|
Author
|
Topic: Mac firewall blocks Fetch
|
tpayne2
unregistered
|
posted 02-10-2006 09:41 PM
 
I have one ftp server that I can't connect to unless I turn off the Mac firewall. Like some other posters, Fetch 4.0.3 worked with this site fine. Recently upgraded from Mac OSX 10.3.9 to 10.4.4.Connection is instant with Mac firewall off; fails with firewall on. Searched forum and verified:
Fetch prefs - "Use Passive PASV" is checked
Mac Prefs - Airport Network Pane, Proxies tab "Use Passive FTP Mode (PASV) is checked Transcript
Fetch 5.0.5 (5A835) PowerPC running on Mac OS X 10.4.4 (8G32) PowerPC English
StuffIt Engine 0x811, StuffIt SDK Version 9.0.1
Expires 02/25/2006 T
Connecting to 65.207.177.221 port 21 (OS X firewall is on) (2/10/06 8:21:50 PM)
Connected to 65.207.177.221 port 21 (2/10/06 8:21:50 PM)
220 web1a Microsoft FTP Service (Version 5.0).
USER nolacolo\acatestuser
331 Password required for nolacolo\acatestuser.
PASS
230 User nolacolo\acatestuser logged in.
SYST
215 Windows_NT version 5.0
PWD
257 "/" is current directory.
MACB ENABLE
500 'MACB ENABLE': command not understood
PWD
257 "/" is current directory.
TYPE A
200 Type set to A.
PASV
227 Entering Passive Mode (65,207,177,221,9,136)
ABOR
225 ABOR command successful.
PORT 10,0,1,3,13,129
200 PORT command successful.
LIST
150 Opening ASCII mode data connection for /bin/ls.
Active mode connection blocked by OS X firewall, port 3457
ABOR
425 Can't open data connection.
225 ABOR command successful.
ftp_list: -30027 (state == GETTING_LIST)
PWD
257 "/" is current directory.
Update check skipped at 02/10/2006 08:23 PM (next check after 02/17/2006 01:40 PM)
PWD
257 "/" is current directory.
TYPE I
200 Type set to I.
PASV
227 Entering Passive Mode (65,207,177,221,9,162)
|
JimMatthews
Administrator
|
posted 02-13-2006 10:45 AM
It looks like the server blocks passive mode, and your firewall blocks active mode (when your firewall is on). I'm surprised that you'd see anything different with Fetch 4.0.3; could you try it again and post a transcript if it works?Thanks, Jim Matthews
Fetch Softworks
|
tpayne2
New Member
|
posted 02-13-2006 03:18 PM
Sorry, I meant that I could get in with 4.0.3 and OSX 10.3.9. After upgrading to 5.0.5 and 10.4.4 I can't get in unless the firewall is off. Is there a Mac firewall port that should be generally enabled or active enabled? I wonder if Airport might be an issue, although it hasn't been.
|
JimMatthews
Administrator
|
posted 02-13-2006 05:06 PM
Apple made a change to the OS X firewall in 10.4 that may explain what you are seeing. To let active mode FTP work you would have to open the ports from 49152 to 65535.To do that you would click New in the Firewall tab of the Sharing system preference pane, and enter 49152-65535 in the TCP Port field (you can call the entry "FTP client active mode" or something similar). Jim Matthews
Fetch Softworks
|
clint
unregistered
|
posted 02-15-2006 04:59 PM
Since upgrading to Fetch 5.0.5 and OS X 10.4, every upload stalls after a few minutes (although if I keep resuming, I can eventually complete an upload).Following your instructions above, I opened ports 49152-65535 in the TCP Port field, and set Fetch prefs to "Use Passive PASV" mode. Uploads continue to stall. However, using a copy of another FTP client, the free FTP Thingy, I am able to upload to the same server with no problems.
Fetch 5.0.5 (5A835) PowerPC running on Mac OS X 10.4.5 (8H14) PowerPC English
StuffIt Engine 0x800, StuffIt SDK Version 8.0
Partial serial FETCH5X001-JD8U-B6Q6 T
Connecting to mutasis.com port 21 (OS X firewall is off) (2/16/06 10:51:14 AM)
Connected to 72.22.69.38 port 21 (2/16/06 10:51:14 AM)
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 5 of 50 allowed.
