Passive mode FTP works over WAN but not LAN











up vote
-2
down vote

favorite












I'm using pure-ftpd 1.0.46 on Ubuntu 18.04 as the server, with TLS and certificates signed by Let's Encrypt. I have no issues connecting and transferring over WAN. I'm using passive mode, the ports are properly forwarded, and I've configured pure-ftpd to respond with its WAN IP.



However, I can not make a connection over LAN, as it complains about TLS connection termination. I've tried several clients and they all have some kind of timeout error. I suspect part of the problem may be my DNS setup. I have a domain name that points to my WAN, and that is what I usually use to connect to the server. But I have my local DNS server respond with the LAN IP for the ftp machine. So when I'm at home, my laptop makes the ftp connection to 192.168.1.2, but the PASV response is my WAN IP 74.x.x.x. In theory, my router should support NAT loopback, which sends traffic originating in the LAN and destined for the WAN IP back to the local IP to which its forwarded. This seems to work fine for http, and I assumed since the client initiates the passive mode data tcp connection, it should work for that as well. But maybe there's some routing detail I'm missing. Could this be the problem?



Client log:



Status: Connecting to 192.168.1.2:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 9 of 50 allowed.
Response: 220-Local time is now 16:01. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Trace: CFtpLogonOpData::ParseResponse() in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 2
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH TLS OK.
Trace: CFtpLogonOpData::ParseResponse() in state 2
Status: Initializing TLS...
Trace: CTlsSocketImpl::Handshake()
Trace: CTlsSocketImpl::ContinueHandshake()
Trace: TLS handshake: About to send CLIENT HELLO
Trace: TLS handshake: Sent CLIENT HELLO
Trace: CTlsSocketImpl::OnSend()
Trace: CTlsSocketImpl::OnRead()
Trace: CTlsSocketImpl::ContinueHandshake()
Trace: CTlsSocketImpl::OnRead()
Trace: CTlsSocketImpl::ContinueHandshake()
Trace: TLS handshake: Received SERVER HELLO
Trace: TLS handshake: Processed SERVER HELLO
Trace: CTlsSocketImpl::OnRead()
Trace: CTlsSocketImpl::ContinueHandshake()
Trace: TLS handshake: Received CERTIFICATE
Trace: TLS handshake: Processed CERTIFICATE
Trace: TLS handshake: Received SERVER KEY EXCHANGE
Trace: TLS handshake: Processed SERVER KEY EXCHANGE
Trace: TLS handshake: Received SERVER HELLO DONE
Trace: TLS handshake: Processed SERVER HELLO DONE
Trace: TLS handshake: About to send CLIENT KEY EXCHANGE
Trace: TLS handshake: Sent CLIENT KEY EXCHANGE
Trace: TLS handshake: About to send FINISHED
Trace: TLS handshake: Sent FINISHED
Trace: CTlsSocketImpl::OnRead()
Trace: CTlsSocketImpl::ContinueHandshake()
Trace: TLS handshake: Received NEW SESSION TICKET
Trace: TLS handshake: Processed NEW SESSION TICKET
Trace: TLS handshake: Received FINISHED
Trace: TLS handshake: Processed FINISHED
Trace: TLS Handshake successful
Trace: Protocol: TLS1.2, Key exchange: ECDHE-RSA, Cipher: AES-256-GCM, MAC: AEAD
Status: Verifying certificate...
Status: TLS connection established.
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 5
Command: USER *****
Trace: CTlsSocketImpl::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 331 User ******* OK. Password required
Trace: CFtpLogonOpData::ParseResponse() in state 5
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 5
Command: PASS **********
Trace: CTlsSocketImpl::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 230 OK. Current directory is /
Trace: CFtpLogonOpData::ParseResponse() in state 5
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 9
Command: OPTS UTF8 ON
Trace: CTlsSocketImpl::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 OK, UTF-8 enabled
Trace: CFtpLogonOpData::ParseResponse() in state 9
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 10
Command: PBSZ 0
Trace: CTlsSocketImpl::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 PBSZ=0
Trace: CFtpLogonOpData::ParseResponse() in state 10
Trace: CControlSocket::SendNextCommand()
Trace: CFtpLogonOpData::Send() in state 11
Command: PROT P
Trace: CTlsSocketImpl::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 Data protection level set to "private"
Trace: CFtpLogonOpData::ParseResponse() in state 11
Status: Logged in
Trace: Measured latency of 3 ms
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFtpLogonOpData::Reset(0) in state 14
Trace: CFileZillaEnginePrivate::ResetOperation(0)
Status: Retrieving directory listing...
Trace: CControlSocket::SendNextCommand()
Trace: CFtpListOpData::Send() in state 0
Trace: CFtpChangeDirOpData::Send() in state 0
Trace: CFtpChangeDirOpData::Send() in state 1
Command: PWD
Trace: CTlsSocketImpl::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 257 "/" is your current location
Trace: CFtpChangeDirOpData::ParseResponse() in state 1
Trace: CFtpControlSocket::ResetOperation(0)
Trace: CControlSocket::ResetOperation(0)
Trace: CFtpChangeDirOpData::Reset(0) in state 1
Trace: CFtpListOpData::SubcommandResult(0) in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CFtpListOpData::Send() in state 2
Trace: CFtpRawTransferOpData::Send() in state 1
Command: TYPE I
Trace: CTlsSocketImpl::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 200 TYPE is now 8-bit binary
Trace: CFtpRawTransferOpData::ParseResponse() in state 1
Trace: CControlSocket::SendNextCommand()
Trace: CFtpRawTransferOpData::Send() in state 2
Command: PASV
Trace: CTlsSocketImpl::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 227 Entering Passive Mode (75,85,*,*,46,161)
Trace: CFtpRawTransferOpData::ParseResponse() in state 2
Trace: CControlSocket::SendNextCommand()
Trace: CFtpRawTransferOpData::Send() in state 4
Trace: Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.
Command: MLSD
Trace: CTransferSocket::OnConnect
Trace: CTlsSocketImpl::Handshake()
Trace: Trying to resume existing TLS session.
Trace: CTlsSocketImpl::ContinueHandshake()
Trace: TLS handshake: About to send CLIENT HELLO
Trace: TLS handshake: Sent CLIENT HELLO
Trace: CTlsSocketImpl::OnSend()
Trace: CTlsSocketImpl::OnSend()
Trace: CTlsSocketImpl::OnRead()
Trace: CTlsSocketImpl::ContinueHandshake()
Trace: CTlsSocketImpl::OnRead()
Trace: CTlsSocketImpl::ContinueHandshake()
Trace: CTlsSocketImpl::Failure(-110)
Error: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Trace: CTlsSocketImpl::OnSocketEvent(): close event received
Trace: CTransferSocket::OnClose(106)
Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
Trace: CTransferSocket::TransferEnd(3)
Trace: CFtpControlSocket::TransferEnd()
Trace: CFtpControlSocket::ResetOperation(10)
Trace: CControlSocket::ResetOperation(10)
Trace: CFtpRawTransferOpData::Reset(10) in state 6
Trace: CFtpControlSocket::ResetOperation(10)
Trace: CControlSocket::ResetOperation(10)
Trace: CFtpListOpData::Reset(10) in state 3
Error: Directory listing aborted by user
Trace: CFileZillaEnginePrivate::ResetOperation(10)
Status: Disconnected from server
Trace: CRealControlSocket::DoClose(66)
Trace: CControlSocket::DoClose(66)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Trace: CFileZillaEnginePrivate::ResetOperation(66)
Trace: CRealControlSocket::DoClose(66)
Trace: CControlSocket::DoClose(66)
Trace: CControlSocket::DoClose(66)
Trace: CFileZillaEnginePrivate::ResetOperation(0)









