Your best friend for file transfer.

Fetch application logoFetch

Passive mode problem (Fetch could not get the file list....) (4 posts)

  • Started 14 years ago by GoodDoggie
  • Latest reply 14 years ago from Jim Matthews
  • GoodDoggie Member

    I'm trying to get a plain FTP connection in passive mode. It connects and logs in okay, but then says, "Fetch could not get the file list because data connections were blocked by both a firewall at the server and by the Mac OS X firewall. Ask the server administrator to allow passive mode data connections through their firewall, or turn off the Mac OS X firewall ..."

    I have Fetch 5.31 on Mac OS X 10.4.11 with Mac Firewall on. p.s. turning off my Mac firewall is not an option.

    Fetch prefs all have default settings except these 3:
    Security: Specify GSSAPI channel bindings UNChecked
    Obscure: Do not send ADAT probe CHECKED
    Obscure: Do not send MACB probe CHECKED

    It used to work fine - in passive mode and with my Mac firewall on. Then a month ago they set me up with 'FTP with TLS/SSL' which worked, but had to disabled temporaily to resolve load balancing issues. Everything was supposedly restored to the original (plain FTP) configuration, but it has not worked since.

    Our server admin says that the server is configured to allow passive mode.

    I've tried
    - rebooting the Mac and cable modem (there's no router),
    - temporarily installing a newer Fetch (5.5),
    - deleting the Fetch prefs file,
    - tweaking different Fetch prefs.
    ... but nothing helps. I also tried SFTP but no luck (error "SFTP connection... could not be opened because the connection to the SFTP server could not be established or was lost.")

    The server admin says he can get in to my acct and get a file listing no problem (on Windows using WSFTP) - but he's on a private internet with the server. Might that make a difference in getting passive mode?

    My Fetch Transcript is below (Note: I manually inserted some ipfwlog etc entries (lines beginning with ***), in the order that they appeared).

    Any help would be greatly appreciated.

    Fetch transcript
    =============================
    Connecting to capecodxyz.com port 21 (Mac OS X firewall is on) (03/24/10 2:01:5 pm)
    Connected to 215.217.17.10 port 21 (03/24/10 2:01:5 pm)
    220 Microsoft FTP Service
    USER capecodxyz.com|ccxyz
    331 Password required for capecodxyz.com|ccxyz.
    PASS
    230-Welcome message
    230 User logged in.
    SYST
    215 Windows_NT
    PWD
    257 "/" is current directory.
    PWD
    257 "/" is current directory.
    TYPE A
    200 Type set to A.
    PASV
    227 Entering Passive Mode (215,217,17,10,39,154).
    Making data connection to 215.217.17.10 port 10138
    ABOR
    226 ABOR command successful.
    PORT 72,72,55,88,192,11
    200 PORT command successful.
    LIST -al
    150 Opening ASCII mode data connection.
    *** ipfw.log: Mar 24 14:01:20 z ipfw: 12190 Deny TCP 119.153.175.176:2721 72.72.55.88:445 in via ppp0
    *** ipfw.log: Mar 24 14:01:23 z ipfw: 12190 Deny TCP 119.153.175.176:2721 72.72.55.88:445 in via ppp0
    *** ipfw.log: Mar 24 14:01:26 z ipfw: 12190 Deny TCP 215.217.17.10:20 72.72.55.88:49163 in via ppp0
    *** ipfw.log: Mar 24 14:01:29 z ipfw: 12190 Deny TCP 215.217.17.10:20 72.72.55.88:49163 in via ppp0
    *** ipfw.log: Mar 24 14:01:35 z ipfw: 12190 Deny TCP 215.217.17.10:20 72.72.55.88:49163 in via ppp0
    Active mode connection blocked by Mac OS X firewall, port 49163
    ABOR
    550 Data channel was closed by ABOR command from client.
    226 ABOR command successful.
    ftp_list: 2,-30031 (state == GETTING_LIST)
    *** Fetch Error window displays: "Fetch could not get the file list because data connections were blocked..."
    *** ipfw.log: Mar 24 14:02:02 z ipfw: 35000 Deny UDP 24.213.149.122:17156 72.72.55.88:43689 in via ppp0
    *** ipfw.log: Mar 24 14:02:50 z ipfw: 35000 Deny UDP 74.77.187.89:1037 72.72.55.88:47187 in via ppp0
    PWD
    257 "/" is current directory.
    =========================

    Posted 14 years ago #

  • Jim Matthews Administrator

    Hello,

    Thanks for your report, and for including the transcript.

    > Our server admin says that the server is configured to allow passive mode.

    That does not appear to be the case.

    > The server admin says he can get in to my acct and get a file listing no problem (on Windows using WSFTP) - but he's on a private internet with the server. Might that make a difference in getting passive mode?

    Yes, that would make all the difference. Also, the server admin might be using active mode (which is not an option for you as long as you are running the OS X firewall).

    I would go back to the server administrator and ask them to allow FTP passive mode data connections.

    Thanks,

    Jim Matthews
    Fetch Softworks

    Posted 14 years ago #

  • GoodDoggie Member

    Thank you Jim, for your quick response.
    A follow up question: I need to qualify my statement that he's on a private internet. I was just guessing, based on a connection log he sent me, which had a PORT command with an IP 172.17.x.x (which Lookup says is Class B address space for private internets). I just assumed that means the server sees him as coming from the private internet and not from the outside. I hope that doesn't change your answer.

    Posted 14 years ago #

  • Jim Matthews Administrator

    No, that doesn't change my answer. And if he's sending a PORT command then he isn't using passive mode at all (the PASV command is used for passive mode).

    Posted 14 years ago #

Reply

  • Or nickname, if you prefer.
  • This will be kept confidential.
  • This is to ensure that you’re a person, not a spambot.