Your best friend for file transfer.
Fetch
"Sorry, but I won't connect to ports (15 posts)
- Started 13 years ago by J
- Latest reply 10 years ago from Jim Matthews
-
J Member
-
Jim Matthews Administrator
Hi,
As the message says, it appears that a server firewall is blocking passive mode connections. So my first suggestion would be to contact the server administrator and ask her or him to allow passive mode FTP.
If that does not work the next thing I would try is connecting your Mac directly to your cable or DSL modem; that may allow active mode FTP to work.
Please let me know how it goes.
Thanks,
Jim Matthews
Fetch Softworks -
storyleader Member
I have the same problem with Fetch. I can connect to the same server with Filezilla, though, so I know the problem is not with the server.
Are there some Fetch preferences I should try changing? Or...?
I am using Fetch 5.6 under Mac OS X 10.6.8, Intel.
Thanks!
-
storyleader Member
Here is the transcript, edited not to show the IP# and username. I keep thinking that there must be a settings issue, since the same server allows listing by Filezilla, from the same Mac.
--------------------
Fetch 5.6 (5F64) Intel running on Mac OS X 10.6.8 (10K549) Intel English
StuffIt Engine 0x820, StuffIt SDK Version 10.1.1b1
Partial serial FETCH55001-LLYU-CFLF T
Connecting to xx.xxx.xx.67 port 21 (Mac OS X firewall is allowing connections) (9/27/11 9:56 PM)
Connected to xx.xxx.xx.67 port 21 (9/27/11 9:56 PM)
220 FTP Server ready.
AUTH TLS
234 AUTH TLS successful
Connecting to xx.xxx.xx.67 port 21 (Mac OS X firewall is allowing connections) (9/27/11 9:56 PM)
Connected to xx.xxx.xx.67 port 21 (9/27/11 9:56 PM)
220 FTP Server ready.
AUTH TLS
234 AUTH TLS successful
USER xusernamex
331 Password required for xusernamex
PASS
230 User xusernamex logged in
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
SYST
215 UNIX Type: L8
PWD
257 "/" is the current directory
CWD public_html
250 CWD command successful
PWD
257 "/public_html" is the current directory
PWD
257 "/public_html" is the current directory
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (XX,XXX,XX,67,45,243).
Making data connection to xx.xxx.xx.67 port 11763
LIST -al
150 Opening ASCII mode data connection for file list
425 Unable to build data connection: Operation not permitted
ftp_list: 2,-30005 (state == GETTING_LIST)
Fetch could not get the file list because the FTP server could not open a passive data connection. (A server firewall might be blocking passive mode (PASV) transfers. Ask the server administrator for help, or try unchecking the “Use passive mode transfers (PASV)” box in the General pane of the Preferences.
Server responded: “Unable to build data connection: Operation not permitted”)
PWD
257 "/public_html" is the current directory
Update check skipped at 9/27/11 9:57 PM (next check after 10/3/11 11:08 AM)
PWD
257 "/public_html" is the current directory
PWD
257 "/public_html" is the current directory
PWD
257 "/public_html" is the current directory
PWD
257 "/public_html" is the current directory
QUIT
221 Goodbye. -
storyleader Member
In case this helps at all, here is the Filezilla transcript for connecting to the same server (with the same obfuscations):
--------
Status: Connecting to XX.XXX.XX.67:21...
Status: Connection established, waiting for welcome message...
Response: 220 FTP Server ready.
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER xusernamex
Status: TLS/SSL connection established.
Response: 331 Password required for xusernamex
Command: PASS **********
Response: 230 User xusernamex logged in
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: MDTM
Response: MFMT
Response: LANG en-US;fr-FR;it-IT;ja-JP;ko-KR;ru-RU;zh-CN;zh-TW;bg-BG
Response: TVFS
Response: UTF8
Response: AUTH TLS
Response: MFF modify;UNIX.group;UNIX.mode;
Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: 211 End
Command: OPTS UTF8 ON
Response: 200 UTF8 set to on
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (XX,XXX,XX,67,45,4).
