Products > Test Equipment
HP1660 Logic Analyser and communicating through X Windows setup.
<< < (4/5) > >>
tverbeure:

--- Quote from: colorado.rob on December 27, 2023, 08:10:15 pm ---This is almost certainly a firewall issue on the client machine or on the router between the client machine and the instrument. FTP requires clients to allow access from the server unless explicitly using PASV (passive) mode. The hang you are seeing when the server needs to send data is a key hint that this is the problem. In your FTP application, send the "pasv" command before sending any other commands.

--- End quote ---

That what I thought as well. I've tried the following:


* Open up TCP ports 20 and 21.
* Use the PASV command
When I issue the PASV command, it get:
ftp> quote pasv
502 PASV command not implemented.

Opening up port 20 and 21 didn't help either.
fenugrec:
I just checked my settings in Filezilla (I'm thanking myself for saving it as a preset...), I had to select "Active only" (as you found, PASV is not supported), and also limit the number of simultaneous connections to 1.
tverbeure:
UFW is definitely blocking FTP traffic:

[120802.397548] [UFW BLOCK] IN=wlp5s0 OUT= MAC=78:2b:46:be:5d:f7:00:10:83:7b:93:95:08:00 SRC=192.168.1.200 DST=192.168.1.51 LEN=44 TOS=0x00 PREC=0x00 TTL=255 ID=1895 PROTO=TCP SPT=20 DPT=50021 WINDOW=0 RES=0x00 SYN URGP=0

192.168.1.200 (source port 20) is the logic analyzer, 192.168.1.51 (dest port 50021) is the PC. The problem is that you can't filter on source ports with UFW (and I really don't want to use iptables...)

I can make FTP work when I do:

sudo ufw allow from 192.168.1.200

Not ideal from a security point of view but better than nothing...
alm:
With active mode FTP, the server will make a second TCP connection to the client with source port 20 and a random port >1024 on the client. This is really annoying for the firewall. Back when FTP was common, firewalls firewall software had specific support for FTP where they inspected the traffic and detected when the server would open a connection, and temporarily allow that specific connection. Looks like this solution/hack might work with ufw. A workaround is allowing all incoming TCP connections to port > 1024 with source port 20, though that's not water tight.

Passive mode moves the misery from the client to the server.
tverbeure:
Somebody on hacker news mentioned nf_conntrack_ftp: it automatically opens up port 20 when it detects ftp transactions.

Chances are that Ubuntu 18.04 has something like this enabled by default but 20.04 doesn’t. I’ll give that a try.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod