FTP over TLS "Failed to retrieve directory listing"

H

HIPPOLICE

Dabbler
Joined
Jul 5, 2018
Messages
10
So this will be my second ever post here on the forums but I need help again and I got some very helpful advice the last time! This time I need help setting up FTP for my FreeNAS box. I'm completely self taught in anything computers and I'm in WAY over my head here, so don't crucify me! I'm attempting to setup my FreeNAS for remote FTP access and I have already been at this for I kid you not 10HRS+ between troubleshooting all the issues I've run into. As of now I've gotten the port forwarding setup for port 21, setup the certificates for FTP over TLS (this was especially a pain for me), and now I've run into an issue in filezilla where it will accept my credentials and log in but will say "failed to retrieve directory listing". I havent been able to find anything especially useful here on the forums or otherwise. anyone have ideas?????? I feel like I've tried everything at this point. here is what I'm getting from filezilla.

Status: Connecting to <my IP address>:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: MLSD
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing

also, I am running filezilla on a separate laptop on my phones hotspot to act as my external connection.
 
D

dlavigne

Guest
Were you able to resolve this? If not, we'll need more info as per the Forum Rules such as FreeNAS version, output of ifconfig, and any errors in /var/log/messages or /var/log/auth.log when the connection times out.
 
H

HIPPOLICE

Dabbler
Joined
Jul 5, 2018
Messages
10
dlavigne said:
Were you able to resolve this? If not, we'll need more info as per the Forum Rules such as FreeNAS version, output of ifconfig, and any errors in /var/log/messages or /var/log/auth.log when the connection times out.
Click to expand...
Will do! Thanks for the response! I haven't been able to resolve this issue yet.

I'm currently running freenas ver 11.1-U5 on an old server tower I snagged from work. 4 core xeon with 8GB ECC memory. auth.log, messages, and ifconfig was quite a bit of text so i lumped it all into a txt file attached.
 

Attachments

  • freenas Help.txt
    17.2 KB · Views: 570
D

dlavigne

Guest
Out of curiosity, why are you using the Realtek interface (re0) instead of the Broadcom (bge0)? Switching away from the Realtek might resolve the issue.
 
H

HIPPOLICE

Dabbler
Joined
Jul 5, 2018
Messages
10
dlavigne said:
Out of curiosity, why are you using the Realtek interface (re0) instead of the Broadcom (bge0)? Switching away from the Realtek might resolve the issue.
Click to expand...
I ran into issues with the NIC on the motherboard and had to replace it with an aftermarket one. “bge0: watchdog timeout – resetting” is what i kept getting. if it helps this is my first post from when i had that issue. https://forums.freenas.org/index.php?threads/new-and-in-need-of-help.68360/#post-468476
 
Last edited:
H

HIPPOLICE

Dabbler
Joined
Jul 5, 2018
Messages
10
So here is an update... I put my external ip address into the "masquerade address" field in the freenas web GUI and i seem to have made it a bit further? I still cant get the directory listing but now it gives me this in filezilla. \/ \/ \/ \/ \/

Status: Resolving address of freenas.mydomain.com
Status: Connecting to xxx.xxx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (50,70,82,249,4,249).
Command: MLSD
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing

HOWEVER, i dont know how well this will work? i tried my DDNS domain name in the masquerade address field and it told me it needs an ip address. would that mean i would have to manually update that field when my isp changes my external ip? im lost here
 
T

titan_rw

Guru
Joined
Sep 1, 2012
Messages
586
Hi.

You mentioned you read my 5 year old post from here: https://forums.freenas.org/index.ph...ve-directory-listing-problem.6156/#post-58785

I think the first large paragraph applies to your situation. Just to be sure, everything works from the same lan?

The filezilla log does show it's trying passive. It's asking the client to connect to it on 50.70.82.249:1273. Is port 1273 within the port range defined in the freenas ui? Is it forwarded from your home router to the internal IP of the freenas machine?

You're right, you will have to update the external IP address in the UI every time your external IP changes. The ftp protocol was originally designed in the early 70's, with revisions in the 80's, and 90's. I'm sure a ftp server having a non static IP was never envisioned.

