impossible to connect to FTP

Support for security such as Firewalls and securing linux
Post Reply
mardukk22
Posts: 2
Joined: 2020/06/17 02:41:07

impossible to connect to FTP

Post by mardukk22 » 2020/06/17 03:19:32

I have tried unsuccessfully the connection via passive FTP to a VPS because when listing the directories the session is disconnected.
I am using firewalld in public area and I have allowed access to the ftp service with the command:

firewall-cmd --permanent --zone=public --add-service=ftp
firewall-cmd –reload

I have told me that I put in listening port 20 I have tried as much as port service without results

Code: Select all


[xxxx@xxx ~]# nmap localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2020-06-16 23:02 -04
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000015s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 983 closed ports
PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
53/tcp    open  domain
80/tcp    open  http
110/tcp   open  pop3
111/tcp   open  rpcbind
143/tcp   open  imap
199/tcp   open  smux
443/tcp   open  https
465/tcp   open  smtps
587/tcp   open  submission
783/tcp   open  spamassassin
993/tcp   open  imaps
995/tcp   open  pop3s
3306/tcp  open  mysql
10000/tcp open  snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 1.62 seconds

Code: Select all

. 2020-06-16 01:10:16.253 --------------------------------------------------------------------------
. 2020-06-16 01:10:16.254 WinSCP Version 5.13.3 (Build 8565) (OS 10.0.18363 - Windows 10 Enterprise)
. 2020-06-16 01:10:16.254 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2020-06-16 01:10:16.254 Log level: Normal
. 2020-06-16 01:10:16.254 Local account: xxxxxxx\xxxxxxx
. 2020-06-16 01:10:16.254 Working directory: C:\Program Files (x86)\WinSCP
. 2020-06-16 01:10:16.254 Process ID: 6440
. 2020-06-16 01:10:16.255 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" 
. 2020-06-16 01:10:16.255 Time zone: Current: GMT-4, Standard: GMT-4 (Hora est. Sudamérica Pacífico), DST: GMT-3 (Hora verano Sudamérica Pacífico), DST Start: 05-09-2020, DST End: 04-04-2020
. 2020-06-16 01:10:16.255 Login time: martes, 16 de junio de 2020 1:10:16
. 2020-06-16 01:10:16.256 --------------------------------------------------------------------------
. 2020-06-16 01:10:16.256 Session name: xxxxxxxxx@xxxxxx (Site)
. 2020-06-16 01:10:16.256 Host name: xxx.xxx.xxx.xxx (Port: 21)
. 2020-06-16 01:10:16.256 User name: xxxxxxx (Password: Yes, Key file: No, Passphrase: No)
. 2020-06-16 01:10:16.256 Transfer Protocol: FTP
. 2020-06-16 01:10:16.256 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec
. 2020-06-16 01:10:16.256 Disable Nagle: No
. 2020-06-16 01:10:16.256 Proxy: None
. 2020-06-16 01:10:16.256 Send buffer: 262144
. 2020-06-16 01:10:16.256 UTF: Auto
. 2020-06-16 01:10:16.256 FTPS: None [Client certificate: No]
. 2020-06-16 01:10:16.256 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto [List all: Auto]; HOST: Auto
. 2020-06-16 01:10:16.256 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2020-06-16 01:10:16.256 Cache directory changes: Yes, Permanent: Yes
. 2020-06-16 01:10:16.256 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2020-06-16 01:10:16.256 Timezone offset: 0h 0m
. 2020-06-16 01:10:16.256 --------------------------------------------------------------------------
. 2020-06-16 01:10:16.294 Connecting to xxx.xxx.xxx.xxx ...
. 2020-06-16 01:10:16.294 Connected with xxx.xxx.xxx.xxx. Waiting for welcome message...
< 2020-06-16 01:10:16.296 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
