Posts

FileZilla FTP-client retrieve directory listing failed on MLSD command using TLS

Some week ago FileZilla released a new version – 3.10.0.1. After installing this version some clients had problems connecting with their web hosting servers using FTP. One of the changes in FileZilla was that it now defaults to TLS encrypted connections if the server supports it, which many web hosting providers do.

However, if the FTP server is not properly configured together with it’s firewall the client will connect but fail to retrieve the directory listing (timeout).

A workaround on the client side is to connect with plain old FTP using no encryption. To do this in the later versions of FileZilla you must create a connection in the site manager and select plain FTP (unsecure) in the encryption field. (This option is not availible in the quick connect.)

A better solution is to solve the problem on the server side. To do this the FTP server must be configured to use a specific range of ports for passive mode and allowing traffic to them through the server firewall. The example below shows how to do this with pure-ftpd and iptables. In the example we setup pure-ftpd to use ports 50000-55000 for passive transfers and then we allow the same range in iptables.

echo “50000 55000” > /etc/pure-ftpd/conf/PassivePortRange
/etc/init.d/pure-ftpd restart

Then add the following to your iptables rules and reload them:

iptables -I INPUT -p tcp -m tcp –dport 50000:55000 -j ACCEPT