Your best friend for file transfer.

Fetch application logoFetch

Mac firewall blocks Fetch (10 posts)

  • Started 8 years ago by tpayne2
  • Latest reply 8 years ago from tpayne2
  • tpayne2 Member

    I have one ftp server that I can't connect to unless I turn off the Mac firewall. Like some other posters, Fetch 4.0.3 worked with this site fine. Recently upgraded from Mac OSX 10.3.9 to 10.4.4.

    Connection is instant with Mac firewall off; fails with firewall on.

    Searched forum and verified:
    Fetch prefs - "Use Passive PASV" is checked
    Mac Prefs - Airport Network Pane, Proxies tab "Use Passive FTP Mode (PASV) is checked

    Transcript
    Fetch 5.0.5 (5A835) PowerPC running on Mac OS X 10.4.4 (8G32) PowerPC English
    StuffIt Engine 0x811, StuffIt SDK Version 9.0.1
    Expires 02/25/2006 T
    Connecting to 65.207.177.221 port 21 (OS X firewall is on) (2/10/06 8:21:50 PM)
    Connected to 65.207.177.221 port 21 (2/10/06 8:21:50 PM)
    220 web1a Microsoft FTP Service (Version 5.0).
    USER nolacoloacatestuser
    331 Password required for nolacoloacatestuser.
    PASS
    230 User nolacoloacatestuser logged in.
    SYST
    215 Windows_NT version 5.0
    PWD
    257 "/" is current directory.
    MACB ENABLE
    500 'MACB ENABLE': command not understood
    PWD
    257 "/" is current directory.
    TYPE A
    200 Type set to A.
    PASV
    227 Entering Passive Mode (65,207,177,221,9,136)
    ABOR
    225 ABOR command successful.
    PORT 10,0,1,3,13,129
    200 PORT command successful.
    LIST
    150 Opening ASCII mode data connection for /bin/ls.
    Active mode connection blocked by OS X firewall, port 3457
    ABOR
    425 Can't open data connection.
    225 ABOR command successful.
    ftp_list: -30027 (state == GETTING_LIST)
    PWD
    257 "/" is current directory.
    Update check skipped at 02/10/2006 08:23 PM (next check after 02/17/2006 01:40 PM)
    PWD
    257 "/" is current directory.
    TYPE I
    200 Type set to I.
    PASV
    227 Entering Passive Mode (65,207,177,221,9,162)

    Posted 8 years ago #

  • Jim Matthews Administrator

    It looks like the server blocks passive mode, and your firewall blocks active mode (when your firewall is on). I'm surprised that you'd see anything different with Fetch 4.0.3; could you try it again and post a transcript if it works?

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 8 years ago #

  • tpayne2 Member

    Sorry, I meant that I could get in with 4.0.3 and OSX 10.3.9. After upgrading to 5.0.5 and 10.4.4 I can't get in unless the firewall is off. Is there a Mac firewall port that should be generally enabled or active enabled? I wonder if Airport might be an issue, although it hasn't been.

    Posted 8 years ago #

  • Jim Matthews Administrator

    Apple made a change to the OS X firewall in 10.4 that may explain what you are seeing. To let active mode FTP work you would have to open the ports from 49152 to 65535.

    To do that you would click New in the Firewall tab of the Sharing system preference pane, and enter 49152-65535 in the TCP Port field (you can call the entry "FTP client active mode" or something similar).

    Jim Matthews
    Fetch Softworks

    Posted 8 years ago #

  • clint Member

    Since upgrading to Fetch 5.0.5 and OS X 10.4, every upload stalls after a few minutes (although if I keep resuming, I can eventually complete an upload).

    Following your instructions above, I opened ports 49152-65535 in the TCP Port field, and set Fetch prefs to "Use Passive PASV" mode. Uploads continue to stall.

    However, using a copy of another FTP client, the free FTP Thingy, I am able to upload to the same server with no problems.

    Fetch 5.0.5 (5A835) PowerPC running on Mac OS X 10.4.5 (8H14) PowerPC English
    StuffIt Engine 0x800, StuffIt SDK Version 8.0
    Partial serial FETCH5X001-JD8U-B6Q6 T
    Connecting to mutasis.com port 21 (OS X firewall is off) (2/16/06 10:51:14 AM)
    Connected to 72.22.69.38 port 21 (2/16/06 10:51:14 AM)
    220---------- Welcome to Pure-FTPd [TLS] ----------
    220-You are user number 5 of 50 allowed.
    220-Local time is now 13:47. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    USER mutasisc
    331 User mutasis OK. Password required
    PASS
    230-User mutasis has group access to: mutasisc
    230 OK. Current restricted directory is /
    SYST
    215 UNIX Type: L8
    PWD
    257 "/" is your current location
    MACB ENABLE
    500 Unknown command
    CWD public_ftp/creative/rayola/
    250 OK. Current directory is /public_ftp/creative/rayola
    PWD
    257 "/public_ftp/creative/rayola" is your current location
    TYPE A
    200 TYPE is now ASCII
    PASV
    227 Entering Passive Mode (72,22,69,38,31,227)
    LIST
    150 Accepted data connection
    drwx------ 6 3865 mutasis 512 Feb 15 13:47 .
    drwx------ 4 3865 mutasis 512 Aug 25 13:47 ..
    drwxr-xr-x 2 3865 mutasis 512 Feb 2 17:19 DV 2006
    drwxr-xr-x 2 3865 mutasis 512 Feb 10 16:27 Miscellaneous Jobs
    226-Options: -a -l
    226 4 matches total
    TYPE I
    200 TYPE is now 8-bit binary
    PASV
    227 Entering Passive Mode (72,22,69,38,32,57)
    STOR test_file.sitx
    150 Accepted data connection
    Update check skipped at 02/16/2006 10:53 AM (next check after 02/24/2006 03:31 PM)
    PWD
    Unsuccessful transfer of test_file.sitx (2,756,620 bytes, 13,189 bytes/sec, 3:29 elapsed) stopped at 2/16/06 10:55:05 AM
    ABOR
    421 Timeout (no new data for 900 seconds)