share|improve this question


























    up vote
    -2
    down vote

    favorite












    I'm using pure-ftpd 1.0.46 on Ubuntu 18.04 as the server, with TLS and certificates signed by Let's Encrypt. I have no issues connecting and transferring over WAN. I'm using passive mode, the ports are properly forwarded, and I've configured pure-ftpd to respond with its WAN IP.



    However, I can not make a connection over LAN, as it complains about TLS connection termination. I've tried several clients and they all have some kind of timeout error. I suspect part of the problem may be my DNS setup. I have a domain name that points to my WAN, and that is what I usually use to connect to the server. But I have my local DNS server respond with the LAN IP for the ftp machine. So when I'm at home, my laptop makes the ftp connection to 192.168.1.2, but the PASV response is my WAN IP 74.x.x.x. In theory, my router should support NAT loopback, which sends traffic originating in the LAN and destined for the WAN IP back to the local IP to which its forwarded. This seems to work fine for http, and I assumed since the client initiates the passive mode data tcp connection, it should work for that as well. But maybe there's some routing detail I'm missing. Could this be the problem?



    Client log:



    Status: Connecting to 192.168.1.2:21...
    Status: Connection established, waiting for welcome message...
    Trace: CFtpControlSocket::OnReceive()
    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 9 of 50 allowed.
    Response: 220-Local time is now 16:01. Server port: 21.
    Response: 220-This is a private system - No anonymous login
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Trace: CFtpLogonOpData::ParseResponse() in state 1
    Trace: CControlSocket::SendNextCommand()
    Trace: CFtpLogonOpData::Send() in state 2
    Command: AUTH TLS
    Trace: CFtpControlSocket::OnReceive()
    Response: 234 AUTH TLS OK.
    Trace: CFtpLogonOpData::ParseResponse() in state 2
    Status: Initializing TLS...
    Trace: CTlsSocketImpl::Handshake()
    Trace: CTlsSocketImpl::ContinueHandshake()
    Trace: TLS handshake: About to send CLIENT HELLO
    Trace: TLS handshake: Sent CLIENT HELLO
    Trace: CTlsSocketImpl::OnSend()
    Trace: CTlsSocketImpl::OnRead()
    Trace: CTlsSocketImpl::ContinueHandshake()
    Trace: CTlsSocketImpl::OnRead()
    Trace: CTlsSocketImpl::ContinueHandshake()
    Trace: TLS handshake: Received SERVER HELLO
    Trace: TLS handshake: Processed SERVER HELLO
    Trace: CTlsSocketImpl::OnRead()
    Trace: CTlsSocketImpl::ContinueHandshake()
    Trace: TLS handshake: Received CERTIFICATE
    Trace: TLS handshake: Processed CERTIFICATE
    Trace: TLS handshake: Received SERVER KEY EXCHANGE
    Trace: TLS handshake: Processed SERVER KEY EXCHANGE
    Trace: TLS handshake: Received SERVER HELLO DONE
    Trace: TLS handshake: Processed SERVER HELLO DONE
    Trace: TLS handshake: About to send CLIENT KEY EXCHANGE
    Trace: TLS handshake: Sent CLIENT KEY EXCHANGE
    Trace: TLS handshake: About to send FINISHED
    Trace: TLS handshake: Sent FINISHED
    Trace: CTlsSocketImpl::OnRead()
    Trace: CTlsSocketImpl::ContinueHandshake()
    Trace: TLS handshake: Received NEW SESSION TICKET
    Trace: TLS handshake: Processed NEW SESSION TICKET
    Trace: TLS handshake: Received FINISHED
    Trace: TLS handshake: Processed FINISHED
    Trace: TLS Handshake successful
    Trace: Protocol: TLS1.2, Key exchange: ECDHE-RSA, Cipher: AES-256-GCM, MAC: AEAD
    Status: Verifying certificate...
    Status: TLS connection established.
    Trace: CControlSocket::SendNextCommand()
    Trace: CFtpLogonOpData::Send() in state 5
    Command: USER *****
    Trace: CTlsSocketImpl::OnRead()
    Trace: CFtpControlSocket::OnReceive()
    Response: 331 User ******* OK. Password required
    Trace: CFtpLogonOpData::ParseResponse() in state 5
    Trace: CControlSocket::SendNextCommand()
    Trace: CFtpLogonOpData::Send() in state 5
    Command: PASS **********
    Trace: CTlsSocketImpl::OnRead()
    Trace: CFtpControlSocket::OnReceive()
    Response: 230 OK. Current directory is /
    Trace: CFtpLogonOpData::ParseResponse() in state 5
    Trace: CControlSocket::SendNextCommand()
    Trace: CFtpLogonOpData::Send() in state 9
