SOLVED FTP Connects but Timeout with Error Failed to retrieve directory listing

Benjamin D.

Well-Known Member
Jan 28, 2016
128
17
68
Canada
cPanel Access Level
Root Administrator
Again, the TCP_OUT, UDP_OUT, TCP6_OUT and UDP6_OUT need to be opened in CSF for Pure-FTP to work on my server for some super obscure reason. I just tried again what you wanted me to test and yes, it stops working properly when I remove the OUT ports, here's the first try from my FileZilla client:

425 Could not open data connection to port 55038: Connection refused

The funniest thing is that port 55038 is NOT EVEN SUPPOSED TO BE ACCEPTABLE as per the directive in /etc/pure-ftpd.conf:
PassivePortRange: 30000 50000

Quite puzzling really.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello @Benjamin D.,

Can you open a support ticket so we can take a closer look at the affected system to see what's happening? You can post the ticket number here and we will link this thread to the ticket.

Thank you.
 

JIKOmetrix

Well-Known Member
Apr 3, 2007
111
13
168
Again, the TCP_OUT, UDP_OUT, TCP6_OUT and UDP6_OUT need to be opened in CSF for Pure-FTP to work on my server for some super obscure reason. I just tried again what you wanted me to test and yes, it stops working properly when I remove the OUT ports, here's the first try from my FileZilla client:

425 Could not open data connection to port 55038: Connection refused

The funniest thing is that port 55038 is NOT EVEN SUPPOSED TO BE ACCEPTABLE as per the directive in /etc/pure-ftpd.conf:
PassivePortRange: 30000 50000

Quite puzzling really.
I am having the exact same issue. However, I cannot get this to work. The client keeps getting a port that is not in the configured range.

I have a ticket open with support too. They are not making any progress on this yet.

- Mike
 

JIKOmetrix

Well-Known Member
Apr 3, 2007
111
13
168
Hello,

More testing revealed I was able to reproduce the the connection issue where with the out of range ports.

After first logging in I ran ls command and get the refused connection. The client had to have the ports open on the client firewall.
It enters passive mode and works. You can see that in second section.

Turning off passive mode is intermittent. Meaning with passive mode off the FTP server assumes the client is NOT behind a firewall and will randomly give any port in the non-standard range for communication. You can see that in third and fourth section with the fourth section show the refused connection for port 42463. This port is not open on the ftp server.

When passive mode is ON the client will be given ports in the configured server port range.

The FTP server must have the passive ports open and the client must have these ports open as well.

See data below. For this to work with this server, the client behind a firewall requires passive mode on.

Code:
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 2 of 100 allowed.
220-Local time is now 17:21. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (example.com:root): [email protected]
331 User [email protected] OK. Password required
Password:
230-OK. Current restricted directory is /
230 12837 Kbytes used (0%) - authorized: 2048000 Kb
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,99,203,227,255,117)
ftp: connect: Connection refused
ftp> ls
227 Entering Passive Mode (192,99,203,227,193,98)
150 Accepted data connection
drwxr-xr-x 5 example example 4096 Jul 30 15:24 .
drwxr-xr-x 5 example example 4096 Jul 30 15:24 ..
-rw------- 1 example example 14 Jul 31 14:30 .ftpquota
drwxr-xr-x 3 example example 4096 Jul 31 16:10 incoming
drwxr-xr-x 3 example example 135168 Jul 31 07:45 outgoing
drwxr-xr-x 3 example example 4096 Jan 12 2018 personify
-rw-r--r-- 1 example example 166993 Nov 19 2016 wp-info.php
226-Options: -a -l
226 7 matches total
ftp> pass
Passive mode off.
ftp> ls
200 PORT command successful
150 Connecting to port 60211
drwxr-xr-x 5 example example 4096 Jul 30 15:24 .
drwxr-xr-x 5 example example 4096 Jul 30 15:24 ..
-rw------- 1 example example 14 Jul 31 14:30 .ftpquota
drwxr-xr-x 3 example example 4096 Jul 31 16:10 incoming
drwxr-xr-x 3 example example 135168 Jul 31 07:45 outgoing
drwxr-xr-x 3 example example 4096 Jan 12 2018 personify
-rw-r--r-- 1 example example 166993 Nov 19 2016 wp-info.php
226-Options: -a -l
226 7 matches total
ftp> ls
200 PORT command successful
425 Could not open data connection to port 42463: Connection refused
ftp> pass
Passive mode on.
ftp> ls
227 Entering Passive Mode (192,99,203,227,218,116)
150 Accepted data connection
drwxr-xr-x 5 example example 4096 Jul 30 15:24 .
drwxr-xr-x 5 example example 4096 Jul 30 15:24 ..
-rw------- 1 example example 14 Jul 31 14:30 .ftpquota
drwxr-xr-x 3 example example 4096 Jul 31 16:10 incoming
drwxr-xr-x 3 example example 135168 Jul 31 07:45 outgoing
drwxr-xr-x 3 example example 4096 Jan 12 2018 personify
-rw-r--r-- 1 example example 166993 Nov 19 2016 wp-info.php
226-Options: -a -l
226 7 matches total
ftp>
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello @JIKOmetrix,

Thank you for sharing your testing results. I'm monitoring the support ticket and will update this thread with the outcome once it's closed.

Thank you.
 

Michael Legg

Well-Known Member
Mar 2, 2015
66
4
58
New Farm, Queensland, Australi
cPanel Access Level
Website Owner
FTP just suddenly stopped working for me today. I've been using a custom passive port range for years, Pure FTP is configured correctly and CSF Firewall is allowing the ports both in and out. I've even resorted to connecting from the local network, to get around any external firewall issues but although it connects it can't list the directory contents.

This was working last week and it can't have been a cPanel update because cPanel updates stopped working a couple of weeks ago.

I feel like my cPanel installation is slowly falling apart. Each week something else stops working. I've opened a support ticket.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,234
92
178
Finland
cPanel Access Level
Root Administrator
Interestingly, if I run netstat -tulnp it only shows Pure-FTP only running on port 21.

Could there be another ftp config file lurking on the server and it's not using /var/cpanel/conf/pureftpd/local ?
Pure-FTP is listening on port 21, but it needs other ports for passive mode.
" In the passive mode, the client uses the control connection to send a PASV command to the server and then receives a server IP address and server port number from the server, which the client then uses to open a data connection to the server IP address and server port number received."