# FTP client failed to retrieve directory listing



## c00kie (May 12, 2012)

I'm using FileZilla to log in to my FreeBSD VPS server:


```
Status:	Connecting to 1.2.3.4:21...
Status:	Connection established, waiting for welcome message...
Response:	220- Login to the FTP service
Response:	220 demo.mydomain.com FTP server (Version 6.00LS) ready.
Command:	USER user
Response:	331 Password required for user.
Command:	PASS ********
Response:	230- Thanks, you are now logged in to the FTP server
Response:	230 User user logged in.
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/usr/home/user" is current directory.
Command:	TYPE I
Response:	200 Type set to I.
Command:	PASV
Response:	227 Entering Passive Mode (1,2,3,4,207,32)
Command:	LIST
Error:	Connection timed out
Error:	Failed to retrieve directory listing
```

/etc/ftpmotd and /etc/ftpwelcome are set up.

My firewall is set to allow connections to port 21.

Why won't the GUI display the directory listing?


----------



## usdmatt (May 12, 2012)

Welcome to the world of trying to firewall FTP...

Port 21 is only used for the control channel, data (such as directory listings) are sent over a separate connection to a random port.

As you are using passive mode your client is trying to connect to the server on a different port, as specified here in your log:


```
Command:	PASV
Response:	227 Entering Passive Mode (1,2,3,4,207,32)
```

The client sends the 'PASV' command and the server is telling the client to connect back to 1.2.3.4 on port 207,32 (split into two octets). It's actually (207*256)+(32)=53024.

Obviously this port is blocked so the data connection doesn't work. You could try setting Filezilla (good client choice ) to use active mode (which works the other way round) and hope the router your end has the ability to automatically allow the connection back in, or you can stick with passive mode and open all the ports on your server that FTP might use.

According to this post - http://forums.freebsd.org/showthread.php?t=11460 - the ports are controlled by the net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast sysctls so you can open just the range specified in these. I would be wary of reducing this range too much as I'm not sure what parts of FreeBSD use them but if you're really against opening a bunch of high ports, you could always install an FTP server that allows you to set the passive port range and choose a much more restrictive range. You should only really need as many ports in the range and you may have simultaneous data connections.


----------



## c00kie (May 13, 2012)

Hi, and thanks



			
				usdmatt said:
			
		

> You could try setting Filezilla (good client choice ) to use active mode (which works the other way round) and hope the router your end has the ability to automatically allow the connection back in,



Doesn't work , returns a critical file transfer error so my router must be preventing it from working.

According to this post - http://forums.freebsd.org/showthread.php?t=11460 - the ports are controlled by the net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast sysctls so you can open just the range specified in these. 

Could you advise on this a little more. From the reference above

net.inet.ip.portrange.hifirst
net.inet.ip.portrange.hilast

Where do I make these changes? Which file do I edit? Is it this file: /etc/sysctl.conf?

I don't want to make a syntax error, how do I add the entries?

This is purely a guess:


```
# $FreeBSD: release/9.0.0/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
#
#  This file is read when going to multi-user and its contents piped thru
#  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.
#

# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0

net.inet.ip.portrange.hifirst=49152
net.inet.ip.portrange.hilast=65535
```

Other files related to FTP in FreeBSD I've noticed:

/etc/pam.d/ftpd
/etc/rc.d/ftpd
/usr/libexec/ftpd
/usr/libexec/tftpd


----------



## usdmatt (May 14, 2012)

I'm pretty sure you've got the entries in sysctl.conf right. If it's wrong then the settings in that file (which is just those two anyway) won't get applied which isn't the end of the world.

If it were me I would take a quick look at the man page as suggested at the top of the file to make sure.


----------



## c00kie (May 14, 2012)

usdmatt said:
			
		

> I'm pretty sure you've got the entries in sysctl.conf right.



All's well, and FTP is now listing directories. Another way would be to open up high value ports in one's firewall configuration maybe?

Thanks for the tutorial on FTP though, really informative.


----------



## kpa (May 14, 2012)

One way is to set up a proxy for ftp on the router/firewall. The builtin ftp-proxy(8) should work, I haven't tried it myself though.


----------



## mroussin51 (Jul 6, 2012)

*filezilla supports sftp*

Hello there;

I thought one might just use sftp from within filezilla. I am not an expert but I think it is more secure since it is using your ssh key for authentication and it only requires one port.

regards,

mroussin51


----------



## c00kie (Jul 7, 2012)

mroussin51 said:
			
		

> Hello there;
> 
> I thought one might just use sftp from within filezilla. I am not an expert but I think it is more secure since it is using your ssh key for authentication and it only requires one port.
> 
> ...



Yes, I found that. Using SFTP bypasses all the afore-mentioned issues, passive mode, random ports and even prevents so-called 'man in the middle attacks'.

thanks again.


----------



## niblick (Oct 3, 2013)

*File Sync*

We had a similar issue and it turns out to have been an issue with our file sync program not replicating the new folder to its load balanced partner.


----------



## yahooda (Oct 28, 2013)

*Filezilla â€“ FTP (File Transfer Protocol) Error*

I got this error: 
	
	



```
Connection timed out and Failed to retrieve directory listing
```
 in FileZilla, while trying to connect my hosting space. Click below link for detailed description.

http://www.kodepool.com/2013/10/22/filezilla-ftp-file-transfer-protocol-error/


----------



## SirDice (Oct 28, 2013)

Passive FTP usually works unless the server is behind a firewall. Active FTP only works when the client is NOT behind a firewall. If both the server and the client are behind a firewall none will work unless either side set up special firewall "helpers" to work around the random port selection of the data channel.


----------