    Command: OPTS UTF8 ON
    Trace: CTlsSocketImpl::OnRead()
    Trace: CFtpControlSocket::OnReceive()
    Response: 200 OK, UTF-8 enabled
    Trace: CFtpLogonOpData::ParseResponse() in state 9
    Trace: CControlSocket::SendNextCommand()
    Trace: CFtpLogonOpData::Send() in state 10
    Command: PBSZ 0
    Trace: CTlsSocketImpl::OnRead()
    Trace: CFtpControlSocket::OnReceive()
    Response: 200 PBSZ=0
    Trace: CFtpLogonOpData::ParseResponse() in state 10
    Trace: CControlSocket::SendNextCommand()
    Trace: CFtpLogonOpData::Send() in state 11
    Command: PROT P
    Trace: CTlsSocketImpl::OnRead()
    Trace: CFtpControlSocket::OnReceive()
    Response: 200 Data protection level set to "private"
    Trace: CFtpLogonOpData::ParseResponse() in state 11
    Status: Logged in
    Trace: Measured latency of 3 ms
    Trace: CFtpControlSocket::ResetOperation(0)
    Trace: CControlSocket::ResetOperation(0)
    Trace: CFtpLogonOpData::Reset(0) in state 14
    Trace: CFileZillaEnginePrivate::ResetOperation(0)
    Status: Retrieving directory listing...
    Trace: CControlSocket::SendNextCommand()
    Trace: CFtpListOpData::Send() in state 0
    Trace: CFtpChangeDirOpData::Send() in state 0
    Trace: CFtpChangeDirOpData::Send() in state 1
    Command: PWD
    Trace: CTlsSocketImpl::OnRead()
    Trace: CFtpControlSocket::OnReceive()
    Response: 257 "/" is your current location
    Trace: CFtpChangeDirOpData::ParseResponse() in state 1
    Trace: CFtpControlSocket::ResetOperation(0)
    Trace: CControlSocket::ResetOperation(0)
    Trace: CFtpChangeDirOpData::Reset(0) in state 1
    Trace: CFtpListOpData::SubcommandResult(0) in state 1
    Trace: CControlSocket::SendNextCommand()
    Trace: CFtpListOpData::Send() in state 2
    Trace: CFtpRawTransferOpData::Send() in state 1
    Command: TYPE I
    Trace: CTlsSocketImpl::OnRead()
    Trace: CFtpControlSocket::OnReceive()
    Response: 200 TYPE is now 8-bit binary
    Trace: CFtpRawTransferOpData::ParseResponse() in state 1
    Trace: CControlSocket::SendNextCommand()
    Trace: CFtpRawTransferOpData::Send() in state 2
    Command: PASV
    Trace: CTlsSocketImpl::OnRead()
    Trace: CFtpControlSocket::OnReceive()
    Response: 227 Entering Passive Mode (75,85,*,*,46,161)
    Trace: CFtpRawTransferOpData::ParseResponse() in state 2
    Trace: CControlSocket::SendNextCommand()
    Trace: CFtpRawTransferOpData::Send() in state 4
    Trace: Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.
    Command: MLSD
    Trace: CTransferSocket::OnConnect
    Trace: CTlsSocketImpl::Handshake()
    Trace: Trying to resume existing TLS session.
    Trace: CTlsSocketImpl::ContinueHandshake()
    Trace: TLS handshake: About to send CLIENT HELLO
    Trace: TLS handshake: Sent CLIENT HELLO
    Trace: CTlsSocketImpl::OnSend()
    Trace: CTlsSocketImpl::OnSend()
    Trace: CTlsSocketImpl::OnRead()
    Trace: CTlsSocketImpl::ContinueHandshake()
    Trace: CTlsSocketImpl::OnRead()
    Trace: CTlsSocketImpl::ContinueHandshake()
    Trace: CTlsSocketImpl::Failure(-110)
    Error: GnuTLS error -110: The TLS connection was non-properly terminated.
    Status: Server did not properly shut down TLS connection
    Trace: CTlsSocketImpl::OnSocketEvent(): close event received
    Trace: CTransferSocket::OnClose(106)
    Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
    Trace: CTransferSocket::TransferEnd(3)
    Trace: CFtpControlSocket::TransferEnd()
    Trace: CFtpControlSocket::ResetOperation(10)
    Trace: CControlSocket::ResetOperation(10)
    Trace: CFtpRawTransferOpData::Reset(10) in state 6
    Trace: CFtpControlSocket::ResetOperation(10)
    Trace: CControlSocket::ResetOperation(10)
    Trace: CFtpListOpData::Reset(10) in state 3
    Error: Directory listing aborted by user
    Trace: CFileZillaEnginePrivate::ResetOperation(10)
    Status: Disconnected from server
    Trace: CRealControlSocket::DoClose(66)
    Trace: CControlSocket::DoClose(66)
    Trace: CFtpControlSocket::ResetOperation(66)
    Trace: CControlSocket::ResetOperation(66)
    Trace: CFileZillaEnginePrivate::ResetOperation(66)
    Trace: CRealControlSocket::DoClose(66)
    Trace: CControlSocket::DoClose(66)
    Trace: CControlSocket::DoClose(66)
    Trace: CFileZillaEnginePrivate::ResetOperation(0)









