Q : How to solve your PASV connection failure problems

A : PASV connection failure can be caused by many reasons , there is no simple way to find out what is your problem , if you can't get it to work you will need to read and evaluate all items listed below

Hint#1 Read PASV theory first

It is very important to know what are you doing before you are going to fix any error , read here

If you don't read it , you can not understand anything listed below

Hint#2 Check server IP setting

In your server configuration file *.ftpd , the SERVER_IP must be set to your real internet IP , if your real internet IP is dynamic , better apply for a domain name and put it to your SERVER_IP field , the SERVER_IP full setup guide is here

If you don't setup this correctly , the server can not know which IP to use for PASV connection

Hint#3 Define your server data port range

The server requires a range of local ports to be set for PASV mode to use , such as 1401-1500 , and it is the default port range that works best with most ftp clients , if you are going to change it because of some other reasons such as firewall rules , be sure to remember this range , you may need to set the firewall allowing rule in firewall or router later .

You can find the place to setup your data port range in your server configuration file *.ftpd

USE_DATAPORT_RANGE=1
PORT_FROM=1401
PORT_TO=1500

note 1:to be safe , the range must be larger than your MAX concurrent users , for example if you have 100 max users online , you need at least 100 ports , but we'll recommend more ports such as 150 .

note 2: do not change the port range unless you know what you are doing , some ftp clients won't connect to DATA ports below port 1000 .

note 3: remember the port range you are using , you may need to set it in firewall or router as well

Hint#4 Setup your firewall software

If you are using any security software such as zonealarm , norton internet security , blackice defender , you need to grant raidenftpd.exe with sufficient rights

1. firewall software must allow OUT to IN on main server port , implicit ssl port , explicit ssl port

2. firewall software must allow OUT to IN connections on ALL ports within your data port range (defined in Hint#3)

3. firewall software must allow IN to OUT for ALL ports , because you can not predict the ports that ftp clients will declare

Hint#5 Setup your NAT/Router

NAT and routers hide your real servers from internet visitors , if your server is behide a NAT/Router , the internet visitors can not connect to your server at all , the setup method for each kind of NAT/Router is different , we can not give you a general guide , but we have guides for the 2 routers listed below

Linksys DSL Routers

SMC Barricade routers

If you don't know how to setup your router , your ftp server will not work , you need to read the steps below and find out how to do it on your router

1. NAT/Router must forward connections from internet to real server PC on main server port , implicit ssl port , explicit ssl port (21,990,? usually)

2. NAT/Router must forward connections from internet to real server PC on all ports within data port range , read hint#3 (1401-1500 usually)

3. NAT/Router must NOT modify any PASV response messages from FTP server , warning : many NAT/Router has the ability to modify FTP server PASV response messages , and you NEED to disable it

4. Your server IP must be set to the real internet IP (not your virtual private IP , and auto IP must be disabled)

 

Trouble Shooting#1 Client says he can connect but can not do a dir listing

1. Get ftp client side log from ftp user first , and read it , find the following commands and responses

(CLIENT) PASV

(RAIDEN) 227 Entering Passive Mode (140,89,228,21,4,214)

2. Compare with your server setting 140.89.228.21 should be your server IP , if it is not , read hint#2

3. Calculate the port returned by server , it's 4*256 + 214 = 1238 , this port should be one port within your data port range , if it's not , read hint#3 , if hint#3 is correctly set , the port maybe modified by firewall or router , read hint#4,5 and make sure firewall or router are not touching your passive response messages

4. if (2) (3) are verified but the connection still can not be made , read Hint#4 and Hint#5

5. if you see a 'client ip denied' msg from server response message , modify your ftp server's setting and do not enable 'check data ip' option

Trouble Shooting#2 Client says PASV mode works but not for PORT mode

1. Read hint#1 and understand PASV/PORT commands

2. if the client is behind a NAT , he has to use PASV mode , unless he has a router that will modify his ftp command messages such as microsoft NAT

Trouble Shooting#3 Client says PORT mode works but not for PASV mode

1. Read hint#1 and understand PASV/PORT commands

2. Your server is not configured properly , read from hint#1~hint#5

Trouble Shooting#4 Client says can do normal file transfer but not FXP with other ftp sites

1. Get FULL client side fxp LOG first

2. Read hint#1 and understand PASV and PORT commands

3. FXP is done by operating PASV and PORT commands on 2 different servers , however even if your server is configured properly , that does not mean the other server is configured properly , you will need the hint#1 knowledge to identify the problem

4. Some ftp server does not allow PORT connections to ports below 1024 , if you see this behavior , modify your data port range

5. Many ftp servers can deny FXP (including raidenftpd) , you will see the error msgs from server (if using raidenftpd) , we can not guarantee that all servers will even give you an error msg.

6. If all settings on your server all correct , then it's not your problem , call the other guys

Trouble Shooting#5 The server is setup properly but client does not see the server IP and port you set in your *.ftpd

1. If you are really sure that it's correct

2. then it's modified by your NAT/Router or firewall (hardware or software)

Trouble Shooting#6 The client says that the data connection is refused '[Data Socket Error: Connection refused]'

1. The raidenftpd will return error msg even if client data IP connection is denied , if you do not see anything , read hint#4 and hint#5 , it must be denied or not forwarded correctly

2. if you see the client says '[Data Socket Error: Connection refused]' but your raidenftpd says 'no one connects to me at ip: xxx,xxx,xxx,xxx port:xxxx' , then the connection is blocked , don't waste your time to find our anything wrong in raidenftpd , read hint#4 and hint#5 , note that some ISP will block some ports , so even if everything is correct it is still possible to get this error if your ISP doesn't allow that port to passthrough

That's ALL

Copyright © RaidenFTPD TEAM , ALL RIGHTS RESERVED

REVISION 2.4 , 2003/02/19

The copyrighted works contained in this information service shall not be copied, reproduced, varied, altered, modified, adapted, distributed, performed and displayed in any form without the written permission of the copyright owner. All trademarks belong to their respective owners .