Is there a specific reason you need FTP(s) to work? sFTP (ftp over ssh) is much easier to get working through NAT, and doesn't much care about changing IP's as long as a dynamic hostname resolves to it. Obviously it requires opening up ssh to the internet, but you're already opening up FTP to the internet so I'm assuming this would be ok. SSH can be set to key authentication only as well. For either protocol, I'd recommend not using the default port, and picking a random high port to use.
 
H

HIPPOLICE

Dabbler
Joined
Jul 5, 2018
Messages
10
titan_rw said:
Hi.

You mentioned you read my 5 year old post from here: https://forums.freenas.org/index.ph...ve-directory-listing-problem.6156/#post-58785

I think the first large paragraph applies to your situation. Just to be sure, everything works from the same lan?

The filezilla log does show it's trying passive. It's asking the client to connect to it on 50.70.82.249:1273. Is port 1273 within the port range defined in the freenas ui? Is it forwarded from your home router to the internal IP of the freenas machine?

You're right, you will have to update the external IP address in the UI every time your external IP changes. The ftp protocol was originally designed in the early 70's, with revisions in the 80's, and 90's. I'm sure a ftp server having a non static IP was never envisioned.

Is there a specific reason you need FTP(s) to work? sFTP (ftp over ssh) is much easier to get working through NAT, and doesn't much care about changing IP's as long as a dynamic hostname resolves to it. Obviously it requires opening up ssh to the internet, but you're already opening up FTP to the internet so I'm assuming this would be ok. SSH can be set to key authentication only as well. For either protocol, I'd recommend not using the default port, and picking a random high port to use.
Click to expand...

Thanks for the help!! That’s all been very helpful!

So for starters; no, it doesn’t work over the same LAN. I actually never thought to check and see. The laptop I’m trying to use remotely wouldn’t be on that LAN so why try is what I was thinking.

I set the GUI and forwarded the port range for ports 1024-2000 so that port should be open to the FreeNAS box.

And no there isn’t specific reason I need FTP over TLS the only reason I chose to use it was because it was the option I found the most info on and I only had experience with the windows environment up until I started using FreeNAS.. Like I said I am completely self-taught and this is what happens when I have to piece things together from the scraps I can find on the internet. So I guess I chose out of pure blind ignorance? lol

I will check out the sFTP like you said. That sounds like exactly what I need. Do you have any advice on the subject? I have very little experience with the shell and some experience with the windows command prompt. Also, ANY information you can provide about the key authentication would be tremendously helpful! That was a huge hurdle for me and I still don’t know if I have the certificates set up right...

I would love to go to school for the subject but I don’t have the means or the time! :/
 
D

Ddog 800

Cadet
Joined
Jul 13, 2015
Messages
6
I ran into a similar problem when setting up regular ftp over TLS. Go into the FTP server configuration and check the 'masquerade address' setting. This needs to match the public IP address for your network. You can use something like ipchicken.com to check that quickly.

If that's already set correctly, then it must be a different issue causing the problem. :)
 
hugovsky

hugovsky

Guru
Joined
Dec 12, 2011
Messages
567
HIPPOLICE said:
HOWEVER, i don't know how well this will work? i tried my DDNS domain name in the masquerade address field and it told me it needs an IP address. would that mean i would have to manually update that field when my isp changes my external IP? im lost here
Click to expand...

Yes. You do.

Ddog 800 said:
I ran into a similar problem when setting up regular ftp over TLS. Go into the FTP server configuration and check the 'masquerade address' setting. This needs to match the public IP address for your network. You can use something like ipchicken.com to check that quickly.

If that's already set correctly, then it must be a different issue causing the problem. :)
Click to expand...

This.
 
You must log in or register to reply here.

Similar threads

T
FTP TLS Problems
Replies
3
Views
3K
Heracles
Heracles
B
  • Locked
FTP "Error: Failed to retrieve directory listing" problem
Replies
8
Views
32K
titan_rw
T
M
  • Locked
Large FTP file upload fails
Replies
12
Views
5K
Myopia
M
S
  • Locked
FTP - "GnuTLS error -110: The TLS connection was non-properly terminated."
Replies
4
Views
6K
Spencer Skinner
S
shpokas
FTP: proftpd and TLS session reuse
Replies
1
Views
1K
m_oz
M
Top