Passive ftp from external host

What router are you using??? It looks like it is connecting ok but loses session when moving to passive ports. Give me screenshot of your FTP settings page in OMV web-gui. What are you using for your client software??? FileZilla??

It is most likely issue with router.

If you are connecting ok with Filezilla it must be something with this whmeasybackup working with your Passive FTP. Do they have a forum that you can ask questions??? I am not familiar with this software.

It says it supports Passive FTP.

Is it setup to test passive?

I tested my passive ftp server on ftptest.net and it worked.

I suspect it is issue with your router. Try opening ports 14100-14105 on your router and forward to your OMV. If that works it is issue with your router.

A bit of theory first Active/passive only matters for establishing connections for file transfers, AFTER the main command connection is established.

In Active mode for server (and passive for client), the client tells the server "get ready, I want to get that file". The server opens a new TCP socket in listening mode on a port in the active range, and waits. The client initiates the TCP connection towards the server; once established, it saves the data stream. This presumes that the server CAN be reached via direct TCP connections on that port range.

The Passive mode for server (and active for client) goes the other way around. The client opens a TCP socket in listening mode, then sends a command to the server "send me that file, this is my IP and port". The server then initiates an outgoing TCP connection towards the client; once established, it pumps the data through, and the client saves it.

A passive-to-passive connection will not work at all: neither part can initiate the TCP connection towards the other. Or, to be more accurate in the explanation, neither system can be reached on an open TCP port in listening mode because a router or firewall is preventing that incoming connection. At least one end must be active (ports visible through port forwarding or firewall exceptions).

Considering the fact that clients can be connecting from a variety of networks and through various routers which may block incoming connections towards them, the assumption is that clients' ports are filtered, so they can't be active. It's much easier to make the server active through firewall/router configuration, than to ask every client to do that and become active.

Now, the issue you seem to have is two steps behind file transfers: external clients can't connect to your server AT ALL. Not even for that initial connection for exchanging commands. That is clearly an issue for the router, and possibly another router or firewall upstream.

Tips:
- Most ISPs block standard ports for services (21=ftp, 25=smtp, 80=http etc.) in case the customers' computers become compromised without their knowledge. You should configure your FTP server to use a different port for command connections, in a higher range (above 1024). Change the listening port from 21 to something else - say, 20021, and forward that in your router.
- Tests performed through your local network (on the same network as the servers) are not relevant at all. If you try to connect to the server through your router's public IP, the connection will go from LAN to the router to its external IP, then the router would be supposed to forward it back to the server in the LAN. This will not work, due to anti-spoofing mechanisms built into most modern routers (the router doesn't know if the connection it receives on its WAN port is really originating from the LAN, or someone else on the Internet is faking its IP as originating from the internal network to gain unauthorised access). You really have to perform the test from a remote system.

My bet is that the culprit for your connectivity problems is using the default port 21 filtered by your ISP, nothing to do with active/passive ports.

If port 21 were blocked by his ISP he would not be able to make an Active FTP connection. So this is not the case. If you look at the information he provided above it is obvious the connection is lost when it tries to move the connection to the passive ports. I know it is best for him to test forwarding the passive ports from his router to his OMV. If this works we know it is issue with his router. Some routers do not handle connection tracking properly. If this is the case he would have to leave the passive ports open and forwarded to his omv, or get a better router. After this has been tested I would try problem solving other possible causes.

After 2 days of tests I got this result.
I have TRIPLE checkd the steps on the guide, configuration on omv web gui, files created via SSH, and my router configuration.
With my old Synology machine ftp works well, but when i try the OMV ftp server i got this error.
The OMV ftp server is not port 21 (because is used by my Synology ftp server), but port 2121.
Another strange thing is that in this log the parent directory is not "/Public" but "/".
I'm doing something wrong...

On the ftp server plugin click on the Shares tab on the right. Highlight the share you added and click on edit. Give me a screen shot.

Are you putting in your wan ip for the host ip in the test?????

to get your wan ip google "what is my ip"

it will show in results below.

Here the screenshot. Thanks

No, from /services/ftp then on right the "shares" tab...

Did you see this above?

Are you putting in your wan ip for the host ip in the test?????

to get your wan ip google "what is my ip"

it will show in results below.

Zitat von "tekkbebe"

No, from /services/ftp then on right the "shares" tab...

Did you see this above?

Are you putting in your wan ip for the host ip in the test?????

to get your wan ip google "what is my ip"

it will show in results below.

Alles anzeigen

Sorry... :oops:

Yes, I'm using my wan ip
I use no-ip for ddns (the tests works with my no-ip.address:21, but doesn't works with my no-ip.address:2121)

That looks good. Did you use your wan ip on the test???? Why does it show an internal private ip on your test results??? 192.168.x.x is bad. It should show wan ip. You need to forward 2121 from your router to your omv. And on the test use your wan ip for the host.

If it is not working with 2121 that port may be too low. Try 12121. You are connecting with 2121 so I don't think that is the issue.

Give me stat command on your "Public" folder.

Zitat von "tekkbebe"

That looks good. Did you use your wan ip on the test???? Why does it show an internal private ip on your test results??? 192.168.x.x is bad. It should show wan ip. You need to forward 2121 from your router to your omv.

It's exaclty what i did...

Zitat von "tekkbebe"

And on the test use your wan ip for the host.

Again, it's what I did (tested with my resolved no-ip.biz address, and with my Wan IP numerical 123.123.123.123

Zitat von "tekkbebe"

If it is not working with 2121 that port may be too low. Try 12121. You are connecting with 2121 so I don't think that is the issue.

I will make this test too, thanks again.

Are you able to connect with Filezilla? Show me copy of /etc/proftpd/proftpd.conf

On the test you put check in upload file. Well when you connect you might be one level below the /Public folder. In Filezilla this is no big deal. You just click on the public folder and then upload to it.

On your test results it should show /Public. I need to see that .conf file.

Zitat von "tekkbebe"

Give me stat command on your "Public" folder.

sorry i have seen your post only now, sorry

root@openmediavault:/media/a62a1951-48c7-4d5d-91a4-4cbd0aaa2590# stat Public
  File: `Public'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 811h/2065d      Inode: 7208961     Links: 2
Access: (2775/drwxrwsr-x)  Uid: (    0/    root)   Gid: (  100/   users)
Access: 2014-03-07 18:30:10.876666345 +0100
Modify: 2014-03-07 17:49:15.704067700 +0100
Change: 2014-03-07 18:07:59.614699716 +0100
root@openmediavault:/media/a62a1951-48c7-4d5d-91a4-4cbd0aaa2590#

Status:	Connecting to xxxxx:12121...
Status:	Connection established, waiting for welcome message...
Response:	220 ProFTPD 1.3.3a Server (openmediavault) [::ffff:192.168.0.224]
Command:	USER utente
Response:	331 Password required for utente
Command:	PASS *******
Response:	230-.
Response:	230 User utente logged in
Command:	OPTS UTF8 ON
Response:	200 UTF8 set to on
Status:	Connected
Status:	Retrieving directory listing...
Command:	CWD /Public
Response:	250 CWD command successful
Command:	TYPE I
Response:	200 Type set to I
Command:	PASV
Response:	227 Entering Passive Mode (192,168,0,224,55,22).
Status:	Server sent passive reply with unroutable address. Using server address instead.
Command:	MLSD
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server
Error:	Connection timed out
Error:	Failed to retrieve directory listing