A
: PASV connection failure can be caused by many reasons , there is no
simple way to find out what is your problem , if you can't get it to work
you will need to read and evaluate all items listed below
Hint#1
Read PASV theory first
It
is very important to know what are you doing before you are going
to fix any error , read here
If
you don't read it , you can not understand anything listed below |
Hint#2
Check server IP setting
In
your server configuration file *.ftpd , the SERVER_IP must be
set to your real internet IP , if your real internet IP is dynamic
, better apply for a domain name and put it to your SERVER_IP
field , the SERVER_IP full setup guide is here
If
you don't setup this correctly , the server can not know which
IP to use for PASV connection
|
Hint#3
Define your server data port range
The
server requires a range of local ports to be set for PASV mode
to use , such as 1401-1500 , and it is the default port range
that works best with most ftp clients , if you are going to
change it because of some other reasons such as firewall rules
, be sure to remember this range , you may need to set the firewall
allowing rule in firewall or router later .
You
can find the place to setup your data port range in your server
configuration file *.ftpd
USE_DATAPORT_RANGE=1
PORT_FROM=1401
PORT_TO=1500
note
1:to be safe , the range must be larger than your MAX concurrent
users , for example if you have 100 max users online , you need
at least 100 ports , but we'll recommend more ports such as
150 .
note
2: do not change the port range unless you know what you are
doing , some ftp clients won't connect to DATA ports below port
1000 .
note
3: remember the port range you are using , you may need to set
it in firewall or router as well
|
Hint#4
Setup your firewall software
If
you are using any security software such as zonealarm ,
norton internet security , blackice defender , you need
to grant raidenftpd.exe with sufficient rights
1.
firewall software must allow OUT to IN on main server port
, implicit ssl port , explicit ssl port
2.
firewall software must allow OUT to IN connections on ALL
ports within your data port range (defined in Hint#3)
3.
firewall software must allow IN to OUT for ALL ports , because
you can not predict the ports that ftp clients will declare
|
Hint#5
Setup your NAT/Router
NAT
and routers hide your real servers from internet visitors ,
if your server is behide a NAT/Router , the internet visitors
can not connect to your server at all , the setup method for
each kind of NAT/Router is different , we can not give you a
general guide , but we have guides for the 2 routers listed
below
Linksys
DSL Routers
SMC
Barricade routers
If
you don't know how to setup your router , your ftp server will
not work , you need to read the steps below and find out how
to do it on your router
1.
NAT/Router must forward connections from internet to real server
PC on main server port , implicit ssl port , explicit ssl port
(21,990,? usually)
2.
NAT/Router must forward connections from internet to real server
PC on all ports within data port range , read hint#3 (1401-1500
usually)
3.
NAT/Router must NOT modify any PASV response messages from FTP
server , warning : many NAT/Router has the ability to modify
FTP server PASV response messages , and you NEED to disable
it
4.
Your server IP must be set to the real internet IP (not your
virtual private IP , and auto IP must be disabled)
|
Trouble
Shooting#1 Client says he can connect but can not do a dir listing
1.
Get ftp client side log from ftp user first , and read it ,
find the following commands and responses
(CLIENT)
PASV
(RAIDEN)
227 Entering Passive Mode (140,89,228,21,4,214)
2.
Compare with your server setting 140.89.228.21 should be your
server IP , if it is not , read hint#2
3.
Calculate the port returned by server , it's 4*256 + 214 = 1238
, this port should be one port within your data port range ,
if it's not , read hint#3 , if hint#3 is correctly set , the
port maybe modified by firewall or router , read hint#4,5 and
make sure firewall or router are not touching your passive response
messages
4.
if (2) (3) are verified but the connection still can not be
made , read Hint#4 and Hint#5
5.
if you see a 'client ip denied' msg from server response message
, modify your ftp server's setting and do not enable 'check
data ip' option
|
Trouble
Shooting#2 Client says PASV mode works but not for PORT mode
1.
Read hint#1 and understand PASV/PORT commands
2.
if the client is behind a NAT , he has to use PASV mode ,
unless he has a router that will modify his ftp command messages
such as microsoft NAT |
Trouble
Shooting#3 Client says PORT mode works but not for PASV mode
1.
Read hint#1 and understand PASV/PORT commands
2.
Your server is not configured properly , read from hint#1~hint#5 |
Trouble
Shooting#4 Client says can do normal file transfer but not FXP with
other ftp sites
1.
Get FULL client side fxp LOG first
2.
Read hint#1 and understand PASV and PORT commands
3.
FXP is done by operating PASV and PORT commands on 2 different
servers , however even if your server is configured properly
, that does not mean the other server is configured properly
, you will need the hint#1 knowledge to identify the problem
4.
Some ftp server does not allow PORT connections to ports below
1024 , if you see this behavior , modify your data port range
5.
Many ftp servers can deny FXP (including raidenftpd) , you
will see the error msgs from server (if using raidenftpd)
, we can not guarantee that all servers will even give you
an error msg.
6.
If all settings on your server all correct , then it's not
your problem , call the other guys |
Trouble
Shooting#5 The server is setup properly but client does not see
the server IP and port you set in your *.ftpd
1.
If you are really sure that it's correct
2.
then it's modified by your NAT/Router or firewall (hardware
or software) |
Trouble
Shooting#6 The client says that the data connection is refused
'[Data Socket Error: Connection refused]'
1.
The raidenftpd will return error msg even if client data
IP connection is denied , if you do not see anything ,
read hint#4 and hint#5 , it must be denied or not forwarded
correctly
2.
if you see the client says '[Data Socket Error:
Connection refused]' but your raidenftpd says 'no one
connects to me at ip: xxx,xxx,xxx,xxx port:xxxx' , then
the connection is blocked , don't waste your time to find
our anything wrong in raidenftpd , read hint#4 and hint#5
, note that some ISP will block some ports , so even if
everything is correct it is still possible to get this
error if your ISP doesn't allow that port to passthrough |
That's
ALL |