< 2020-06-16 01:10:16.296 220-You are user number 1 of 100 allowed.
< 2020-06-16 01:10:16.296 220-Local time is now 01:10. Server port: 21.
< 2020-06-16 01:10:16.296 220-This is a private system - No anonymous login
< 2020-06-16 01:10:16.296 220-IPv6 connections are also welcome on this server.
< 2020-06-16 01:10:16.297 220 You will be disconnected after 20 minutes of inactivity.
> 2020-06-16 01:10:16.297 USER xxxxxxxxxx
< 2020-06-16 01:10:16.312 331 User xxxxxxxxxxx OK. Password required
> 2020-06-16 01:10:16.312 PASS **************
< 2020-06-16 01:10:16.362 230 OK. Current restricted directory is /
> 2020-06-16 01:10:16.363 SYST
< 2020-06-16 01:10:16.377 215 UNIX Type: L8
> 2020-06-16 01:10:16.377 FEAT
< 2020-06-16 01:10:16.394 211-Extensions supported:
< 2020-06-16 01:10:16.394  EPRT
< 2020-06-16 01:10:16.394  IDLE
< 2020-06-16 01:10:16.394  MDTM
< 2020-06-16 01:10:16.394  SIZE
< 2020-06-16 01:10:16.394  MFMT
< 2020-06-16 01:10:16.394  REST STREAM
< 2020-06-16 01:10:16.394  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
< 2020-06-16 01:10:16.394  MLSD
< 2020-06-16 01:10:16.394  AUTH TLS
< 2020-06-16 01:10:16.394  PBSZ
< 2020-06-16 01:10:16.394  PROT
< 2020-06-16 01:10:16.394  UTF8
< 2020-06-16 01:10:16.394  TVFS
< 2020-06-16 01:10:16.394  ESTA
< 2020-06-16 01:10:16.394  PASV
< 2020-06-16 01:10:16.394  EPSV
< 2020-06-16 01:10:16.394  SPSV
< 2020-06-16 01:10:16.395 211 End.
> 2020-06-16 01:10:16.395 OPTS UTF8 ON
< 2020-06-16 01:10:16.416 200 OK, UTF-8 enabled
. 2020-06-16 01:10:16.465 Connected
. 2020-06-16 01:10:16.465 --------------------------------------------------------------------------
. 2020-06-16 01:10:16.465 Using FTP protocol.
. 2020-06-16 01:10:16.465 Doing startup conversation with host.
> 2020-06-16 01:10:16.480 PWD
< 2020-06-16 01:10:16.494 257 "/" is your current location
. 2020-06-16 01:10:16.494 Getting current directory name.
. 2020-06-16 01:10:16.536 Retrieving directory listing...
> 2020-06-16 01:10:16.536 TYPE A
< 2020-06-16 01:10:16.551 200 TYPE is now ASCII
> 2020-06-16 01:10:16.551 PASV
. 2020-06-16 01:10:31.254 Timeout detected. (control connection)
. 2020-06-16 01:10:31.254 Could not retrieve directory listing
* 2020-06-16 01:10:31.319 (EFatal) **Lost connection.**
* 2020-06-16 01:10:31.319 Timeout detected. (control connection)
* 2020-06-16 01:10:31.319 Could not retrieve directory listing
* 2020-06-16 01:10:31.319 Error listing directory '/'.

I would appreciate if you could give me an idea of what might be happening because I have verified that the ftp service is listening from the internet, so I rule out the firewall problem

tunk
Posts: 760
Joined: 2017/02/22 15:08:17

Re: impossible to connect to FTP

Post by tunk » 2020/06/17 09:52:42

If you're using WinSCP from windows, why not use SCP
or SFTP instead of FTP. It's secure and should work.

User avatar
TrevorH
Forum Moderator
Posts: 29407
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: impossible to connect to FTP

Post by TrevorH » 2020/06/17 10:55:12

To use passive ftp you will need to make sure that nf_conntrack_ftp is loaded on the ftp server machine (assuming it's running linux).
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

mardukk22
Posts: 2
Joined: 2020/06/17 02:41:07

Re: impossible to connect to FTP

Post by mardukk22 » 2020/06/18 02:35:15

I really appreciate your help, I have checked everything again and the error was that the ForcePassiveIp line in /etc/pure-ftpd.conf was uncommented
I looked a thousand times the configuration and I did not realize, sorry for the inconvenience

Post Reply

Return to “CentOS 7 - Security Support”