Your best friend for file transfer.

Fetch application logoFetch

"Sorry, but I won't connect to ports (15 posts)

  • Started 4 years ago by J
  • Latest reply 1 year ago from Jim Matthews
  • J Member

    First I was getting this error. "sorry, but I won't connect to ports < 1024"

    ...now... Fetch is timing out and telling me "A server firewall might be blocking passive mode (PASV) transfer. Please Ask the server administrator for help."

    At times, I have seen the files come up on screen then disappear, only to display another error message. I have 2 different hosts, and I can not access sites on either severs. Please Help!
    Thanks in Advance!

    Fetch 5.5.3 (5E778) PowerPC running on Mac OS X 10.5.8 (9L31a) PowerPC English
    StuffIt Engine 0x820, StuffIt SDK Version 10.1.1b1
    Expires 4/11/10 T
    Connecting to jasonbeardweb.com port 21 (Mac OS X firewall is allowing connections) (3/27/10 12:03 PM)
    Connected to 97.74.183.128 port 21 (3/27/10 12:03 PM)
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 7 of 500 allowed.
    220-Local time is now 11:02. Server port: 21.
    220-This is a private system - No anonymous login
    220 You will be disconnected after 3 minutes of inactivity.
    USER pxxxxxx
    331 User pxxxxxx OK. Password required
    PASS
    230-User pxxxxxx has group access to: inetuser
    230 OK. Current restricted directory is /
    SYST
    215 UNIX Type: L8
    PWD
    257 "/" is your current location
    MACB ENABLE
    500 Unknown command
    PWD
    257 "/" is your current location
    TYPE A
    200 TYPE is now ASCII
    PORT 192,168,1,100,201,56
    501 Sorry, but I won't connect to ports < 1024
    PASV
    227 Entering Passive Mode (97,74,183,128,197,23)
    Making data connection to 97.74.183.128 port 50455
    ABOR
    500 ?
    ftp_list: 2,-30000 (state == GETTING_LIST)
    PWD
    257 "/" is your current location
    Update check skipped at 3/27/10 12:04 PM (next check after 3/28/10 1:08 AM)
    PWD
    257 "/" is your current location
    PWD
    257 "/" is your current location
    PWD
    257 "/" is your current location
    PWD
    257 "/" is your current location
    QUIT
    221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
    221 Logout.
    Connecting to jasonbeardweb.com port 21 (Mac OS X firewall is allowing connections) (3/27/10 12:10 PM)
    Connected to 97.74.183.128 port 21 (3/27/10 12:10 PM)
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 5 of 500 allowed.
    220-Local time is now 11:10. Server port: 21.
    220-This is a private system - No anonymous login
    220 You will be disconnected after 3 minutes of inactivity.
    USER pxxxxx
    331 User pxxxxx OK. Password required
    PASS
    230-User pxxxxx has group access to: inetuser
    230 OK. Current restricted directory is /
    SYST
    215 UNIX Type: L8
    PWD
    257 "/" is your current location
    MACB ENABLE
    500 Unknown command
    CWD /
    250 OK. Current directory is /
    PWD
    257 "/" is your current location
    CWD /
    250 OK. Current directory is /
    PWD
    257 "/" is your current location
    TYPE A
    200 TYPE is now ASCII
    PASV
    227 Entering Passive Mode (97,74,183,128,195,124)
    Making data connection to 97.74.183.128 port 50044
    ABOR
    500 ?
    PORT 192,168,1,100,201,123
    501 Sorry, but I won't connect to ports < 1024
    ftp_list: 2,-30037 (state == GETTING_LIST)
    PWD
    257 "/" is your current location
    PWD
    257 "/" is your current location
    PWD
    257 "/" is your current location

    Posted 4 years ago #

  • Jim Matthews Administrator

    Hi,

    As the message says, it appears that a server firewall is blocking passive mode connections. So my first suggestion would be to contact the server administrator and ask her or him to allow passive mode FTP.

    If that does not work the next thing I would try is connecting your Mac directly to your cable or DSL modem; that may allow active mode FTP to work.

    Please let me know how it goes.

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 4 years ago #

  • storyleader Member

    I have the same problem with Fetch. I can connect to the same server with Filezilla, though, so I know the problem is not with the server.

    Are there some Fetch preferences I should try changing? Or...?

    I am using Fetch 5.6 under Mac OS X 10.6.8, Intel.

    Thanks!

    Posted 2 years ago #

  • storyleader Member

    Here is the transcript, edited not to show the IP# and username. I keep thinking that there must be a settings issue, since the same server allows listing by Filezilla, from the same Mac.

