I can not access to port 21 using Cuteftp ftp, FileZilla, etc.

[Fernando Salazar]

Hey guys, I would appreciate your response on the following:

I'm using google compute engine, I installed plesk, directAdmin, ispconfig   and others panels, but I can not access via FTP to a domain or ip, I get this message.

Timeout detected.
Could not retrieve directory listing
Error listing directory '/'.

What could be the problem.

I have enabled port 21 in firewall compute engine, I've also disabled all firewalls in all control panels.

¿ What could be the problem?

Thank you for your response.

[Eran Sandler]

Have you installed an FTP server?

You can also use SFTP via SSH to transfer files or use the gcutil command to transfer files to/from the server.

Eran

--
© 2014 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/07919865-c997-4794-9cd6-46e9d2a8c8ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Fernando Salazar]

Thanks for your reply.

The ftp server is installed.

I need every user to send or upload files to your domain account using an FTP program, for example:
In cpanel each user would have to upload files to your account.

¿ What could be the problem?

Thank you for your response.

[VIjay Gadde]

I think its NAT issue. Is you panel support 1:1NAT forwarding ?

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/92b0e896-e0bf-4040-80a2-cbfb3c5d5b2d%40googlegroups.com.

[Eran Sandler]

You have a firewall in GCE itself which you need to enable based on tags. You can tag the instance (not meta data but tags) as "ftp" and add a rule for incoming requests on port 21 for instances with tag "ftp".

You should also make sure you are not accidentally running a local firewall (iptables or through ufw or whatever you use) which might be blocking port 21 as well.

In addition to that there is the whole PASSIVE mode in FTP which may require additioinal ports to be open.

Eran

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/92b0e896-e0bf-4040-80a2-cbfb3c5d5b2d%40googlegroups.com.

[Fernando Salazar]

Apology.

Thanks for the reply Eran.

I've tried everything but does not work.

This my capture in the firewall:

http://i.imgur.com/1DXmYrO.jpg

I think the problem is in the next picture, see highlighted in red.

http://i.imgur.com/YrFjImV.jpg
The connection is established with server ip but cannot read the directory list.

[Brian Haney]

Are you running the FTP client in passive mode?

IIRC, the FTP connection on port 21 is simply a control connection. It is not normally used for data transport. When you give a PUT or GET command, the FTP server dynamically listens on another port, then tells the client on the control connection which port number its listening on. It plays hell with firewalls that don't do packet inspection and open the ports on the fly.

But a simpler way to for the client to give the server the PASSIVE command, after which subsequent data connections happen over server port 21.

It's been a while, but that's my recollection.

[Brian Haney]

Oh, and getting a directory listing is still a data transfer. It's just that the client can interpret that data.

On Tuesday, June 24, 2014 4:18:12 PM UTC-7, Fernando Salazar wrote:

[Eran Sandler]

Your problem is the source tags, you need to clear that out. Source Tags are used to make sure traffic from one type of instances you have will go to only another type of instances (the target tags).

Your rule should look like this: http://imgur.com/9tUB0b8

But instead of port 80 it should be 21.

Eran

On Thu, Jun 26, 2014 at 1:22 AM, Fernando Salazar <empres...@gmail.com> wrote:

Thanks for the reply Eran.
I've tried everything but does not work

This my capture in the firewall:

http://postimg.org/image/u3cf7na33/

I think the problem is in the next picture, see highlighted in red.

http://postimg.org/image/5wxcyuy1f/

The connection is established with server ip but cannot read the directory list.



El miércoles, 25 de junio de 2014 05:59:20 UTC-5, Eran Sandler escribió:

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/0eccc964-76ee-4f0e-a768-fd1c8f4907a9%40googlegroups.com.

[Bri Hatch]

FTP always uses 2 ports.

Client:ephemeral ===> server:21, the command channel.

Then each data transfer (file content, directory listing, etc) creates its own channel with different port settings each time.

Active FTP: server initiates TCP connection to client on ephemeral port

Passive FTP: client initiates TCP connection to server on ephemeral port.

As you can guess, this is a horrible protocol that firewalls hate because the ports used are decided by the server or client in real time. If there's one or more NATs in the way it gets really ugly.

I'm sure it's possible to get this working, depending on your configuration, but you may well need to open up *EVERY SINGLE PORT* to te GCE firewall, or at least limit the ports your FTP server wants to use in the FTP server config and then limit the GCE firewall to those ports.

You still have to pray something is re-writing the command channel (since IPs are used in the clear, and do not survive NAT without assistance by the firewall or NAT gateway).

tl;dr: FTP sucks, do not use.

 

--

© 2014 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/ce81b06d-be7b-446e-9d84-92cac59f73d0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
Bri Hatch <b...@extrahop.com>, Director of EHIT.

"It's hard to feed you when your head's upside down."
--Bri, to Lainee

[Fernando Salazar]

Thank you very much to all for your responses.

I'm happy because I was able to fix the problem.

The cause was my firewall from my computer windows 7.

At first I did not disable my firewall, because I work smooth with other ftp accounts from other companies

There was a detail when preferences in filezilla ftp connection will switch to active mode and I came out selling firewall to allow connections from filezilla then I thought that was the problem and when I disable the firewall, this work.

Have nice day and thanks.

[Alex Szilagyi]

Am I'm doing something wrong here? currently I have installed cPanel on GCE VM and try to enable ftp login over GCE VM.

Here's my firewall rule that I have applied:

And here's my output of the Filezilla:

Any idea how to solve this issue?

[kapil...@eduex.guru]

I am trying to connect sftp using ssh filezilla client but get this error

Disconnected: No supported authentication methods available (server sent: publickey)

Disconnected: No supported authentication methods available (server sent: publickey)

Thanks