ideally both should work but I would half-expect it to fail in the real world if you tried to connect to the routable adresss.

You should be able to connect to it using the local address if both computers are on the same router - trying this will help you to separate a routing/NAT problem from an FTP server problem.

Without even doing an nmap, I'd just preemptively try running the FTP server on port 2121 to see if port 21 being blocked is the problem.
posted by TheOnlyCoolTim at 9:50 PM on September 26, 2007

I kinda suspect it's the passive/active FTP thing also. Try switching to "passive FTP" on the client side, and see if that fixes things. Also, make sure to open port 21, since that's the port that passive FTP will want to use for everything.

Good explanation of passive vs active FTP and how it relates to the ports you need to have open:
http://slacksite.com/other/ftp.html
posted by Kadin2048 at 11:33 PM on September 26, 2007

Err, why 51000-52000? Is that a Filezilla thing? Standard FTP ports are 20 & 21 TCP, plus whatever magic you'll need for active/passive transfer.
posted by scalefree at 8:46 AM on September 27, 2007

FTP servers are problematic behind NAT. You need to be able to tell the server what range of ports to use for data connections, the server needs to know (or be able to find out) its WAN-accessible IP address (otherwise, it'll tell the clients to connect to its LAN address, e.g. 192.x.x.x, and that never works), and all those ports need to be opened in your firewall and forwarded to the server machine.

More trouble than it's worth. Do something else.

If it's just for you to access files, set up an ssh server instead and use a scp client (e.g. WinSCP). It only uses one port, the ssh port, and has none of the active/passive woes. Plus it's cryptographically secured.

If it's a public server where other, possibly anonymous, people need to be able to upload and download files, use a Web server and an upload CGI script to accept files.
posted by kindall at 11:44 AM on September 27, 2007

Umm, opening random ports will rarely get you where you want to go. You should either try to follow the directions in Kadin2048 's link or stop trying to make it work, else you'll end up opening up your home network to worms & hackers without ever knowing it.

As for the TCP/UDP issue, you only need TCP ports for FTP. Whichever way you go on the active/passive issue, it's all still TCP.

(FYI, FTP is a really messed up protocol, it was designed to be used under the predecessor to TCP, something called Network Control Protocol or NCP which only allowed unidirectional connections so they had to build session management into the FTP protocol. When TCP came along FTP was just ported to it pretty much without change, so you have session management both at the transport layer & the protocol level, redundantly. And then the active/passive thing was bolted on when firewalls came along, to allow us to hop over them. All in all it's just a mess to make sense of let alone implement in a modern environment.)
posted by scalefree at 12:55 PM on September 27, 2007

« Older Musicians -- how do you attrac...   |   Here we go again: partial lyri... Newer »

This thread is closed to new comments.