    --------------------

    Fetch 5.6 (5F64) Intel running on Mac OS X 10.6.8 (10K549) Intel English
    StuffIt Engine 0x820, StuffIt SDK Version 10.1.1b1
    Partial serial FETCH55001-LLYU-CFLF T
    Connecting to xx.xxx.xx.67 port 21 (Mac OS X firewall is allowing connections) (9/27/11 9:56 PM)
    Connected to xx.xxx.xx.67 port 21 (9/27/11 9:56 PM)
    220 FTP Server ready.
    AUTH TLS
    234 AUTH TLS successful
    Connecting to xx.xxx.xx.67 port 21 (Mac OS X firewall is allowing connections) (9/27/11 9:56 PM)
    Connected to xx.xxx.xx.67 port 21 (9/27/11 9:56 PM)
    220 FTP Server ready.
    AUTH TLS
    234 AUTH TLS successful
    USER xusernamex
    331 Password required for xusernamex
    PASS
    230 User xusernamex logged in
    PBSZ 0
    200 PBSZ 0 successful
    PROT P
    200 Protection set to Private
    SYST
    215 UNIX Type: L8
    PWD
    257 "/" is the current directory
    CWD public_html
    250 CWD command successful
    PWD
    257 "/public_html" is the current directory
    PWD
    257 "/public_html" is the current directory
    TYPE A
    200 Type set to A
    PASV
    227 Entering Passive Mode (XX,XXX,XX,67,45,243).
    Making data connection to xx.xxx.xx.67 port 11763
    LIST -al
    150 Opening ASCII mode data connection for file list
    425 Unable to build data connection: Operation not permitted
    ftp_list: 2,-30005 (state == GETTING_LIST)
    Fetch could not get the file list because the FTP server could not open a passive data connection. (A server firewall might be blocking passive mode (PASV) transfers. Ask the server administrator for help, or try unchecking the “Use passive mode transfers (PASV)” box in the General pane of the Preferences.
    Server responded: “Unable to build data connection: Operation not permitted”)
    PWD
    257 "/public_html" is the current directory
    Update check skipped at 9/27/11 9:57 PM (next check after 10/3/11 11:08 AM)
    PWD
    257 "/public_html" is the current directory
    PWD
    257 "/public_html" is the current directory
    PWD
    257 "/public_html" is the current directory
    PWD
    257 "/public_html" is the current directory
    QUIT
    221 Goodbye.

    Posted 2 years ago #

  • storyleader Member

    In case this helps at all, here is the Filezilla transcript for connecting to the same server (with the same obfuscations):

    --------

    Status: Connecting to XX.XXX.XX.67:21...
    Status: Connection established, waiting for welcome message...
    Response: 220 FTP Server ready.
    Command: AUTH TLS
    Response: 234 AUTH TLS successful
    Status: Initializing TLS...
    Status: Verifying certificate...
    Command: USER xusernamex
    Status: TLS/SSL connection established.
    Response: 331 Password required for xusernamex
    Command: PASS **********
    Response: 230 User xusernamex logged in
    Command: SYST
    Response: 215 UNIX Type: L8
    Command: FEAT
    Response: 211-Features:
    Response: MDTM
    Response: MFMT
    Response: LANG en-US;fr-FR;it-IT;ja-JP;ko-KR;ru-RU;zh-CN;zh-TW;bg-BG
    Response: TVFS
    Response: UTF8
    Response: AUTH TLS
    Response: MFF modify;UNIX.group;UNIX.mode;
    Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
    Response: PBSZ
    Response: PROT
    Response: REST STREAM
    Response: SIZE
    Response: 211 End
    Command: OPTS UTF8 ON
    Response: 200 UTF8 set to on
    Command: PBSZ 0
    Response: 200 PBSZ 0 successful
    Command: PROT P
    Response: 200 Protection set to Private
    Status: Connected
    Status: Retrieving directory listing...
    Command: PWD
    Response: 257 "/" is the current directory
    Command: TYPE I
    Response: 200 Type set to I
    Command: PASV
    Response: 227 Entering Passive Mode (XX,XXX,XX,67,45,4).
    Command: MLSD
    Response: 150 Opening ASCII mode data connection for MLSD
    Response: 226 Transfer complete
    Status: Directory listing successful

    Posted 2 years ago #

  • Jim Matthews Administrator

    Thank you for contacting us about this, and providing those transcripts. Would it be possible for us to get a test account on this server, so we could investigate further?

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 2 years ago #

  • storyleader Member

    Yes, Jim. I have created an account. Could you give me a private way to send you the credentials?

    Doug

    Posted 2 years ago #

  • Jim Matthews Administrator

    Hi Doug,

    Send the info to bugs@fetchsoftworks.com

    Thanks!

    Posted 2 years ago #

  • rtfm Member

    Hey Jim

    Was a fix ever created for this? We see the same using ProFTPD and believe it's a result of their adding checks for SSL session reuse. We can obviously apply their workaround, but circumventing security measures just to get stuff working never feels like a good thing to be doing. From their release notes:

    The NoSessionReuseRequired option has been added. As of
    ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
    that reuse the SSL session of the control connection, as a security
    measure. Unfortunately, there are some clients (e.g. curl) which
    do not reuse SSL sessions.

