1

I have a Windows Server 2022 datacenter compute engine (i.e. a Windows VM) on Google Cloud Platform (GCP). I installed FileZilla Server 1.2.0 on it. When I try to connect to the ftp Server from another computer via internet, it results in timeout error and fails to retrieve directory listing. I have done the exactly same setup in an other non-google cloud vm and it works fine there. So I think I would have to take GCP into consideration in the current issue. Let's refer to the GCP one as environment "A" and the non-google one as "B" later.

Upon connecting via internet to A, the ftp server generated the following log:

2022-07-28T06:24:41.712Z >> [FTP Session 1 ooo.ooo.ooo.ooo] USER testuser
2022-07-28T06:24:41.712Z << [FTP Session 1 ooo.ooo.ooo.ooo] 331 Please, specify the password.
2022-07-28T06:24:41.721Z >> [FTP Session 1 ooo.ooo.ooo.ooo] PASS ****
2022-07-28T06:24:41.806Z << [FTP Session 1 ooo.ooo.ooo.ooo testuser] 230 Login successful.
2022-07-28T06:24:41.816Z >> [FTP Session 1 ooo.ooo.ooo.ooo testuser] SYST
2022-07-28T06:24:41.816Z << [FTP Session 1 ooo.ooo.ooo.ooo testuser] 215 UNIX emulated by FileZilla.
2022-07-28T06:24:41.838Z >> [FTP Session 1 ooo.ooo.ooo.ooo testuser] FEAT
2022-07-28T06:24:41.838Z << [FTP Session 1 ooo.ooo.ooo.ooo testuser] 211-Features:
2022-07-28T06:24:41.838Z << [FTP Session 1 ooo.ooo.ooo.ooo testuser] 211 End
2022-07-28T06:24:41.848Z >> [FTP Session 1 ooo.ooo.ooo.ooo testuser] PWD
2022-07-28T06:24:41.848Z << [FTP Session 1 ooo.ooo.ooo.ooo testuser] 257 "/" is current directory.
2022-07-28T06:24:41.869Z >> [FTP Session 1 ooo.ooo.ooo.ooo testuser] TYPE I
2022-07-28T06:24:41.869Z << [FTP Session 1 ooo.ooo.ooo.ooo testuser] 200 Type set to I
2022-07-28T06:24:41.880Z >> [FTP Session 1 ooo.ooo.ooo.ooo testuser] PASV
2022-07-28T06:24:41.880Z << [FTP Session 1 ooo.ooo.ooo.ooo testuser] 227 Entering Passive Mode (10,140,0,4,233,55)
2022-07-28T06:24:41.900Z >> [FTP Session 1 ooo.ooo.ooo.ooo testuser] MLSD
2022-07-28T06:24:41.900Z << [FTP Session 1 ooo.ooo.ooo.ooo testuser] 150 About to start data transfer.

where ooo.ooo.ooo.ooo is the public IP of the client. This connection eventually failed. At the same time the messages shown in client side (using FileZilla Client) are:

Status: Connecting to xxx.xxx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Status: Plain FTP is insecure. Please switch to FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: MLSD
Response: 150 About to start data transfer.
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing
Status: Disconnected from server

where xxx.xxx.xxx.xxx is the public IP of the ftp server. From the log we can see that I have successfully logged in, so we can rest assured that this is not a firewall issue. I searched for this problem online all day but can not find a solution yet. The closest one I got is this one which was found from this discussion, but both of them are quite old and some key links are not reachable now. From them I learned about the fact that the problem might be this line of the server log:

2022-07-28T06:24:41.880Z << [FTP Session 1 ooo.ooo.ooo.ooo testuser] 227 Entering Passive Mode (10,140,0,4,233,55)

where it entered passive mode with "private IP", and this explains why in client side we see

Status: Server sent passive reply with unroutable address. Using server address instead.

As the client is connecting via internet, the ip address 10.140.0.4 is unroutable. As I mentioned above I have an environment B where things work fine, and I have observed that the server side log says it entered passive mode (###,###,###,###,...,...) where #'s is the "public IP address" of server B! So the thing is, I do not know in A what I shall do to fix this problem. And is it a problem of GCP Compute Engine or FileZilla Server itself?

Could you please help provide me with some cure? Thank you very much!

Ray Yen
  • 43
  • 1
  • 4
  • 1
    You need to configure FileZilla with the public IP address so that the PASV command returns the correct IP address. – John Hanley Jul 28 '22 at 10:41
  • 1
    @JohnHanley Thank you very much for pointing out that I should tell FileZilla the public IP address explicitly. I get things work now. I have spent some time finding clues in the VM itself (since as I mentioned that environment B works normally) and turned out it was a waste of time. Glad that you show me the right way! – Ray Yen Jul 30 '22 at 15:36

1 Answers1

1

I would like to answer to my question by myself. Hope this is a responsible act to those who came by and stopped to think, and also a help to those who is/will encounter the same problem. The key is, if you have both a public and a internal IP addresses on a computer which runs FileZilla Server in passive mode, for clients to access the service via internet one has to tell FileZilla Server the public IP address. I mentioned above that I have a working environment B, turns out it has no internal IP address installed, so there is no confusion. It had been an easy experience in B so I had now idea that I will have to do some extra settings in A. This can be found in the official documentation. Specifically, as illustrated in the figure below, the public address should be put down in the input. enter image description here

Ray Yen
  • 43
  • 1
  • 4