Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: snezak
snezak Author
User level: Level 1
17 points

FTP unreliable and no error log to diagnose?

I have set up Mac os X server with two basic things in mind - VPN and sharing of huge video files via FTP.


After some hickups with VPN that now works perfectly, I seem to be having serious issues with FTP.


The service is running also if I check in terminal it says running. Port 21 is OPEN both on router/firewall.


However clients seem to be running into several issues:

1- difficulties loggin in (either not working, or working after multiple attempts) "Timed out waiting for initial connect reply." is most common.

2- line drops after certain amount of time in transfer

3- client upload speed (to server) extremely slow

4- MOST WORRYING - there is no log under Logs in Server app for FTP service at all ?!?!


I will be most grateful for any help on this!

MAC MINI SERVER (LATE 2012), OS X Server, null

Posted on Sep 2, 2015 2:13 AM

Reply
4 replies
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
117,127 points

Sep 14, 2015 10:45 AM in response to snezak

You're not the first to run into this. FTP is actually older than the Internet, and the protocol design is entirely at odds with modern network security.


There's a second and parallel connection involved with FTP, and the port selected for that is only known to a firewall through deep packet inspection — the firewall has to sniff the FTP traffic — or the firewall can use a 'trigger' to open the ephemeral range when an FTP connection arrives. TCP 21 is just a control port, it's the data port connection that's the usual problem — no sane firewall would ever allow such a connection, hence the problems that commonly arises with FTP. Not all firewalls support all these features, either.


Easier, just get rid of your firewalls and you'll have no problems with FTP. If you can't do that, then open the entire ephemeral port range on either the client or the server firewall or preferably both, or configure and use deep packet inspection or a trigger if your firewall supports one or both.


Or even easier — and far more secure, as FTP transmits your login credentials in cleartext for anyone with a privileged network position to monitor — switch to sftp. sftp shares three letters and its basic purpose with FTP, but is otherwise a vastly better and more secure tool, and far easier to configure with modern network security. Open TCP 22 (ssh) and you're done. You can also set up certificates with sftp, which means you can have far better passwords, access revocation, per-user credentials that you issue, and other benefits.


Some more details on FTP, ephemeral ports, active and passive transfers, etc...

Reply
User profile for user: snezak
snezak Author
User level: Level 1
17 points

Sep 14, 2015 10:55 AM in response to MrHoffman

MrHoffman many thanks for your kind reply. You've given me a glimpse of what all FTP is and the cons about it. Would you happen to have a link where I can read more on setting up SFTP on my server?


Would there be a single solution (preferabyl free or within Mac OS X server.app) that would enable me to share huge video clips to exchange with the editor and have no constrains on file size etc?


Last but not least - why are there no FTP logs in my server.app though FTP is running and working?

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
117,127 points

Sep 14, 2015 3:21 PM in response to snezak

sftp is built on ssh, and ssh servers are available in both OS X client and OS X Server. ssh is the remote login protocol.


For something similar to what you're doing, I'd typically set up the person you're exchanging files with as a user on the Mac you're hosting files on, and either a password-based login or I'd generate a digital certificate and use that. Or I'd set up a virtual host on Rackspace or Azure or Linode or another provider, or some Amazon S3 storage, and push the files you want to share up to that.


I have some OS X and Windows client documentation, but not OS X server documentation. That documentation is for ssh, but sftp — being based on ssh — uses the same certificates and the same setup.


Console.app has no log entries for FTP? What I recall of that, the entries went into the system log. There are other discussions that might be useful here, though I'm not running an ftp daemon on any of the local OS X Server boxes to confirm the settings.

Reply

FTP unreliable and no error log to diagnose?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up