Port 20 blocked. How to unblock

Hi All,

When trying to ftp from offsite I can connect to my proftpd-1.2.5
server but cannot upload or download. I'm told file does not exist or
no permission, but the files and directories do exist, and I've even
tried chainging owners and permissions to 777, with no luck.

I tried to telnet to port 21 and found that works, but telnet'ing to
port 20 (ftp-data), fails (connection refused).

I looked in /etc/services and port 20 is defined (both tcp and udp).

I'm running proftpd-1.2.5 via inetd and tcp wrapper. I'm using the
wrapper so I can implement the hosts.allow and hosts.deny functions. I
have nothing in either of these files that blocks ftp or ports 20/21.

So why would a connect to port 20 be refused?

TIA
--
Quickpages Technical Support
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Port 20 blocked. How to unblock

You may have a firewall problem. ftp is one of the "problem" services that
requires special handling by firewalls, or even use of passive mode only by
the client. Can you connect to the ftp server from onsite?

For more help. you will need to provide the details of how your site is
reachable from offsite. Are we ttalking about a NAT'd LAN with port
forwarding to the ftp server, or a real IP address behind a firewall, or
what? If you are using a firewalling router, is it Linux based or something
else (include the details in either case).

I can tell you that the one disagnostic you reported was irrelevant.
Working ftp servers do not listen on port 20, only on port 21. They use
port 20 only for data transfer, like the name implies, not for initiating
sessions. My fully functional (on-LAN) ftp server behaves exactly as you
describe yours doing for telnets to ports 21 and 20.

At 04:40 PM 7/12/02 +1000, Phillip Morgan wrote:
>Hi All,
>
>When trying to ftp from offsite I can connect to my proftpd-1.2.5
>server but cannot upload or download. I'm told file does not exist or
>no permission, but the files and directories do exist, and I've even
>tried chainging owners and permissions to 777, with no luck.
>
>I tried to telnet to port 21 and found that works, but telnet'ing to
>port 20 (ftp-data), fails (connection refused).
>
>I looked in /etc/services and port 20 is defined (both tcp and udp).
>
>I'm running proftpd-1.2.5 via inetd and tcp wrapper. I'm using the
>wrapper so I can implement the hosts.allow and hosts.deny functions. I
>have nothing in either of these files that blocks ftp or ports 20/21.
>
>So why would a connect to port 20 be refused?



--
-----------------------------------------------"Never tell me the
odds!"--------------
Ray Olszewski -- Han Solo
Palo Alto, California, USA ray@comarre.com
------------------------------------------------------------ -------------------------------

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Port 20 blocked. How to unblock

Hello Ray,

Thanks for your reply.

See below for my answers.

> You may have a firewall problem. ftp is one of the "problem" services
that requires special handling by firewalls, or even use of passive
mode only by the client.

> Can you connect to the ftp server from onsite?
Yes. Provided I use the private address 192.168.0.3. Using the public
address of 61.95.1.222 fails (of course)

> For more help. you will need to provide the details of how your
> site is reachable from offsite.
The ip address is 61.95.1.222. Port 21. DNS: ftp.quickpages.net.au

I don't really allow anonymouse ftp logins as a rule, but it is set up
with a couple of test files. I only need ftp access for myself and
support staff, so we have our own logins.

> Are we ttalking about a NAT'd LAN with port forwarding
> to the ftp server, or a real IP address behind a firewall, or
> what? If you are using a firewalling router, is it Linux based or
something else (include the details in either case).
Yes, it is NAT'd, as per the following

Router - 61.95.1.220 / 192.168.0.1
NT server - IIS - 61.95.1.221 / 192.168.0.2
Linux ftp/mail/web server - 61.95.1.222 / 192.168.0.3
Linux secondary DNS - 61.95.1.223 / 192.168.0.4

The ISP tells me there is no port forwarding. Packets are passed
straight through to the target IP (after being NAT'd). So a packet
going to 61.1.95.222:21 is sent to 192.168.0.3:21 and so on.

