FTP only works from terminal not with other clients
 

Hi
I set up an ftp server with pure-ftpd. It works great except for one little problem, users can only log in from the terminal. If I use any other client it just tries to connect endlessly without success. The server is behind a linkys router. Ports 20 and 21 are forwarded to the computer running the server and I also have open ports open for passive FTP.
The message I get is "Retrieving list of files" after the connection is established; however, nothing happens.
Can someone tell me what is the problem here?
Thanks

This is probably an annoying question, but why are you using this 3rd-party ftp server software instead of the built-in version?

If you do use the built-in MacOS X FTP sharing, do your users have the same problem?

well, the ftp version that ships with OSX lacks the ability to create virtual users. If you wanted to give someone access to your ftp server running in your computer you would have to create a user in your system. That is fine if you only have a few users that you know and trust. However, let's say that you want to create 20 different accounts, are you gonna create 20 accounts in your OS X system? Besides, pure-ftp not only allows for this but it offers a lot of more features that the ftp server that comes with OSX falls short of. For example, you can set quotas for individual users, limit their bandwidth, set upload and download ratios, you can set a limited amount of open ports for passive mode connections, you can see who is logged on and what they're downloading or uploading, etc.

You didn't answer the (highly pertinent) question from AHunter3 about whether the same problems occur with the ftp server supplied with OS X.
(I suspect the problems will be the same, thus indicating that the issue is likely with your router/firewall configuration.)

Hehe, yes, I did forget to answer the most important question. Sorry.
Ok, I guess it's a router problem. I upgraded my connection to 3.0 Mbit DSL and hence I got a new modem. Before, I wouldn't have this problem. I used to have a simple modem plugged into the WAN port of my Linkys router. Now the new modem is indeed a router and a modem at the same time (Wesstel) with as many features as my router. In order to have my computers behind the router share the connection, I set up the modem as an ethernet bridge and disabled DHCP on it. My router has an IP 192.168.1.1 and the modem 192.168.1.254. However, I can not ping nor access the modem once it has been plugged into the router.
What is really confusing is that from the terminal everything works great. It's only when I use a GUI client when everything goes wrong. If I check who is connected I can see the GUI client connected although it is still "retriving list of files". My guess is that things get messy when the client tries to access the ftp server on the non privileged ports for passive mode.
I've tried different ports and different settings on the linkys router and on the server side and nothing seems to work.

Turn Passive Mode from the client OFF

Passive will be prefered since nowadays everybody is behind a firewall. Active FTP mode works as follows: The client connects to port 21 on the server and then the server connects backs to the client from port 20 for data transmission to a port assigned by the client. Most firewalls would interpret this as an illegal access and reject the connection from the server. That is why it's better to use passive mode. In addition to that, most clients use passive mode, and as we know, some users don't even know how to even change their desktop pictures, so imagine telling them to use active mode instead of passive mode. In passive mode the server tells the client to use an assigned open port for data transmission. So, the client connects through two ports on the server both for commands transmission (port 21) and data transmission (ports 1024+) requiring no connection from the server to the client through port 20.
Active mode didn't work either with a GUI client.

Sorry, Very true,

I think the problem is as you think.

I have had a similar problem at work, os9.2.2 and Rumpus ftp server, Nortons Fire Wall.

I set NFW to allow ports 20 and 21
but got connection problems when the NFW blocked the data ports assigned by the R-FTP server.
The server is stuck in PASV, but I found I could change the range of its port selection to say 3001 -3012, using 'limit number of connections' setting. and the PASV range selection.

I then opened these same ports on the NFW. and hey presto.
Clients can still use PASV or Active

I turned off the firewall in the router and in the server and still didn't work.
I think it's a problem between the router and the modem wich happens to be a router too.

Don't some of those Routers have built in FW's also?

It does have a firewall and I'll check it when I get home. However, it makes no sense that I can connect to my ftp from the terminal and not from the GUI. If the first one works then the firewall in the modem is letting the traffic go to the router.

what port does the terminal use?, can you see on the access history on the FW

The terminal uses the same ports as the GUI client. The UNIX ftp connects to port 21, then the server sends a command to the client assigning the port it should use to connect and transfer data, which are 2300 - 2500. I set up the client to use these only for passive mode and opened those ports in the router. If I open all ports over 1024 doesn't work either.

what is the client software you are using, was you doing this from the same machine or remotely

Also you mentioned "Users can only log in from the terminal." but have other users actually tried to connect or is that a figure of speech?

Clutching straws here..

Transmit, Fetch, Explorer, the finder, all from a remote computer.

Three users plus myself, we all get errors.

Please show us a diagram (using dashes & slashes, etc for connectors) of your network configuration, starting from the connection to your ISP. What you have described above seems wrong.
E.g. where does the modem get the 192.168.1.254 address from? You set it manually?
The modem presumably has an external address as well.

Can you do ftp okay if it is between two machines on your local network ? (In this case the modem should be irrelevant)

Here is the diagram and the link with the instructions I followed to share the connection. That is indeed my modem and my router in that web page.

http://www.dslreports.com/faq/6323


http://ejg.ath.cx/lan.jpg

So as I said before:
And if you feel you aren't getting anywhere, you might want to resort to doing a low-level packet capture (e.g. with Ethereal) to see what is happening.

Ok I just did it. Dowlaoded and intalled Fetch and I can connect to my ftp server within the network and do everything an ftp client is supposed to do.
So the problem is without a doubt in the routers, more specifically in the modem. There is some kind of conflict between the two. With my old modem everything was fine.

The problem is likely from using the WAN port on the linksys as opposed to one of the router ports. Fix that, and all should be peachy.

No. I tried other ports and I can't connect to the internet. The only way is using the WAN port on the router.

Yea, nevermind, I actually took a moment to re-read the thread and realized you disabled the router functions of the modem. I also realized I have the same modem. I will fiddle with it when I get a moment. In the mean time, have you tried connecting the server directly to the modem?

I notice that on this link it tells you to update your firmware,
Is yours ok

I just installed the latest firmware and I still have the same problem.

For those who come upon this thread later on (e.g. as a result of a search), see also this thread where discussion of this problem has continued:
http://forums.macosxhints.com/showthread.php?p=146269