Command: MLSD
Response: 150 Opening ASCII mode data connection for MLSD
Response: 226 Transfer complete
Status: Directory listing successful -
Jim Matthews Administrator
Thank you for contacting us about this, and providing those transcripts. Would it be possible for us to get a test account on this server, so we could investigate further?
Thanks,
Jim Matthews
Fetch Softworks -
storyleader Member
Yes, Jim. I have created an account. Could you give me a private way to send you the credentials?
Doug
-
Jim Matthews Administrator
Hi Doug,
Send the info to bugs@fetchsoftworks.com
Thanks!
-
rtfm Member
Hey Jim
Was a fix ever created for this? We see the same using ProFTPD and believe it's a result of their adding checks for SSL session reuse. We can obviously apply their workaround, but circumventing security measures just to get stuff working never feels like a good thing to be doing. From their release notes:
The NoSessionReuseRequired option has been added. As of
ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
that reuse the SSL session of the control connection, as a security
measure. Unfortunately, there are some clients (e.g. curl) which
do not reuse SSL sessions.To relax the requirement that the SSL session from the control
connection be reused for data connections, use the following in the
proftpd.conf:<IfModule mod_tls.c>
...
TLSOptions NoSessionReuseRequired
...
</IfModule> -
Jim Matthews Administrator
Hi rtfm,
That is still an issue. The OS X SSL library that Fetch uses does not provide a way to reuse SSL sessions, so there isn't much we can do short of rewriting all the SSL support to use a different library. It is not clear to me that much security is gained by requiring session reuse -- most servers have no such requirement -- but I am not a security expert.
Thanks,
Jim Matthews
Fetch Softworks -
rtfm Member
OK, thanks for checking in on that. You're probably right that it doesn't add much, if anything, but it's at least something to be aware of if the ProFTPD folks think it's important enough to make the default. We switched it off though, so I guess we're all set for the time being. Thanks again.
-
Nicky Member
Hi Fetch.
I'm encountering the same issue here which has never happened before and I've been using Fetch for years.I've just recently relocated and am using a new router and internet connection. Here's the exert from my log:
Connecting to www.xxx.com port 21 (Mac OS X firewall is allowing connections) (13-01-24 9:55 AM)
Connected to 64.69.93.68 port 21 (13-01-24 9:55 AM)
220 (vsFTPd 2.0.5)
USER blt
331 Please specify the password.
PASS
230 Login successful.
SYST
215 UNIX Type: L8
PWD
257 "/"
CWD /xxx.com/www
250 Directory successfully changed.
TYPE A
200 Switching to ASCII mode.
PORT 192,168,0,10,215,198
200 PORT command successful. Consider using PASV.
STOR index2.php
ABOR
FTP::ftp_abort() FTP_ABOR_SENT_CMD TickCount() = 1080412 reply_received = 1080412 TickCount() - reply_received = 0
FTP::ftp_abort() FTP_ABOR_SENT_CMD TickCount() = 1080413 reply_received = 1080412 TickCount() - reply_received = 1
FTP::ftp_abort() FTP_ABOR_SENT_CMD TickCount() = 1081312 reply_received = 1080412 TickCount() - reply_received = 900
ftp_store_setup: 2,-30028 (state == PUT_SETTING_UP)
retry_failed_operation derr = 2, -30028 retry_state = PUT_SETTING_UP cancel_cur_cmd = 0 force_reconnect = 0 tw->retry_reconnect_count = 4 making_progress = 0, tw->retry_count = 4
Fetch could not put “index2.php” because there was a timeout waiting for the server to establish an active data connection. (A local firewall might be blocking active mode (PORT) transfers. Try checking the “Use passive mode transfers (PASV)” box in the General pane of the Preferences, or turn off firewall port blocking.)Ok. Now with all that said, my firewall is indeed off and I don't see an option to turn off port blocking. I've also tried passive mode but to no avail. Any idea what's happening? I can upload the files via my website hosting panel so that's cool. I can not however use Fetch which is not cool.
I haven't any other problem with my wireless connection so I assume it is the Fetch program. Or perhaps I need to contact my hosting company?
I'm running out of options here so I thought I would contact you with the remote possibility that there's a disconnect with your program and this issue can be resolved.
Please advise.To note: The router is D-Link (DIR-615, h/w ver.C1).