The router is a DSL cable modem/almost-a-router.

The symptoms:

Internally I can upload and download files using PORT and PASV using
any Win32 ftp client I choose.

Offsite, I can connect, authenticate and that's it - with Win32
clients. I've tried both PASV and PORT modes and neither work. I can't
upload, download, change directories etc.

If I use an old DOS based (antique :-) ftp client it works. But this is
a real pain in the ... ( I upload and download LOTS of stuff).

Any action results in a message (using my favorite program -
cuteftp), "Requested action not taken. Folder does not exist or no
permission". I changed the folder permissions to 777 for all files and
subfolders and tried again. As I would expect, it made no difference.

I've spoken with the ISP many times, and they are about as useful as a
hot fire on a 100 degree day. To be honest, they have little interest
in sovling any problems.

hth

Cheers,
Phill


> I can tell you that the one disagnostic you reported was irrelevant.
> Working ftp servers do not listen on port 20, only on port 21. They
use
> port 20 only for data transfer, like the name implies, not for
initiating
> sessions. My fully functional (on-LAN) ftp server behaves exactly as
you
> describe yours doing for telnets to ports 21 and 20.
>
> At 04:40 PM 7/12/02 +1000, Phillip Morgan wrote:
> >Hi All,
> >
> >When trying to ftp from offsite I can connect to my proftpd-1.2.5
> >server but cannot upload or download. I'm told file does not exist or
> >no permission, but the files and directories do exist, and I've even
> >tried chainging owners and permissions to 777, with no luck.
> >
> >I tried to telnet to port 21 and found that works, but telnet'ing to
> >port 20 (ftp-data), fails (connection refused).
> >
> >I looked in /etc/services and port 20 is defined (both tcp and udp).
> >
> >I'm running proftpd-1.2.5 via inetd and tcp wrapper. I'm using the
> >wrapper so I can implement the hosts.allow and hosts.deny functions.
I
> >have nothing in either of these files that blocks ftp or ports 20/21.
> >
> >So why would a connect to port 20 be refused?
>
>
>
> --
> -----------------------------------------------"Never tell me the
> odds!"--------------
> Ray Olszewski -- Han Solo
> Palo Alto, California, USA ray@comarre.com
> ------------------------------------------------------------ ----------
---------------------
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-
newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
>
>

--
Quickpages Technical Support
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Port 20 blocked. How to unblock

Originally to: Phillip Morgan

Hello Phillip.

12 Jul 02 16:40, you wrote to all:

PM> I tried to telnet to port 21 and found that works, but telnet'ing to
PM> port 20 (ftp-data), fails (connection refused).

fix with using passive ftp, only non passive ftp use port 20

and dont use host.* use proftpd.conf, man proftpd.conf find limith

and make AllowStoreRestart on to enable resume upload, and have AllowStoreRestart off in your anon ftp config

ask if you still need help

PM> So why would a connect to port 20 be refused?

ask your isp :-)

Benny

<-> Gateway Information.
This message originated from a Fidonet System (http://www.fidonet.org)
and was gated at TCOB1 (http://www.tcob1.net)
Please do not respond direct to this message but via the list


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Port 20 blocked. How to unblock

On Thursday 01 January 1970 00:00, Benny Pedersen wrote:
> Originally to: Phillip Morgan
>
> Hello Phillip.
>
> 12 Jul 02 16:40, you wrote to all:

Today its; Aug 12 and you posted this message on Saturday 03 Aug, seems
something is wrong with your date(s) anyway most of the mail is snipped.

> PM> So why would a connect to port 20 be refused?
>
> ask your isp :-)

Huuh? no ftp program i know of will "accept connections" on port 20, unless i
suppose you tell it to via some or other config file, but what would be the
point of doing that.

On any system simply try;

ftp localhost 20

If you get anything other than connection refused then you have one wierd
system.

Port 21 accepts incomming ftp connections, port 20 is/can be used for
data-transfers.