    share|improve this question
























      up vote
      -2
      down vote

      favorite









      up vote
      -2
      down vote

      favorite











      I'm using pure-ftpd 1.0.46 on Ubuntu 18.04 as the server, with TLS and certificates signed by Let's Encrypt. I have no issues connecting and transferring over WAN. I'm using passive mode, the ports are properly forwarded, and I've configured pure-ftpd to respond with its WAN IP.



      However, I can not make a connection over LAN, as it complains about TLS connection termination. I've tried several clients and they all have some kind of timeout error. I suspect part of the problem may be my DNS setup. I have a domain name that points to my WAN, and that is what I usually use to connect to the server. But I have my local DNS server respond with the LAN IP for the ftp machine. So when I'm at home, my laptop makes the ftp connection to 192.168.1.2, but the PASV response is my WAN IP 74.x.x.x. In theory, my router should support NAT loopback, which sends traffic originating in the LAN and destined for the WAN IP back to the local IP to which its forwarded. This seems to work fine for http, and I assumed since the client initiates the passive mode data tcp connection, it should work for that as well. But maybe there's some routing detail I'm missing. Could this be the problem?



      Client log:



      Status: Connecting to 192.168.1.2:21...
      Status: Connection established, waiting for welcome message...
      Trace: CFtpControlSocket::OnReceive()
      Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
      Response: 220-You are user number 9 of 50 allowed.
      Response: 220-Local time is now 16:01. Server port: 21.
      Response: 220-This is a private system - No anonymous login
      Response: 220-IPv6 connections are also welcome on this server.
      Response: 220 You will be disconnected after 15 minutes of inactivity.
      Trace: CFtpLogonOpData::ParseResponse() in state 1
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 2
      Command: AUTH TLS
      Trace: CFtpControlSocket::OnReceive()
      Response: 234 AUTH TLS OK.
      Trace: CFtpLogonOpData::ParseResponse() in state 2
      Status: Initializing TLS...
      Trace: CTlsSocketImpl::Handshake()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: TLS handshake: About to send CLIENT HELLO
      Trace: TLS handshake: Sent CLIENT HELLO
      Trace: CTlsSocketImpl::OnSend()
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: TLS handshake: Received SERVER HELLO
      Trace: TLS handshake: Processed SERVER HELLO
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: TLS handshake: Received CERTIFICATE
      Trace: TLS handshake: Processed CERTIFICATE
      Trace: TLS handshake: Received SERVER KEY EXCHANGE
      Trace: TLS handshake: Processed SERVER KEY EXCHANGE
      Trace: TLS handshake: Received SERVER HELLO DONE
      Trace: TLS handshake: Processed SERVER HELLO DONE
      Trace: TLS handshake: About to send CLIENT KEY EXCHANGE
      Trace: TLS handshake: Sent CLIENT KEY EXCHANGE
      Trace: TLS handshake: About to send FINISHED
      Trace: TLS handshake: Sent FINISHED
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: TLS handshake: Received NEW SESSION TICKET
      Trace: TLS handshake: Processed NEW SESSION TICKET
      Trace: TLS handshake: Received FINISHED
      Trace: TLS handshake: Processed FINISHED
      Trace: TLS Handshake successful
      Trace: Protocol: TLS1.2, Key exchange: ECDHE-RSA, Cipher: AES-256-GCM, MAC: AEAD
      Status: Verifying certificate...
      Status: TLS connection established.
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 5
      Command: USER *****
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 331 User ******* OK. Password required
      Trace: CFtpLogonOpData::ParseResponse() in state 5
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 5
      Command: PASS **********
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 230 OK. Current directory is /
      Trace: CFtpLogonOpData::ParseResponse() in state 5
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 9
      Command: OPTS UTF8 ON
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 200 OK, UTF-8 enabled
      Trace: CFtpLogonOpData::ParseResponse() in state 9
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 10
      Command: PBSZ 0
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 200 PBSZ=0
      Trace: CFtpLogonOpData::ParseResponse() in state 10
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 11
      Command: PROT P
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 200 Data protection level set to "private"
