FTP file transfer hangs and times out

Question

I have an issue with file upload via FTP. I can successfuly list the directories, but when I try to upload a file, let's say ".htaccess", it hangs for about 20 seconds on STOR .htacess, and then throws a timeout. It retries several times but always fails.

This is how a full output from FTP client looks like for file transfer:

Status: Connecting to 88.150.168.207:21...
Status: Connection established, waiting for welcome message...
Response:   220 Welcome to CodeBuster FTP service.
Command:    USER codebuster
Response:   331 Please specify the password.
Command:    PASS ********
Response:   230 Login successful.
Command:    OPTS UTF8 ON
Response:   200 Always in UTF8 mode.
Status: Connected
Status: Starting upload of D:\Projects\codebuster\.htacess
Command:    CWD /public_html
Response:   250 Directory successfully changed.
Command:    PWD
Response:   257 "/public_html"
Command:    TYPE A
Response:   200 Switching to ASCII mode.
Command:    PASV
Response:   227 Entering Passive Mode (88,150,168,207,155,25).
Command:    STOR .htacess
Error:  Connection timed out
Error:  File transfer failed
Status: Connecting to 88.150.168.207:21...
Status: Connection established, waiting for welcome message...
Response:   220 Welcome to CodeBuster FTP service.
Command:    USER codebuster
Response:   331 Please specify the password.
Command:    PASS ********
Response:   230 Login successful.
Command:    OPTS UTF8 ON
Response:   200 Always in UTF8 mode.
Status: Connected
Status: Starting upload of D:\Projects\codebuster\.htacess
Command:    CWD /public_html
Response:   250 Directory successfully changed.
Status: Retrieving directory listing...
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (88,150,168,207,73,43).
Command:    LIST
Response:   150 Here comes the directory listing.
Response:   226 Directory send OK.
Command:    TYPE A
Response:   200 Switching to ASCII mode.
Command:    PASV
Response:   227 Entering Passive Mode (88,150,168,207,222,74).
Command:    STOR .htacess
Error:  Connection timed out
Error:  File transfer failed
Status: Connecting to 88.150.168.207:21...
Status: Connection established, waiting for welcome message...
Response:   220 Welcome to CodeBuster FTP service.
Command:    USER codebuster
Response:   331 Please specify the password.
Command:    PASS ********
Response:   230 Login successful.
Command:    OPTS UTF8 ON
Response:   200 Always in UTF8 mode.
Status: Connected
Status: Starting upload of D:\Projects\codebuster\.htacess
Command:    CWD /public_html
Response:   250 Directory successfully changed.
Status: Retrieving directory listing...
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (88,150,168,207,35,185).
Command:    LIST
Response:   150 Here comes the directory listing.
Response:   226 Directory send OK.
Command:    TYPE A
Response:   200 Switching to ASCII mode.
Command:    PASV
Response:   227 Entering Passive Mode (88,150,168,207,109,53).
Command:    STOR .htacess
Error:  Connection timed out
Error:  File transfer failed

This is with iptbles off, so it's not a firewall issue. Size of the file is surely not an issue, as it's just one line with directory index setting.

As an additional note, this is a chrot directory, owned by codebuster:codebuster and permissions are drwxrw-rw-.

Here are some additional notes:

a line from vsftpd log shows:

Sat Jan 10 14:46:23 2015 240 ::ffff:89.72.176.192 35 /public_html/.htacess a _ i r codebuster ftp 0 * c

, so it claims that the transfer was complete, but it was not.

Deleting files works correctly

Summary of tcpdump port ftp shows:

100 packets captured
101 packets received by filter
0 packets dropped by kernel

Using active mode in ftp client does not change the situation.

If the ftp server claims the file was transferred, was it really transferred, i.e. is the correct file at the server or just an empty file or only the start of the file? — Steffen Ullrich, Jan 10 '15 at 14:42
Did you have a look with 'ls -la' to show hidden files (starting with dot)? — Steffen Ullrich, Jan 10 '15 at 14:47
My bad, indeed ls -la shows that there is a .htaccess file with size of 0 — Nicolas, Jan 10 '15 at 15:00

score 2 · Answer 1 · answered Jan 10 '15 at 12:22

Firstly you may want to test not using passive mode, just in case your whole setup works with it.

Secondly, have a look at this line:

Response: 227 Entering Passive Mode (88,150,168,207,155,25).

That's the IP address of the VPS plus two more numbers, let's call them p1 and p2. These numbers are telling you the port where you should be connecting to, by following the formula "port=(p1*256)+p2". Based on that I'd recommend you to get simultaneous network captures on your computer and the VPS to see where the issue is. If you see the connection on the passive port initiated from your computer but not reaching the VPS, then the problem may be on your local network (as you said there's no firewall in front of your VPS). If the packets get to the server but it doesn't reply, the problem may be on your FTP setup on the server.

Please mind that answering this kind of questions is difficult without all the information, but I hope this gives you some guidance.

I've tested active mode and it didn't help. I've added some more info. — Nicolas, Jan 10 '15 at 14:41

score 2 · Answer 2 · answered Jan 10 '15 at 13:13

I can successfuly list the directories, but when I try to upload a file ... it hangs for about 20 seconds ... and then throws a timeout.

Directory listing and file transfer use the same basic mechanism, that is both open a data connection and transfer data. In your case the clients opens a connection to the address specified by the server within the response to the PASV command.

Since directory listing work, ths excludes the common case where all data connections are blocked by firewall or NAT device.

I can imagine the following reasons for the problem you have:

Some strange problem at the server.
Some deep inspection middlebox (like firewall) in between which actively interferes with the traffic either by policy or because of a bug. Some firewalls prohibit uploads as data leakage protection.
Some firewall which rate limits the number of data connections.
Some broken router which croaks on some TCP options used during transfer.

I would suggest that you take the following steps to narrow down the cause:

Look into the log file of the FTP server to see if any problems are reported.
Try a passive FTP connection on the VPS itself (to the local system).
Try from another location.
Try to do multiple directory listings within the same FTP session after each other.
Try to get files from the server to see if only the upload is affected.

Apart from that I recommend to use SFTP (file transfer over SSH) instead because it is more secure (encrypted login) and causes less trouble (only a single connection, no extra data connections).

If directory listing works and file transfers fail, the first thing I'd look for is a MTU discovery problem. — kasperd, Jan 10 '15 at 13:58

score 0 · Answer 3 · answered Apr 18 '17 at 11:31

It looks like only outgoing connections to ports under 20000 are allowed. Make sure outgoing on the client and incoming on the server is allowed in the entire PASV range of the FTP server. If you can't find the range there, 1024-65535 should work.

>>> 155*256+25
39705
>>> 73*256+43  #OK
18731
>>> 222*256+74
56906
>>> 35*256+185  #OK
9145
>>> 109*256+53
27957

FTP file transfer hangs and times out

3 Answers3