Cannot connect to FTP server

Hello Anne,
On Fetch, go to the preferences-->Fire Wall--> unlick "use passive mode transfers (PASV). This should work.
Nick

I am having similiar problems. It seems that a server here at my office is a lil older and I get a incompatible message when I try to connect. Something about FTP protocal or whatever. Why must a step forward always involve so much strife?

I have the exact same problem. I've tried connecting using Transmit, Fetch, RBrowser, and last but not least, Finder. I've used passive mode, active mode, and I've tried this on two different computers running the same OS.

On Windows it works just fine.

From this I can only assume it's an OS issue of some sort.

When I try to connect, it appears to connect, but spins its wheels when attempting to actually pull up the file list, then fails.

This has only happened since upgrading to 10.4.1 (I think)

I have a similar problem. I can connect to some servers but not others. I have tried all ftp applications and the main one I use is transmit. Seems like people on PC's can login with my server, user, and pass info. But I get either a erver not found or error message. My firewll settings on my mac are not active so I don't think this could be the problem. I am going straight from the cable modem to my computer so a router can't be the probem either. Anyone have any ideas?

I seem to have discovered a workaround.

When I turn off my firewall, suddenly I can FTP just fine. It's a minor pain, but at least it works!

My web host told me it had something to do with "multiple NAT routing", which is relatively meaningless to me, but might be useful to the more technically oriented. In essence, going through too many steps of routers and firewalls can screw up FTP.

I am also having the same problem. I connecting to all other networks just fine, but connecting to my friends Server doesn't seem to work. I've tried everything from different FTP Clients, to different ways to type the domain name/ip address.

Any help here?

Heres a silly question, Andrew-
Are you sure that the server over at Friend's is running?

Can you turn off (your) firewall (briefly) and try again?

Have you ever used Terminal? Do you know how to FTP, using command line in the Terminal app?

Or you can see if this recent thread addresses the issue, either on your machine, or Friend's ftp server.
Kiwi Graham, "Firewall blocks FTP Connection" #1, 10:52am Sep 8, 2005 CDT

Tiger handles the firewall setting for ftp differently than Panther. It seems that this implementation (at least for 10.4.0 which is what i'm still running on my PB), actually breaks a working solution in Panther (10.3.9 running on my cube). In System Prefs, Sharing the ftp service toggle does not apply an ipfw rule correctly. What it does is add the rules:

<code>allow tcp from any to any 20 in
allow tcp from any to any 21 in</code>

when it should be adding:

<code>allow tcp from any to any 20-21 in
allow tcp from any 20,21 to any 1024-65535 in</code>

in order to make high ports available for passive ftp.

You can resolve the problem in one of two ways. One is to simply turn ftp off in System Prefs, Sharing, Services and then manually add the correct rules in terminal using:

<code>sudo ipfw add allow tcp from any to any 20-21 in
sudo ipfw allow tcp from any 20,21 to any 1024-65535 in</code>

The other is to simply create a new rule in System Prefs, Sharing, Firewall that would reflect the second rule. I have not tried the latter but it should work. If you do the former then expect System Prefs, Sharing to complain when you go to the firewall tab that another firewall software is running.

Can somebody running 10.4.2 check to see if this has already been addressed. That would motivate me to update.

Reply to Amedeus
1. The issue hasn't been addressed in 10.4.2
2. Turning off the firewall does provide the workaround to allow incoming FTP to work
3. I think you omitted the 'add' action in your second rule (ipfw add allow ...)
4. Entering your two new rules works and clicking on the Firewall tab does get a complaint. I assume that all the other rules are valid and the firewall is working.
5. I'm not quite sure how to add the 2nd rule through Sys Prefs, Sharing, Firewall, Add. Their's only one field to enter port numbers.

Thanks for your insight into this problem. It has been driving me crazy for the last two weeks.

Amadeus

In your explanation you seem to be confusing incoming with outgoing FTP connections. The original poster is saying he can't connect to a separate server via FTP, and you are referring to activating FTP in the Sharing control panel, which allows for incoming connections -- e.g. his computer is the server to which others connect.

Haven't tried your fix via command-line, but I thought a clarification was in order for others reading the thread.

I may just have to switch to BrickHouse for managing my Firewall for the time being.... http://personalpages.tds.net/~brian_hill/brickhouse.html

Additional observations:

1. Amedeus ipfw fixes work. However when one re-boots they are lost.
2. The fixes worked for my FTP clients CuteFTP on both my Mac and Win machines.
3. None of the various fixes worked when using the Terminal FTP. It logs in ok but when one trys to access files (ls) it just hangs with the message 'Entering Extended Passive Mode (|||49245|)
4. All things considered, the easiest temporary work around is to simply turn off the OS firewall. Hopefully, Apple will resolve this issue in 10.4.3.

Below is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.
Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Source:
http://slacksite.com/other/ftp.html#pasvexample

I put the information out there as I was working through the problem. For a full explanation of working "under the hood" with ipfw, I would suggest this MacDevCenter article. It describes many aspects of the firewall in good enough detail to do what I needed done. On the second page, you will find instructions on making your new rules available after a reboot.

I've been having the exact same problem, and recently stumbled across an FTP client that can connect. None of the others connect, but Yummy FTP does. I emailed the author and he guessed it might be that they do something different with error correction....

(No, I'm in no way associated with the company...)

http://www.yummysoftware.com/