      Trace: CFtpLogonOpData::ParseResponse() in state 11
      Status: Logged in
      Trace: Measured latency of 3 ms
      Trace: CFtpControlSocket::ResetOperation(0)
      Trace: CControlSocket::ResetOperation(0)
      Trace: CFtpLogonOpData::Reset(0) in state 14
      Trace: CFileZillaEnginePrivate::ResetOperation(0)
      Status: Retrieving directory listing...
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpListOpData::Send() in state 0
      Trace: CFtpChangeDirOpData::Send() in state 0
      Trace: CFtpChangeDirOpData::Send() in state 1
      Command: PWD
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 257 "/" is your current location
      Trace: CFtpChangeDirOpData::ParseResponse() in state 1
      Trace: CFtpControlSocket::ResetOperation(0)
      Trace: CControlSocket::ResetOperation(0)
      Trace: CFtpChangeDirOpData::Reset(0) in state 1
      Trace: CFtpListOpData::SubcommandResult(0) in state 1
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpListOpData::Send() in state 2
      Trace: CFtpRawTransferOpData::Send() in state 1
      Command: TYPE I
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 200 TYPE is now 8-bit binary
      Trace: CFtpRawTransferOpData::ParseResponse() in state 1
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpRawTransferOpData::Send() in state 2
      Command: PASV
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 227 Entering Passive Mode (75,85,*,*,46,161)
      Trace: CFtpRawTransferOpData::ParseResponse() in state 2
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpRawTransferOpData::Send() in state 4
      Trace: Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.
      Command: MLSD
      Trace: CTransferSocket::OnConnect
      Trace: CTlsSocketImpl::Handshake()
      Trace: Trying to resume existing TLS session.
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: TLS handshake: About to send CLIENT HELLO
      Trace: TLS handshake: Sent CLIENT HELLO
      Trace: CTlsSocketImpl::OnSend()
      Trace: CTlsSocketImpl::OnSend()
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: CTlsSocketImpl::Failure(-110)
      Error: GnuTLS error -110: The TLS connection was non-properly terminated.
      Status: Server did not properly shut down TLS connection
      Trace: CTlsSocketImpl::OnSocketEvent(): close event received
      Trace: CTransferSocket::OnClose(106)
      Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
      Trace: CTransferSocket::TransferEnd(3)
      Trace: CFtpControlSocket::TransferEnd()
      Trace: CFtpControlSocket::ResetOperation(10)
      Trace: CControlSocket::ResetOperation(10)
      Trace: CFtpRawTransferOpData::Reset(10) in state 6
      Trace: CFtpControlSocket::ResetOperation(10)
      Trace: CControlSocket::ResetOperation(10)
      Trace: CFtpListOpData::Reset(10) in state 3
      Error: Directory listing aborted by user
      Trace: CFileZillaEnginePrivate::ResetOperation(10)
      Status: Disconnected from server
      Trace: CRealControlSocket::DoClose(66)
      Trace: CControlSocket::DoClose(66)
      Trace: CFtpControlSocket::ResetOperation(66)
      Trace: CControlSocket::ResetOperation(66)
      Trace: CFileZillaEnginePrivate::ResetOperation(66)
      Trace: CRealControlSocket::DoClose(66)
      Trace: CControlSocket::DoClose(66)
      Trace: CControlSocket::DoClose(66)
      Trace: CFileZillaEnginePrivate::ResetOperation(0)









      share|improve this question













      I'm using pure-ftpd 1.0.46 on Ubuntu 18.04 as the server, with TLS and certificates signed by Let's Encrypt. I have no issues connecting and transferring over WAN. I'm using passive mode, the ports are properly forwarded, and I've configured pure-ftpd to respond with its WAN IP.



      However, I can not make a connection over LAN, as it complains about TLS connection termination. I've tried several clients and they all have some kind of timeout error. I suspect part of the problem may be my DNS setup. I have a domain name that points to my WAN, and that is what I usually use to connect to the server. But I have my local DNS server respond with the LAN IP for the ftp machine. So when I'm at home, my laptop makes the ftp connection to 192.168.1.2, but the PASV response is my WAN IP 74.x.x.x. In theory, my router should support NAT loopback, which sends traffic originating in the LAN and destined for the WAN IP back to the local IP to which its forwarded. This seems to work fine for http, and I assumed since the client initiates the passive mode data tcp connection, it should work for that as well. But maybe there's some routing detail I'm missing. Could this be the problem?



