FTP Login Successful, LIST Fails Unless MOSX Firewall Off

The Cyberduck forums have moved to Google Groups, this forum is read only.
Posts: 4
Joined: Fri Aug 01, 2008 1:22 am

FTP Login Successful, LIST Fails Unless MOSX Firewall Off

Postby derekcurrie » Fri Nov 06, 2009 5:46 am

This is an old problem, and I'm trying for the zillionth time to find another solution.

The problem started way back in Mac OS X 10.4 Tiger. Apple changed their Mac OS X firewall such that it blocked responses to LIST command from Mac OS X Server 10.3. (I have no idea if this trouble shows up in other situations). The FTP server is working perfectly. It is the client side that is messed up and everything points to Apple's firewall because turning it off solves the problem. Fiddling with Apple's firewall settings makes zero difference that I can find. I've been through this problem with all the account holders on my server whenever they use Mac OS X 10.4 through 10.6.1 with any FTP client program, including CyberDuck.

The situation: The FTP server, using Mac OS X Server 10.3 is mine. The server runs great. But Apple require that users log in using ACTIVE Mode, never Passive mode. Therefore, that is what I use in Cyberduck. Watching the log, my login works every time just fine. What fails is my client Mac allowing the LIST data response from my FTP server to enter past the firewall. There are no firewall settings I can find to solve this problem. It has nothing at all to do with my router, which is using proper port forwarding. The client Mac has the Network/Proxy/Use Passive Mode setting ON, as REQUIRED by Apple. Turning it off doesn't help.

When I've researched this in the past, all I could conclude is that Apples 10.3 Server is replying in Passive Mode. (I hate Passive mode, so sick of it). The client Mac has no idea what port is being used when the LIST data arrives at the Mac. Therefore, one would have to enable the ENTIRE set of ports used by Passive Mode so that any of them could work when using FTP. Am I wrong? Please say there is a sane solution instead. Please tell me this very common problem has been solved.

Return to “Cyberduck”

Who is online

Users browsing this forum: No registered users