    To relax the requirement that the SSL session from the control
    connection be reused for data connections, use the following in the
    proftpd.conf:

    <IfModule mod_tls.c>
    ...
    TLSOptions NoSessionReuseRequired
    ...
    </IfModule>

    Posted 2 years ago #

  • Jim Matthews Administrator

    Hi rtfm,

    That is still an issue. The OS X SSL library that Fetch uses does not provide a way to reuse SSL sessions, so there isn't much we can do short of rewriting all the SSL support to use a different library. It is not clear to me that much security is gained by requiring session reuse -- most servers have no such requirement -- but I am not a security expert.

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 2 years ago #

  • rtfm Member

    OK, thanks for checking in on that. You're probably right that it doesn't add much, if anything, but it's at least something to be aware of if the ProFTPD folks think it's important enough to make the default. We switched it off though, so I guess we're all set for the time being. Thanks again.

    Posted 2 years ago #

  • Nicky Member

    Hi Fetch.
    I'm encountering the same issue here which has never happened before and I've been using Fetch for years.

    I've just recently relocated and am using a new router and internet connection. Here's the exert from my log:
    Connecting to www.xxx.com port 21 (Mac OS X firewall is allowing connections) (13-01-24 9:55 AM)
    Connected to 64.69.93.68 port 21 (13-01-24 9:55 AM)
    220 (vsFTPd 2.0.5)
    USER blt
    331 Please specify the password.
    PASS
    230 Login successful.
    SYST
    215 UNIX Type: L8
    PWD
    257 "/"
    CWD /xxx.com/www
    250 Directory successfully changed.
    TYPE A
    200 Switching to ASCII mode.
    PORT 192,168,0,10,215,198
    200 PORT command successful. Consider using PASV.
    STOR index2.php
    ABOR
    FTP::ftp_abort() FTP_ABOR_SENT_CMD TickCount() = 1080412 reply_received = 1080412 TickCount() - reply_received = 0
    FTP::ftp_abort() FTP_ABOR_SENT_CMD TickCount() = 1080413 reply_received = 1080412 TickCount() - reply_received = 1
    FTP::ftp_abort() FTP_ABOR_SENT_CMD TickCount() = 1081312 reply_received = 1080412 TickCount() - reply_received = 900
    ftp_store_setup: 2,-30028 (state == PUT_SETTING_UP)
    retry_failed_operation derr = 2, -30028 retry_state = PUT_SETTING_UP cancel_cur_cmd = 0 force_reconnect = 0 tw->retry_reconnect_count = 4 making_progress = 0, tw->retry_count = 4
    Fetch could not put “index2.php” because there was a timeout waiting for the server to establish an active data connection. (A local firewall might be blocking active mode (PORT) transfers. Try checking the “Use passive mode transfers (PASV)” box in the General pane of the Preferences, or turn off firewall port blocking.)

    Ok. Now with all that said, my firewall is indeed off and I don't see an option to turn off port blocking. I've also tried passive mode but to no avail. Any idea what's happening? I can upload the files via my website hosting panel so that's cool. I can not however use Fetch which is not cool.

    I haven't any other problem with my wireless connection so I assume it is the Fetch program. Or perhaps I need to contact my hosting company?

    I'm running out of options here so I thought I would contact you with the remote possibility that there's a disconnect with your program and this issue can be resolved.
    Please advise.

    To note: The router is D-Link (DIR-615, h/w ver.C1).
    Running: OSX.10.6.8 Snow Leopard
    Hosting Company: ehosting.ca

    I thank you in advance for your insight.
    Kind Regards,
    Nicky

    Posted 1 year ago #

  • Jim Matthews Administrator

    Hi,

    As the error message says, it looks like a firewall is blocking the FTP server's attempt to connect back to Fetch. That firewall could be at the web server, your ISP, or in your D-Link router.

    What version of Fetch do you have?

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 1 year ago #

  • Nicky Member

    Hi Jim,

    Thanks for getting back to me so quickly. Fetch version is the latest 5.7.3. I've contacted my server to find out if the block is at their end. I can't see why it would be because it was working at my previous location with my Linksys router.
    Unfortunately, it's going to be a bust contacting D-Link for the router as their on-site support-"Link" doesn't work.
    Disappointing to say the least.

    Again Jim, thank you so very much.
    Nicky

    Posted 1 year ago #

  • Jim Matthews Administrator

    Have you tried connecting your Mac directly to the cable or DSL modem, i.e. bypassing the D-Link?

    Jim Matthews
    Fetch Softworks

    Posted 1 year ago #

Reply

  • Or nickname, if you prefer.
  • This will be kept confidential.
  • This is to ensure that you’re a person, not a spambot.