Problem Description
You cannot connect via FTP; the server accepts your username and password, but fails when retrieving a drectory listing or while waiting for welcome message.
You might receive an error like one of the following:
- Unable to build data connection: Connection timed out
- MLSD: Connection timed out
- [R] List Error
- Error: Failed to retrieve directory listing
Problem Resolution
Solution 1: Connect using Passive mode
You must enable Passive (PASV) mode in your FTP client. There are a few ways that your FTP client may represent this setting. It may be called "Enable Passive (PASV) mode" or conversely, "disable Active (PORT) mode". Note: Active and PORT mode are one and the same, as are Passive and PASV mode.
If you use FileZilla, it comes with Passive mode enabled by default, however if it has been changed at some point, you can re-enable Passive mode by completing the following steps
- Open Filezilla and open the settings (under the Edit menu)
- Under "Connection" select "FTP"
- The section at the top is called Transfer Mode. Within that, choose "Passive Mode"
- Click OK. You should now be able to connect.
Security Note: ensure you are connecting via SFTP or FTP with TLS. Connection Info Here.
Solution 2: Configure your server's Firewall
If you're on one of our shared hosting accounts or you have a VPS with Hands-On Support, please open a ticket and include your FileZilla connection log indicating the error -- it needs to match something similar to the errors in the list above. Make sure you're connecting using Passive (PASV) mode.
If you have root access to your server, you may login via SSH as root to solve this problem by running the following commands.
echo "PassivePorts 60000 60100" > /etc/proftpd.d/passive.conf
service xinetd restart
This configures the FTP server (ProFTPd) to use ports 60000 - 60100 for passive FTP connectivity (don't worry, when you connect using your FTP client, you still use port 21).
If you have a firewall enabled, you will then need to configure your firewall to allow those ports through:
Plesk Firewall
- Log in to Plesk and choose Tools & Settings
- Choose Firewall > Modify Rules > Add Custom Rule
- Name the rule something like "FTP Passive Ports" and leave the rest as default
- For the Port Range, enter 60000-60100 then click "Add" (leave the rest as default)
- Click OK to save your changes, then "Apply" to ensure the rule takes effect
CSF Firewall
- Login to the server via SSH as root
- Edit /etc/csf/csf.conf and look for the line that begins with: TCP_IN
- If you don't see 60000:60100 in the list, add it (make sure it's comma separated from the ports before it in the list) and save the file
- Run csf -r to reload the config in the live firewall
That's it, you should now be able to connect to the server using FTPS with Passive Mode enabled.