Hi, I have been trying to configure different FTP clients to upload files to Galaxy. I work in an institution with firewall for outgoing and ingoing traffic, where most ports are closed. The purpose of this thread is to explain the problems I found while configuring it and asking whether I am missing something or making any wrong guess. It would be great if other users or administrators could provide a cleaner explanation.
I tried different configurations: - Passive mode with explicit FTP with TLS using port 21 - Active mode with implicit FTP with TLS using port 990 (after opening the outgoing port 990)
In both cases I was able to log in. However I was unable to list the directory contents. Theoretically our firewall can handle a passive connection in order to allow the required data ports established during the negotiation, however the usage of TLS seems to interfere with this configuration. The end of the log in Filezilla in passive mode is something like :
10:40:42 Command: PBSZ 0 10:40:43 Response: 200 PBSZ 0 successful 10:40:43 Command: PROT P 10:40:43 Response: 200 Protection set to Private 10:40:43 Status: Logged in 10:40:43 Status: Retrieving directory listing... 10:40:43 Command: PWD 10:40:43 Response: 257 "/" is the current directory 10:40:43 Command: TYPE I 10:40:43 Response: 200 Type set to I 10:40:43 Command: PASV 10:40:43 Response: 227 Entering Passive Mode (129,114,60,60,118,192). 10:40:43 Command: MLSD 10:41:03 Error: Connection timed out after 20 seconds of inactivity 10:41:03 Error: Failed to retrieve directory listing
The only solution I found is to open additional ports. This post (https://biostar.usegalaxy.org/p/24512/#245209) indicates that the PASV port range is from 30,000 to 30,100, however in the last example the server asks for the port 30400 (118*256+192) . Other threads suggests thatthe port range is from 30,000 to 40,000. These ports must be open for outgoing connections in passive mode, and for ingoing in active mode (although the port range for active mode should be configured in the client).
It is understandable that our TIC department is reluctant to allow traffic over such a large port range. So here are my questions:
- What is exactly the port range for connecting to usegalaxy.org FTP server in passive mode?
- Is there any other way to connect without opening such a large port range?
Thanks for your help.