    Posted 8 years ago #

  • Jim Matthews Administrator

    clint:

    I would turn off "Contact server during long transfers" in the Obscure section of Preferences. That option is not compatible with the PureFTPD server that you are connecting to.

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 8 years ago #

  • tpayne2 Member

    HI, Jim.
    I opened the specified ports and have had intermittent success. However, I can only get to the root level of the ftp server. Attempts to drill further fail. It appears that it is trying to use ports below the ones I opened. In one case it was trying to use a port in the 25000 range.

    Here are two transcripts. The first from Fetch 5, the other from Fetch 4. Fetch 4 appears to be connected to "/" but is not displaying files.

    Fetch 5.0.5 (5A835) PowerPC running on Mac OS X 10.4.5 (8H14) PowerPC English
    StuffIt Engine 0x811, StuffIt SDK Version 9.0.1
    Expires 02/25/2006 T
    Connecting to 65.207.177.221 port 21 (OS X firewall is on) (2/15/06 8:17:44 PM)
    Connected to 65.207.177.221 port 21 (2/15/06 8:17:45 PM)
    220 web1a Microsoft FTP Service (Version 5.0).
    USER nolacoloacatestuser
    331 Password required for nolacoloacatestuser.
    PASS
    230 User nolacoloacatestuser logged in.
    SYST
    215 Windows_NT version 5.0
    PWD
    257 "/" is current directory.
    MACB ENABLE
    500 'MACB ENABLE': command not understood
    PWD
    257 "/" is current directory.
    TYPE A
    200 Type set to A.
    PORT 10,0,1,3,154,193
    200 PORT command successful.
    LIST
    150 Opening ASCII mode data connection for /bin/ls.
    Active mode connection blocked by OS X firewall, port 39617
    ABOR
    425 Can't open data connection.
    225 ABOR command successful.
    PASV
    227 Entering Passive Mode (65,207,177,221,15,120)
    ABOR
    225 ABOR command successful.
    ftp_list: -30028 (state == GETTING_LIST)
    Update check skipped at 02/15/2006 08:19 PM (next check after 02/17/2006 01:40 PM)

    Fetch 4.0.3 System 0x1045 Serial FETCHFL001-NQ9K-C27B TR
    Connecting to 65.207.177.221 port 21 (2/15/06 8:28:17 PM)
    220 web1a Microsoft FTP Service (Version 5.0).
    USER nolacoloacatestuser
    331 Password required for nolacoloacatestuser.
    PASS
    230 User nolacoloacatestuser logged in.
    SYST
    215 Windows_NT version 5.0
    PWD
    257 "/" is current directory.
    MACB ENABLE
    500 'MACB ENABLE': command not understood
    SITE DIRSTYLE
    200 MSDOS-like directory output is off
    PWD
    257 "/" is current directory.
    PASV
    227 Entering Passive Mode (65,207,177,221,15,208)
    LIST
    425 Can't open data connection.
    ftp_list: -30000 (state == GETTING_LIST)

    Posted 8 years ago #

  • clint Member

    Hi Jim,

    I turned off "Contact server during long transfers" and am finally able to use Fetch again. I also closed the extra ports I'd recently opened, and Fetch still connects without trouble.

    Thanks,

    Clint

    Posted 8 years ago #

  • Jim Matthews Administrator

    tpayne2: Im surprised that Fetch is using a port in that range. Fetch definitely won't open ports below 1024, so you could try opening 1024-65535.

    Jim Matthews
    Fetch Softworks

    Posted 8 years ago #

  • tpayne2 Member

    OK, I opened the ports from 1024 - 65535 and I'm in all the way. I also turned off PASV in Fetch but that seems to have no effect on the other ftp sites, including the Fetch ftp site. So thanks for the help!

    Posted 8 years ago #

Reply

  • Or nickname, if you prefer.
  • This will be kept confidential.
  • This is to ensure that you’re a person, not a spambot.