      Client log:



      Status: Connecting to 192.168.1.2:21...
      Status: Connection established, waiting for welcome message...
      Trace: CFtpControlSocket::OnReceive()
      Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
      Response: 220-You are user number 9 of 50 allowed.
      Response: 220-Local time is now 16:01. Server port: 21.
      Response: 220-This is a private system - No anonymous login
      Response: 220-IPv6 connections are also welcome on this server.
      Response: 220 You will be disconnected after 15 minutes of inactivity.
      Trace: CFtpLogonOpData::ParseResponse() in state 1
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 2
      Command: AUTH TLS
      Trace: CFtpControlSocket::OnReceive()
      Response: 234 AUTH TLS OK.
      Trace: CFtpLogonOpData::ParseResponse() in state 2
      Status: Initializing TLS...
      Trace: CTlsSocketImpl::Handshake()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: TLS handshake: About to send CLIENT HELLO
      Trace: TLS handshake: Sent CLIENT HELLO
      Trace: CTlsSocketImpl::OnSend()
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: TLS handshake: Received SERVER HELLO
      Trace: TLS handshake: Processed SERVER HELLO
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: TLS handshake: Received CERTIFICATE
      Trace: TLS handshake: Processed CERTIFICATE
      Trace: TLS handshake: Received SERVER KEY EXCHANGE
      Trace: TLS handshake: Processed SERVER KEY EXCHANGE
      Trace: TLS handshake: Received SERVER HELLO DONE
      Trace: TLS handshake: Processed SERVER HELLO DONE
      Trace: TLS handshake: About to send CLIENT KEY EXCHANGE
      Trace: TLS handshake: Sent CLIENT KEY EXCHANGE
      Trace: TLS handshake: About to send FINISHED
      Trace: TLS handshake: Sent FINISHED
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: TLS handshake: Received NEW SESSION TICKET
      Trace: TLS handshake: Processed NEW SESSION TICKET
      Trace: TLS handshake: Received FINISHED
      Trace: TLS handshake: Processed FINISHED
      Trace: TLS Handshake successful
      Trace: Protocol: TLS1.2, Key exchange: ECDHE-RSA, Cipher: AES-256-GCM, MAC: AEAD
      Status: Verifying certificate...
      Status: TLS connection established.
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 5
      Command: USER *****
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 331 User ******* OK. Password required
      Trace: CFtpLogonOpData::ParseResponse() in state 5
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 5
      Command: PASS **********
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 230 OK. Current directory is /
      Trace: CFtpLogonOpData::ParseResponse() in state 5
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 9
      Command: OPTS UTF8 ON
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 200 OK, UTF-8 enabled
      Trace: CFtpLogonOpData::ParseResponse() in state 9
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 10
      Command: PBSZ 0
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 200 PBSZ=0
      Trace: CFtpLogonOpData::ParseResponse() in state 10
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpLogonOpData::Send() in state 11
      Command: PROT P
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 200 Data protection level set to "private"
      Trace: CFtpLogonOpData::ParseResponse() in state 11
      Status: Logged in
      Trace: Measured latency of 3 ms
      Trace: CFtpControlSocket::ResetOperation(0)
      Trace: CControlSocket::ResetOperation(0)
      Trace: CFtpLogonOpData::Reset(0) in state 14
      Trace: CFileZillaEnginePrivate::ResetOperation(0)
      Status: Retrieving directory listing...
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpListOpData::Send() in state 0
      Trace: CFtpChangeDirOpData::Send() in state 0
      Trace: CFtpChangeDirOpData::Send() in state 1
      Command: PWD
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 257 "/" is your current location
      Trace: CFtpChangeDirOpData::ParseResponse() in state 1
      Trace: CFtpControlSocket::ResetOperation(0)
      Trace: CControlSocket::ResetOperation(0)
      Trace: CFtpChangeDirOpData::Reset(0) in state 1
      Trace: CFtpListOpData::SubcommandResult(0) in state 1
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpListOpData::Send() in state 2
      Trace: CFtpRawTransferOpData::Send() in state 1
      Command: TYPE I
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 200 TYPE is now 8-bit binary
      Trace: CFtpRawTransferOpData::ParseResponse() in state 1
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpRawTransferOpData::Send() in state 2
      Command: PASV
      Trace: CTlsSocketImpl::OnRead()
      Trace: CFtpControlSocket::OnReceive()
      Response: 227 Entering Passive Mode (75,85,*,*,46,161)
      Trace: CFtpRawTransferOpData::ParseResponse() in state 2
      Trace: CControlSocket::SendNextCommand()
      Trace: CFtpRawTransferOpData::Send() in state 4
      Trace: Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.
      Command: MLSD
      Trace: CTransferSocket::OnConnect
      Trace: CTlsSocketImpl::Handshake()
      Trace: Trying to resume existing TLS session.
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: TLS handshake: About to send CLIENT HELLO
      Trace: TLS handshake: Sent CLIENT HELLO
      Trace: CTlsSocketImpl::OnSend()
      Trace: CTlsSocketImpl::OnSend()
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: CTlsSocketImpl::OnRead()
      Trace: CTlsSocketImpl::ContinueHandshake()
      Trace: CTlsSocketImpl::Failure(-110)
      Error: GnuTLS error -110: The TLS connection was non-properly terminated.
      Status: Server did not properly shut down TLS connection
      Trace: CTlsSocketImpl::OnSocketEvent(): close event received
      Trace: CTransferSocket::OnClose(106)
      Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
      Trace: CTransferSocket::TransferEnd(3)
      Trace: CFtpControlSocket::TransferEnd()
      Trace: CFtpControlSocket::ResetOperation(10)
      Trace: CControlSocket::ResetOperation(10)
      Trace: CFtpRawTransferOpData::Reset(10) in state 6
      Trace: CFtpControlSocket::ResetOperation(10)
      Trace: CControlSocket::ResetOperation(10)
      Trace: CFtpListOpData::Reset(10) in state 3
      Error: Directory listing aborted by user
      Trace: CFileZillaEnginePrivate::ResetOperation(10)
      Status: Disconnected from server
      Trace: CRealControlSocket::DoClose(66)
      Trace: CControlSocket::DoClose(66)
      Trace: CFtpControlSocket::ResetOperation(66)
      Trace: CControlSocket::ResetOperation(66)
      Trace: CFileZillaEnginePrivate::ResetOperation(66)
      Trace: CRealControlSocket::DoClose(66)
      Trace: CControlSocket::DoClose(66)
      Trace: CControlSocket::DoClose(66)
      Trace: CFileZillaEnginePrivate::ResetOperation(0)






