FlashFXP Forums - View Single Post

Yil · 04-15-2011, 07:24 PM

kathorga: I'm not sure you've described the problem correctly, but this should fix your problems. There are 2-3 reasons (details below) why users might have trouble transferring files. Users who use list -al transfer directory listings in the same way so they would have problems getting listings, BUT stat -al users wouldn't see a problem because the listing goes over the control connection so I don't see how they couldn't be getting listings. Stat users would just think things are fine until they tried to transfer files which might be why you think it only applies to them.

FTPServerTools brings up the point you need to make sure the PASV port range is forwarded in your router. That's necessary, but in this case it most likely isn't your problem yet.

Are you trying to connect to the server locally via a 192.168.*.* address or via 127.*.*.* and transferring in active mode using the PORT command? If so that action will be denied for security reasons. Check out the ioFTPD.ini and the Changelog for info on the 'Deny_Port_Host' feature. Simple solution is to just use PASV mode and tell your FTP client software to 'Use host IP' for the connection because if you are behind a router the HOST= settings in the .ini file should be setup to give out your external IP and not all routers forward internal packets destined for your external IP back correctly. There are several methods to FXP between two locally routed servers if that is required, search the forums/changelog for the Deny_Port_Host feature.

Most likely your problem is that the user's FTP Client trying to talk to the server isn't configured correctly. If they are using active (PORT) mode and they tell the server to connect back to them via a 192.168.* or 127.* address that is clearly wrong, it won't work. Besides the fact that it won't won't at all, it will also be rejected by the Deny_Port_Host feature because it's a security risk and will generate the error they are seeing. Just tell them to switch to PASV transfers. Otherwise they need to configure their FTP Client to send their external IP instead of their host's internal IP, and they need to probably set the port range to use locally and make sure they forward them in their router. Just using PASV mode is much easier

Either way this is technically THEIR problem, and not yours.

04-15-2011, 07:24 PM
Yil Too much time... Join Date: May 2005 Posts: 1,194	kathorga: I'm not sure you've described the problem correctly, but this should fix your problems. There are 2-3 reasons (details below) why users might have trouble transferring files. Users who use list -al transfer directory listings in the same way so they would have problems getting listings, BUT stat -al users wouldn't see a problem because the listing goes over the control connection so I don't see how they couldn't be getting listings. Stat users would just think things are fine until they tried to transfer files which might be why you think it only applies to them. FTPServerTools brings up the point you need to make sure the PASV port range is forwarded in your router. That's necessary, but in this case it most likely isn't your problem yet. Are you trying to connect to the server locally via a 192.168.. address or via 127...* and transferring in active mode using the PORT command? If so that action will be denied for security reasons. Check out the ioFTPD.ini and the Changelog for info on the 'Deny_Port_Host' feature. Simple solution is to just use PASV mode and tell your FTP client software to 'Use host IP' for the connection because if you are behind a router the HOST= settings in the .ini file should be setup to give out your external IP and not all routers forward internal packets destined for your external IP back correctly. There are several methods to FXP between two locally routed servers if that is required, search the forums/changelog for the Deny_Port_Host feature. Most likely your problem is that the user's FTP Client trying to talk to the server isn't configured correctly. If they are using active (PORT) mode and they tell the server to connect back to them via a 192.168.* or 127.* address that is clearly wrong, it won't work. Besides the fact that it won't won't at all, it will also be rejected by the Deny_Port_Host feature because it's a security risk and will generate the error they are seeing. Just tell them to switch to PASV transfers. Otherwise they need to configure their FTP Client to send their external IP instead of their host's internal IP, and they need to probably set the port range to use locally and make sure they forward them in their router. Just using PASV mode is much easier Either way this is technically THEIR problem, and not yours.