I’ve been trying to copy some files off an FTP archive, but every time I go to do the transfer, it says “Entering Extended Passive Mode” and never gets any further. My conclusion: this passive mode thing is a bust. How can I transfer the files without using passive mode? I’m using ftp from within a Terminal on my Mac, by the way.
This is a somewhat common problem with FTP, actually, and while I admit that I’m not entirely sure what passive mode is either, I do know how to get around it within the ftp program. Here’s an example of me grabbing a file from the O’Reilly Media server:
Connected to ftp.oreilly.com.
220 ProFTPD 1.2.10 Server (ftp.oreilly.com) [172.31.173.9]
Name (ftp.oreilly.com:taylor): ftp
331 Anonymous login ok, send your complete email address as your password.
Password:
230-Welcome to the O’Reilly & Associates, Inc. FTP Archive.
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> get /demo/demofile.zip demofile.zip
local: demofile.zip remote: /demo/demofile.zip
229 Entering Extended Passive Mode (|||64758|)
That’s as far as it gets. Like you, my connection hangs. Fortunately, fixing it is as easy as typing in a single command into the ftp program: EPSV.
Now watch what happens:
receive aborted. Waiting for remote to finish abort.
ftp> epsv
EPSV/EPRT on IPv4 off.
ftp> get /demo/demofile.zip demofile.zip
local: demofile.zip remote: /demo/demofile.zip
227 Entering Passive Mode (209,58,173,9,252,250).
150 Opening BINARY mode data connection for /demo/demofile.zip (4908794 bytes)
100% |***************************************************| 4793 KB 163.08 KB/s 00:29
226 Transfer complete.
4908794 bytes received in 00:29 (162.48 KB/s)
ftp>
That’s all there is to it. Hope that helps you get your FTP transfers going again too!
Use to be, from Linux (SLES mainly) I would get the
229 Entering Extended Passive Mode (|||####|) error.
Then long pause and then it worked.
Then, about a year or two ago, it would just fail with something like:
421 Service not available, remote server timed out. Connection closed
SO, I started to enter “PASS” before I did anything and that seemed to fix it.
Now, it still fails and I have had to enter:
“EPSV”
And it is back working… Thank God. So, what is happening? I have been doing these FTP’s from basically the same Linux system. I cannot speak for the remote system… They may have upgraded or something? What will be the next failure and what command will I use then?
I tried epsv, that didn’t work for me. This did:
ftp> passive
Passive mode: off; fallback to active mode: off.
Thanks for the information. This works perfectly for me. I’m wondering if the passive command can work automatic like via a command procedure
$ ftp/type=ascii server_name /user=user1 /pass =user1$ /pasv dir
When I run this command via a procedure, it still hangs. But when I ftp manually, it works.
Your help is appreciated!
Thanks!
FTP is trickier than most people think. The client initially connects to the server on port 21. The server will communicate back to the client on its outbound port 20, but the port that it connects to on the client can be any port > 1023 depending on which mode the client is in. The client can be in ACTIVE or PASSIVE mode.
If the client is in ACTIVE mode, it tells the server how to connect back to the client, including a port number > 1023. Each time you do a transfer or dir command, this will be a different port number.
In PASSIVE mode, the server tells the client whic ip address & port number to connect to. The server can typically be configured to specify a range of ports for the passive mode.
Here’s a full overview.
http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html#TwoTypes
Hii Dave ,
I am using a GPRS modem for my FTP application.I need to transfer some file from remote area to server. I am testing it through Filezilla. Pc is able to send file to server , but when my Modem connects , its fine but when i want to send a file , its getting hang at (27.57.153.59)> 227 Entering Passive Mode (59,90,235,221,0,22) . I have set the time out period to 0. Any idea ?
I have AIX5.3 server.I have lost root password,please tell me how to set the new root passsword
Its a AIX 5.3 Client
HI Dave,
Recently i had a situation in which 1 user was able to do ftp to cleint but another was not.I checked /etc/ftpusers file,/etc/security/login.cfg file,ftpd daemon,/etc/security/passwd all was fine.But another user was not able to see the files under directory as 1st user can do.I can’t figure out difference if any as i checked everything.
Please help.
Thanks for posting this, it helped me!
I am trying to get FTP to work between two SUSE servers and I have used the epsv command.
When I try to transfer a file or do a dir command it hangs.
Is there a solution?
Thanks Dave,
This worked perfectly on the Solaris box we were grabbing data from! Had tried quote PASV before with no success.
The general rule is that if you have a local NAT/firewall you’ll want to use passive mode, and if you have a remote firewall, you’ll probably need to use active mode.
EPSV is a function of the remote server. If EPSV isn’t working for your specific remote server, try PASV.
Use the PASV and EPSV command to cycle passive mode off and on. Passive mode is on by default in most FTP clients.
I’m experiencing this problem with two FTP servers. The EPSV off fix works fine one one (dataflame.co.uk) but failed on the other (p4host.com).
I have tried turning the OSX firewall off completely but this makes no difference. I have tried the terminal, Cyberduck and Yummy FTP — same problem with all of them.
I’m running OSX 10.4.9 on an Intel Mac.
Can anyone help?!
Oh, it accepts lower case!
ftp> epsv
EPSV/EPRT on IPv4 off.
but it still hangs in ‘Entering Passive Mode’.
Eventually it said
200 PORT command successful.
421 Service not available, remote server timed out. Connection closed
ftp>
Interestingly it created an empty file on the
remote computer where I was putting the file.
On my Mac OSX 10.4.8, this failed:
ftp> EPSV
?Invalid command.
HELP!!
Also, is there a way to configure this automatically?
FTP Passive mode is used by most FTP programs with the prevalence of firewalls. The FTP protocol uses 2 ports (one for transfer one for control). When a file is requested the requestor sends a message to the server on the control connection. Then the server responds to the receiver by initiating a transfer connection to the requestor… but if there is a firewall, the transfer connection can’t be made since the firewall will likely block it. So passive mode adds some protocol steps where the server opens up a port for the requestor to connect to for the transfer connection, sends that information to the requestor over the control channel, and the requestor makes the transfer connection. So in passive mode, all connections to the server are initiated from the requestor so they are allowed by the firewall.
That may fix it, and may not.
FTP gets ugly on today’s Internet, because it was designed in the 1970’s, long before firewalls were common and before Network Address Translation (NAT) existed. The near universal use of firewalls and NAT on the Internet today make FTP problematic at times.
This document explains the issues and work arounds very well.
http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html