      networking ubuntu router ftp ftps






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 19 at 18:29









      Kayson

      1201




      1201






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote













          Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.


          That’s pretty definitive. The client is not going to accept a control connection established over a local IP and a data connection over a different IP.



          Best solution should be to just change the local DNS to provide the public IP address. Shouldn’t be any harm in that if it works.






          share|improve this answer





















          • At first I thought it might be the client rejecting this particular sort of setup, but I tried several clients and none of those work. They just all time out... I'm trying to avoid doing that DNS setup in general because my router doesn't have enough CPU power to saturate my gigabit ethernet while looping back. So most services route over LAN and I can get the full speed. I don't mind if ftp loops back and is slower since I mainly use smb for file transfers anyways, but I'd like it to at least work...
            – Kayson
            Nov 19 at 18:56










          • @Kayson the log of whatever client you listed says the above and it is the client rejecting this setup. It’s probably a security feature. Maybe it can be changed on options in the client. But it’s not going to connect if the two IPs are different as is.
            – Appleoddity
            Nov 19 at 18:59










          • Yeah that does make sense. Thanks. I think I need to set up a different server
            – Kayson
            Nov 19 at 19:05










          • This is a terrible solution, but I changed my ftp server to respond to passive requests with the local IP. When accessed over WAN, the filezilla client recognizes the internal IP and ignores it, using the control host IP instead. When accessed over LAN, everything works fine.
            – Kayson
            Nov 19 at 19:36











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1376759%2fpassive-mode-ftp-works-over-wan-but-not-lan%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote













          Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.


          That’s pretty definitive. The client is not going to accept a control connection established over a local IP and a data connection over a different IP.



          Best solution should be to just change the local DNS to provide the public IP address. Shouldn’t be any harm in that if it works.






          share|improve this answer





















          • At first I thought it might be the client rejecting this particular sort of setup, but I tried several clients and none of those work. They just all time out... I'm trying to avoid doing that DNS setup in general because my router doesn't have enough CPU power to saturate my gigabit ethernet while looping back. So most services route over LAN and I can get the full speed. I don't mind if ftp loops back and is slower since I mainly use smb for file transfers anyways, but I'd like it to at least work...
            – Kayson
            Nov 19 at 18:56










          • @Kayson the log of whatever client you listed says the above and it is the client rejecting this setup. It’s probably a security feature. Maybe it can be changed on options in the client. But it’s not going to connect if the two IPs are different as is.
            – Appleoddity
            Nov 19 at 18:59










          • Yeah that does make sense. Thanks. I think I need to set up a different server
            – Kayson
            Nov 19 at 19:05










          • This is a terrible solution, but I changed my ftp server to respond to passive requests with the local IP. When accessed over WAN, the filezilla client recognizes the internal IP and ignores it, using the control host IP instead. When accessed over LAN, everything works fine.
            – Kayson
            Nov 19 at 19:36















          up vote
          1
          down vote













          Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.


          That’s pretty definitive. The client is not going to accept a control connection established over a local IP and a data connection over a different IP.



          Best solution should be to just change the local DNS to provide the public IP address. Shouldn’t be any harm in that if it works.






          share|improve this answer





















          • At first I thought it might be the client rejecting this particular sort of setup, but I tried several clients and none of those work. They just all time out... I'm trying to avoid doing that DNS setup in general because my router doesn't have enough CPU power to saturate my gigabit ethernet while looping back. So most services route over LAN and I can get the full speed. I don't mind if ftp loops back and is slower since I mainly use smb for file transfers anyways, but I'd like it to at least work...
            – Kayson
            Nov 19 at 18:56










          • @Kayson the log of whatever client you listed says the above and it is the client rejecting this setup. It’s probably a security feature. Maybe it can be changed on options in the client. But it’s not going to connect if the two IPs are different as is.
            – Appleoddity
            Nov 19 at 18:59










          • Yeah that does make sense. Thanks. I think I need to set up a different server
            – Kayson
            Nov 19 at 19:05










          • This is a terrible solution, but I changed my ftp server to respond to passive requests with the local IP. When accessed over WAN, the filezilla client recognizes the internal IP and ignores it, using the control host IP instead. When accessed over LAN, everything works fine.
            – Kayson
            Nov 19 at 19:36













          up vote
          1
          down vote










          up vote
          1
          down vote









          Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.


