Command: PASV
Response: 227 Entering Passive Mode (192,168,1,125,217,54)
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: MLSD
If I'm interpreting this correctly (and I honestly have no clue at this point), I *think* the NAS box is seeing the incoming request on port 21021 as it should, and attempting to connect via some other outgoing port unsuccessfully, correct? The 'Entering Passive Mode' line is what has me confused.... What is it, what does it do, how does it work, and how the heck do I make this thing work properly?
If anyone has any ideas, I'm all ears... I have NO IDEA where to go from here.... I have no idea if this is a NAS issue or a routing issue from here? Help!??!
Thanks gang!
-Joe
A bit of both actually, the connection is not being correctly routed because the NAS is incorrectly configured.
First - so that you understand the problem - a little bit on ftp.
For the purpose of this discussion I'm going to ignore all forms of secure ftp - so that leaves us with just two - standard (active mode) ftp and passive mode ftp - ftp is somewhat unique in that it requires two separate connections, a control connection and a data connection.
With standard ftp, the control connection is made, from the client to the server on port 21, and the data connection is made in the opposite direction, from the server to the client, usually on port 22.
Now - back when consumer routers were just hitting the market, and NAT, the process used to share an ip address was new, the routers would allow all outgoing connection requests, and allow any responses to those requests back in, sending them to the internal host that it could match the response to - any incoming traffic that could not be matched would be discarded.
This caused problems for standard ftp, because the data connection was an incoming request, that did not have a prior outgoing request to be matched against - you might think it could be matched against the control connection, but that already has both request & response, so it is already complete. More recent NAT routers use a process called "ftp protocol fixup", that fixes this, but only if standard ports are used.
To get around this problem passive ftp was born - with passive ftp, both connections are made from client to server, and the server tells the client what ip address and port to make the data connection on.
When the client sends a request for a passive connection (that's the PASV command you see), the server responds with the data channel details to be used to make the connection - in this case - 227 Entering Passive Mode (192,168,1,125,217,54) - the problem is that the NAS which is not setup correctly is sending the client, a private non routable address - 192.168.1.125 - and so the client returns the error - Server sent passive reply with unroutable address. Using server address instead - additionally, you probably don't have the data port forwarded, causing the connection to time out.
How to make it work.
Either use standard ftp (tell the client not to use passive mode ftp) - which will fail, because you have chosen a non standard port to connect on - or configure the NAS
AND router to use passive mode ftp.
For passive ftp to work, you MUST configure the NAS to send the public address (there is a check box in the ftp setup to do this) AND you MUST configure the router to forward the range of passive ftp ports that the NAS uses.
By the way - thank you for not obscuring the ip address details in your post - this makes it very easy for me to see where your problem lies, and to offer a solution.
Author
Topic: 323 + Linksys Router = neverending frustration (Read 7026 times)