220-Local time is now 13:47. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
USER mutasisc
331 User mutasis OK. Password required
PASS
230-User mutasis has group access to: mutasisc
230 OK. Current restricted directory is /
SYST
215 UNIX Type: L8
PWD
257 "/" is your current location
MACB ENABLE
500 Unknown command
CWD public_ftp/creative/rayola/
250 OK. Current directory is /public_ftp/creative/rayola
PWD
257 "/public_ftp/creative/rayola" is your current location
TYPE A
200 TYPE is now ASCII
PASV
227 Entering Passive Mode (72,22,69,38,31,227)
LIST
150 Accepted data connection
drwx------ 6 3865 mutasis 512 Feb 15 13:47 .
drwx------ 4 3865 mutasis 512 Aug 25 13:47 ..
drwxr-xr-x 2 3865 mutasis 512 Feb 2 17:19 DV 2006
drwxr-xr-x 2 3865 mutasis 512 Feb 10 16:27 Miscellaneous Jobs
226-Options: -a -l
226 4 matches total
TYPE I
200 TYPE is now 8-bit binary
PASV
227 Entering Passive Mode (72,22,69,38,32,57)
STOR test_file.sitx
150 Accepted data connection
Update check skipped at 02/16/2006 10:53 AM (next check after 02/24/2006 03:31 PM)
PWD
Unsuccessful transfer of test_file.sitx (2,756,620 bytes, 13,189 bytes/sec, 3:29 elapsed) stopped at 2/16/06 10:55:05 AM
ABOR
421 Timeout (no new data for 900 seconds)
|
JimMatthews
Administrator
|
posted 02-15-2006 06:57 PM
clint:I would turn off "Contact server during long transfers" in the Obscure section of Preferences. That option is not compatible with the PureFTPD server that you are connecting to. Thanks, Jim Matthews
Fetch Softworks
|
tpayne2
New Member
|
posted 02-15-2006 09:30 PM
HI, Jim.
I opened the specified ports and have had intermittent success. However, I can only get to the root level of the ftp server. Attempts to drill further fail. It appears that it is trying to use ports below the ones I opened. In one case it was trying to use a port in the 25000 range. Here are two transcripts. The first from Fetch 5, the other from Fetch 4. Fetch 4 appears to be connected to "/" but is not displaying files. Fetch 5.0.5 (5A835) PowerPC running on Mac OS X 10.4.5 (8H14) PowerPC English
StuffIt Engine 0x811, StuffIt SDK Version 9.0.1
Expires 02/25/2006 T
Connecting to 65.207.177.221 port 21 (OS X firewall is on) (2/15/06 8:17:44 PM)
Connected to 65.207.177.221 port 21 (2/15/06 8:17:45 PM)
220 web1a Microsoft FTP Service (Version 5.0).
USER nolacolo\acatestuser
331 Password required for nolacolo\acatestuser.
PASS
230 User nolacolo\acatestuser logged in.
SYST
215 Windows_NT version 5.0
PWD
257 "/" is current directory.
MACB ENABLE
500 'MACB ENABLE': command not understood
PWD
257 "/" is current directory.
TYPE A
200 Type set to A.
PORT 10,0,1,3,154,193
200 PORT command successful.
LIST
150 Opening ASCII mode data connection for /bin/ls.
Active mode connection blocked by OS X firewall, port 39617
ABOR
425 Can't open data connection.
225 ABOR command successful.
PASV
227 Entering Passive Mode (65,207,177,221,15,120)
ABOR
225 ABOR command successful.
ftp_list: -30028 (state == GETTING_LIST)
Update check skipped at 02/15/2006 08:19 PM (next check after 02/17/2006 01:40 PM)
Fetch 4.0.3 System 0x1045 Serial FETCHFL001-NQ9K-C27B TR
Connecting to 65.207.177.221 port 21 (2/15/06 8:28:17 PM)
220 web1a Microsoft FTP Service (Version 5.0).
USER nolacolo\acatestuser
331 Password required for nolacolo\acatestuser.
PASS
230 User nolacolo\acatestuser logged in.
SYST
215 Windows_NT version 5.0
PWD
257 "/" is current directory.
MACB ENABLE
500 'MACB ENABLE': command not understood
SITE DIRSTYLE
200 MSDOS-like directory output is off
PWD
257 "/" is current directory.
PASV
227 Entering Passive Mode (65,207,177,221,15,208)
LIST
425 Can't open data connection.
ftp_list: -30000 (state == GETTING_LIST)
|
clint
unregistered
|
posted 02-15-2006 10:49 PM
Hi Jim,I turned off "Contact server during long transfers" and am finally able to use Fetch again. I also closed the extra ports I'd recently opened, and Fetch still connects without trouble. Thanks, Clint
|
JimMatthews
Administrator
|
posted 02-16-2006 01:06 PM
tpayne2: Im surprised that Fetch is using a port in that range. Fetch definitely won't open ports below 1024, so you could try opening 1024-65535.Jim Matthews
Fetch Softworks
|
tpayne2
New Member
|
posted 02-16-2006 10:22 PM
OK, I opened the ports from 1024 - 65535 and I'm in all the way. I also turned off PASV in Fetch but that seems to have no effect on the other ftp sites, including the Fetch ftp site. So thanks for the help!
|
Fetch Message Board
UBBFriend: Email This Page to Someone! 