>
> Benny

--
Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Port 20 blocked. How to unblock

Originally to: All


On Thursday 01 January 1970 00:00, Benny Pedersen wrote:
> Originally to: Phillip Morgan
>
> Hello Phillip.
>
> 12 Jul 02 16:40, you wrote to all:

Today its; Aug 12 and you posted this message on Saturday 03 Aug, seems
something is wrong with your date(s) anyway most of the mail is snipped.

> PM> So why would a connect to port 20 be refused?
>
> ask your isp :-)

Huuh? no ftp program i know of will "accept connections" on port 20, unless i
suppose you tell it to via some or other config file, but what would be the
point of doing that.

On any system simply try;

ftp localhost 20

If you get anything other than connection refused then you have one wierd
system.

Port 21 accepts incomming ftp connections, port 20 is/can be used for
data-transfers.

>
> Benny

--
Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/

-

<-> Gateway Information.
This message originated from a Fidonet System (http://www.fidonet.org)
and was gated at TCOB1 (http://www.tcob1.net)
Please do not respond direct to this message but via the list


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Port 20 blocked. How to unblock

Originally to: All


Port 20 is used for the actual data transfer (directory listings, files,
etc) after you have authenticated with port 21 (ftp control). Port 20 will
not be an open port and will not allow connections until port 21 tells it to
(someone could hijack an active connection if port 20 was open to anything
including a telnet diagnostic connect).


----- Original Message -----
From: "Benny Pedersen"
To:
Sent: Saturday, August 03, 2002 3:02 PM
Subject: Port 20 blocked. How to unblock


> Originally to: Phillip Morgan
>
> Hello Phillip.
>
> 12 Jul 02 16:40, you wrote to all:
>
> PM> I tried to telnet to port 21 and found that works, but telnet'ing to
> PM> port 20 (ftp-data), fails (connection refused).
>
> fix with using passive ftp, only non passive ftp use port 20
>
> and dont use host.* use proftpd.conf, man proftpd.conf find limith
>
> and make AllowStoreRestart on to enable resume upload, and have
AllowStoreRestart off in your anon ftp config
>
> ask if you still need help
>
> PM> So why would a connect to port 20 be refused?
>
> ask your isp :-)
>
> Benny
>
> <-> Gateway Information.
> This message originated from a Fidonet System (http://www.fidonet.org)
> and was gated at TCOB1 (http://www.tcob1.net)
> Please do not respond direct to this message but via the list
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
>

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs




<-> Gateway Information.
This message originated from a Fidonet System (http://www.fidonet.org)
and was gated at TCOB1 (http://www.tcob1.net)
Please do not respond direct to this message but via the list


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Port 20 blocked. How to unblock

Port 20 is used for the actual data transfer (directory listings, files,
etc) after you have authenticated with port 21 (ftp control). Port 20 will
not be an open port and will not allow connections until port 21 tells it to
(someone could hijack an active connection if port 20 was open to anything
including a telnet diagnostic connect).


----- Original Message -----
From: "Benny Pedersen"
To:
Sent: Saturday, August 03, 2002 3:02 PM
Subject: Port 20 blocked. How to unblock


> Originally to: Phillip Morgan
>
> Hello Phillip.
>
> 12 Jul 02 16:40, you wrote to all:
>
> PM> I tried to telnet to port 21 and found that works, but telnet'ing to
> PM> port 20 (ftp-data), fails (connection refused).
>
> fix with using passive ftp, only non passive ftp use port 20
>
> and dont use host.* use proftpd.conf, man proftpd.conf find limith
>
> and make AllowStoreRestart on to enable resume upload, and have
AllowStoreRestart off in your anon ftp config
>
> ask if you still need help
>
> PM> So why would a connect to port 20 be refused?
>
> ask your isp :-)
>
> Benny
>
> <-> Gateway Information.
> This message originated from a Fidonet System (http://www.fidonet.org)
> and was gated at TCOB1 (http://www.tcob1.net)
> Please do not respond direct to this message but via the list
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
>

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs