Problem with passive mode (urgent problem - please help)

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
cpi-ivu
500 Command not understood
Posts: 3
Joined: 2021-02-22 10:25
First name: Christoph
Last name: P.

Problem with passive mode (urgent problem - please help)

#1 Post by cpi-ivu » 2021-02-22 10:40

Hi!
I have an urgent problem: I'm running Filezilla Server on an Amazon EC2 instance. I want the server to be accessible
from intern (IP: 172.100.51.4). Now the EC2 instance has a public elastic IP. Now the problem: As I have to use passive
mode, either the clients from inside kann transfer files (Settings -> Passive Mode Settings -> IP set to [Default]), or
the Clients from outside can connect (Settings -> Passive Mode Settings -> IP set to [the public IP]).

It seems that because the IP 172.100.51.4 is internet routable, the server doesn't accept
transfers because it thinks the IP is Public and therefore adds the real public IP to the FTP packages.

How to solve this problem?

Thanks!

User avatar
botg
Site Admin
Posts: 33352
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Problem with passive mode (urgent problem - please help)

#2 Post by botg » 2021-02-23 08:53

Leaving it at default should work in all cases.

Is their a NAT involved that changes the source IP of incoming connections?

cpi-ivu
500 Command not understood
Posts: 3
Joined: 2021-02-22 10:25
First name: Christoph
Last name: P.

Re: Problem with passive mode

#3 Post by cpi-ivu » 2021-02-23 12:39

botg wrote:
2021-02-23 08:53
Is their a NAT involved that changes the source IP of incoming connections?
No. It's an EC2 instance with elastic Public IP adress. It should act like an normal internet-connected server.
botg wrote:
2021-02-23 08:53
Leaving it at default should work in all cases.
So what we have discovered is, that if you choose "default" the client is told to use the internal IP of the instance (172.100.51.4). So for internal clients there is no problem when connecting and transferring. But if an external client tries to connect, it gets the same (172.100.51.4) IP and therefore doesn't know how to transfer (you can see the 172.100.51.4 in the response log of the server) - although the connection is successful.

If we set the external IP in the settings, it's vice versa: the external clients can connect and transfer, but the internal only can connect and not transfer.

We have now connected the internal instance that is holding the client to the internet and connected against the public IP of the server holding isstance. We can now connect to the serve successfully.

The question is: why do internal clients get the external IP as target if they come from 172.100.51.4? Why don't they simply get the source IP (=172.100.51.4) as target to connect? Is that because 172.100.51.4 is outside Class B?

Thanks in advance!

User avatar
boco
Contributor
Posts: 25437
Joined: 2006-05-01 03:28
Location: Germany

Re: Problem with passive mode (urgent problem - please help)

#4 Post by boco » 2021-02-23 16:48

FileZilla Server has an option to handle local connections. Unfortunately, the "local" IP you have does not fall into one of the private ranges reserved for that purpose.
Alone the fact that you have both an "internal" and external IP means there is some type of gateway (most probably NAT) in place. A direct dedicated connection to the Internet would provide you with one public IP address only.

Pragmatic solution: Have internal clients use Active (PORT) mode. That should work as the client will propose the IP.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

cpi-ivu
500 Command not understood
Posts: 3
Joined: 2021-02-22 10:25
First name: Christoph
Last name: P.

Re: Problem with passive mode (urgent problem - please help)

#5 Post by cpi-ivu » 2021-02-24 08:07

boco wrote:
2021-02-23 16:48
FileZilla Server has an option to handle local connections. Unfortunately, the "local" IP you have does not fall into one of the private ranges reserved for that purpose.
Ok. But what is the action by the server then (saying: there comes an connection from 172.100.51.4)? It allows the login but denies the transfer? Why accepting the login?
boco wrote:
2021-02-23 16:48
Alone the fact that you have both an "internal" and external IP means there is some type of gateway (most probably NAT) in place. A direct dedicated connection to the Internet would provide you with one public IP address only.
Yes your're right. But there is no extra NAT Gateway. Only the standard AWS NAT way.
boco wrote:
2021-02-23 16:48
Pragmatic solution: Have internal clients use Active (PORT) mode. That should work as the client will propose the IP.
Sadly, that's no option for us as our software can't manage active FTP connections.

So all in all: we only have the option to access over the right Class B net or through the external IP?

Post Reply