          That’s pretty definitive. The client is not going to accept a control connection established over a local IP and a data connection over a different IP.



          Best solution should be to just change the local DNS to provide the public IP address. Shouldn’t be any harm in that if it works.






          share|improve this answer












          Destination IP of data connection does not match peer IP of control connection. Not binding source address of data connection.


          That’s pretty definitive. The client is not going to accept a control connection established over a local IP and a data connection over a different IP.



          Best solution should be to just change the local DNS to provide the public IP address. Shouldn’t be any harm in that if it works.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 19 at 18:43









          Appleoddity

          6,83621024




          6,83621024












          • At first I thought it might be the client rejecting this particular sort of setup, but I tried several clients and none of those work. They just all time out... I'm trying to avoid doing that DNS setup in general because my router doesn't have enough CPU power to saturate my gigabit ethernet while looping back. So most services route over LAN and I can get the full speed. I don't mind if ftp loops back and is slower since I mainly use smb for file transfers anyways, but I'd like it to at least work...
            – Kayson
            Nov 19 at 18:56










          • @Kayson the log of whatever client you listed says the above and it is the client rejecting this setup. It’s probably a security feature. Maybe it can be changed on options in the client. But it’s not going to connect if the two IPs are different as is.
            – Appleoddity
            Nov 19 at 18:59










          • Yeah that does make sense. Thanks. I think I need to set up a different server
            – Kayson
            Nov 19 at 19:05










          • This is a terrible solution, but I changed my ftp server to respond to passive requests with the local IP. When accessed over WAN, the filezilla client recognizes the internal IP and ignores it, using the control host IP instead. When accessed over LAN, everything works fine.
            – Kayson
            Nov 19 at 19:36


















          • At first I thought it might be the client rejecting this particular sort of setup, but I tried several clients and none of those work. They just all time out... I'm trying to avoid doing that DNS setup in general because my router doesn't have enough CPU power to saturate my gigabit ethernet while looping back. So most services route over LAN and I can get the full speed. I don't mind if ftp loops back and is slower since I mainly use smb for file transfers anyways, but I'd like it to at least work...
            – Kayson
            Nov 19 at 18:56










          • @Kayson the log of whatever client you listed says the above and it is the client rejecting this setup. It’s probably a security feature. Maybe it can be changed on options in the client. But it’s not going to connect if the two IPs are different as is.
            – Appleoddity
            Nov 19 at 18:59










          • Yeah that does make sense. Thanks. I think I need to set up a different server
            – Kayson
            Nov 19 at 19:05










          • This is a terrible solution, but I changed my ftp server to respond to passive requests with the local IP. When accessed over WAN, the filezilla client recognizes the internal IP and ignores it, using the control host IP instead. When accessed over LAN, everything works fine.
            – Kayson
            Nov 19 at 19:36
















          At first I thought it might be the client rejecting this particular sort of setup, but I tried several clients and none of those work. They just all time out... I'm trying to avoid doing that DNS setup in general because my router doesn't have enough CPU power to saturate my gigabit ethernet while looping back. So most services route over LAN and I can get the full speed. I don't mind if ftp loops back and is slower since I mainly use smb for file transfers anyways, but I'd like it to at least work...
          – Kayson
          Nov 19 at 18:56




          At first I thought it might be the client rejecting this particular sort of setup, but I tried several clients and none of those work. They just all time out... I'm trying to avoid doing that DNS setup in general because my router doesn't have enough CPU power to saturate my gigabit ethernet while looping back. So most services route over LAN and I can get the full speed. I don't mind if ftp loops back and is slower since I mainly use smb for file transfers anyways, but I'd like it to at least work...
          – Kayson
          Nov 19 at 18:56












          @Kayson the log of whatever client you listed says the above and it is the client rejecting this setup. It’s probably a security feature. Maybe it can be changed on options in the client. But it’s not going to connect if the two IPs are different as is.
          – Appleoddity
          Nov 19 at 18:59




          @Kayson the log of whatever client you listed says the above and it is the client rejecting this setup. It’s probably a security feature. Maybe it can be changed on options in the client. But it’s not going to connect if the two IPs are different as is.
          – Appleoddity
          Nov 19 at 18:59












          Yeah that does make sense. Thanks. I think I need to set up a different server
          – Kayson
          Nov 19 at 19:05




          Yeah that does make sense. Thanks. I think I need to set up a different server
          – Kayson
          Nov 19 at 19:05












          This is a terrible solution, but I changed my ftp server to respond to passive requests with the local IP. When accessed over WAN, the filezilla client recognizes the internal IP and ignores it, using the control host IP instead. When accessed over LAN, everything works fine.
          – Kayson
          Nov 19 at 19:36




          This is a terrible solution, but I changed my ftp server to respond to passive requests with the local IP. When accessed over WAN, the filezilla client recognizes the internal IP and ignores it, using the control host IP instead. When accessed over LAN, everything works fine.
          – Kayson
          Nov 19 at 19:36


















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1376759%2fpassive-mode-ftp-works-over-wan-but-not-lan%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          AnyDesk - Fatal Program Failure

          How to calibrate 16:9 built-in touch-screen to a 4:3 resolution?

          QoS: MAC-Priority for clients behind a repeater