Running: OSX.10.6.8 Snow Leopard
Hosting Company: ehosting.caI thank you in advance for your insight.
Kind Regards,
Nicky -
Jim Matthews Administrator
Hi,
As the error message says, it looks like a firewall is blocking the FTP server's attempt to connect back to Fetch. That firewall could be at the web server, your ISP, or in your D-Link router.
What version of Fetch do you have?
Thanks,
Jim Matthews
Fetch Softworks -
Nicky Member
Hi Jim,
Thanks for getting back to me so quickly. Fetch version is the latest 5.7.3. I've contacted my server to find out if the block is at their end. I can't see why it would be because it was working at my previous location with my Linksys router.
Unfortunately, it's going to be a bust contacting D-Link for the router as their on-site support-"Link" doesn't work.
Disappointing to say the least.Again Jim, thank you so very much.
Nicky -
Jim Matthews Administrator
Have you tried connecting your Mac directly to the cable or DSL modem, i.e. bypassing the D-Link?
Jim Matthews
Fetch Softworks
- Page 1
First I was getting this error. "sorry, but I won't connect to ports < 1024"
...now... Fetch is timing out and telling me "A server firewall might be blocking passive mode (PASV) transfer. Please Ask the server administrator for help."
At times, I have seen the files come up on screen then disappear, only to display another error message. I have 2 different hosts, and I can not access sites on either severs. Please Help!
Thanks in Advance!
Fetch 5.5.3 (5E778) PowerPC running on Mac OS X 10.5.8 (9L31a) PowerPC English
StuffIt Engine 0x820, StuffIt SDK Version 10.1.1b1
Expires 4/11/10 T
Connecting to jasonbeardweb.com port 21 (Mac OS X firewall is allowing connections) (3/27/10 12:03 PM)
Connected to 97.74.183.128 port 21 (3/27/10 12:03 PM)
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 7 of 500 allowed.
220-Local time is now 11:02. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
USER pxxxxxx
331 User pxxxxxx OK. Password required
PASS
230-User pxxxxxx has group access to: inetuser
230 OK. Current restricted directory is /
SYST
215 UNIX Type: L8
PWD
257 "/" is your current location
MACB ENABLE
500 Unknown command
PWD
257 "/" is your current location
TYPE A
200 TYPE is now ASCII
PORT 192,168,1,100,201,56
501 Sorry, but I won't connect to ports < 1024
PASV
227 Entering Passive Mode (97,74,183,128,197,23)
Making data connection to 97.74.183.128 port 50455
ABOR
500 ?
ftp_list: 2,-30000 (state == GETTING_LIST)
PWD
257 "/" is your current location
Update check skipped at 3/27/10 12:04 PM (next check after 3/28/10 1:08 AM)
PWD
257 "/" is your current location
PWD
257 "/" is your current location
PWD
257 "/" is your current location
PWD
257 "/" is your current location
QUIT
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
Connecting to jasonbeardweb.com port 21 (Mac OS X firewall is allowing connections) (3/27/10 12:10 PM)
Connected to 97.74.183.128 port 21 (3/27/10 12:10 PM)
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 5 of 500 allowed.
220-Local time is now 11:10. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 3 minutes of inactivity.
USER pxxxxx
331 User pxxxxx OK. Password required
PASS
230-User pxxxxx has group access to: inetuser
230 OK. Current restricted directory is /
SYST
215 UNIX Type: L8
PWD
257 "/" is your current location
MACB ENABLE
500 Unknown command
CWD /
250 OK. Current directory is /
PWD
257 "/" is your current location
CWD /
250 OK. Current directory is /
PWD
257 "/" is your current location
TYPE A
200 TYPE is now ASCII
PASV
227 Entering Passive Mode (97,74,183,128,195,124)
Making data connection to 97.74.183.128 port 50044
ABOR
500 ?
PORT 192,168,1,100,201,123
501 Sorry, but I won't connect to ports < 1024
ftp_list: 2,-30037 (state == GETTING_LIST)
PWD
257 "/" is your current location
PWD
257 "/" is your current location
PWD
257 "/" is your current location
Posted 13 years ago #