I've spent countless hours trying to resolve this problem. I've found sample code for setting up FTP servers using Indy components (then fixed them for Indy 10.6), yet whenever I try to connect from any client (Filezilla, my own, ftptest.net, whatever) by using the internet to go to the specific IP of the host system, it will log in then fail with the following (courtesy of ftptest.net):
Status: Resolving address of 64.113.100.88
Status: Connecting to 64.113.100.88
Warning: The entered address does not resolve to an IPv6 address.
Status: Connected, waiting for welcome message...
Reply: 220 Indy FTP Server ready.
Command: CLNT https://ftptest.net on behalf of 64.113.100.23
Reply: 200 Noted.
Command: USER fk30ftp#skutchelectronics.com
Reply: 331 User name okay, need password.
Command: PASS ************
Reply: 230 User logged in, proceed.
Command: SYST
Reply: 215 UNIX Type: L8
Command: FEAT
Reply: 211-Extensions supported:
Reply: COMB target;source_list
Reply: EPRT
Reply: EPSV
Reply: LIST -laT
Reply: MDTM
Reply: MDTM YYYYMMDDHHMMSS filename
Reply: MFCT
Reply: MFF Create;Modify;Windows.lastaccesstime;Win32.ea;
Reply: MFMT
Reply: MLSD
Reply: MLST size*;Type*;Create*;Modify*;Windows.lastaccesstime*;Win32.ea*
Reply: OPTS MLST;UTF8
Reply: REST STREAM
Reply: SITE ZONE;ATTRIB;UTIME
Reply: SIZE
Reply: SPSV
Reply: STAT -laT
Reply: TVFS
Reply: UTF8
Reply: XCRC "filename" SP EP
Reply: XMD5 "filename" SP EP
Reply: XSHA1 "filename" SP EP
Reply: RFC 959 2389 2577 3659
Reply: 211 End of extentions.
Command: PWD
Reply: 257 "/" is working directory.
Status: Current path is /
Command: TYPE I
Reply: 200 Type set to I.
Command: PASV
Error: Could not read from socket: Connection reset by peer
I'm able to work through TCPServer/Client connections on the same system without any problems and I've tried going through 2 different make/model routers, setting them up to pass the FTP port connection to the IP of my host computer.
I've seen a lot of posts where people are struggling with this problem, where some have switched their Client apps to Active mode to resolve it; but I need the Clients to be in Passive mode for my purposes.
Related
I set up an FTP service using vsftpd on one of my Ubuntu servers. When the data was transmitted in plaintext, everything worked fine. But I need the data transmission to be encrypted, so I tried to enable TLS in vsftpd.conf. Then it will not work properly.
The version of vsftpd I installed is 3.0.3-12. The SSL certificate is self-signed by me with openssl req -x509 -nodes -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/private/vsftpd.pem -days 365 -newkey rsa:2048. Here's vsftpd.conf.
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=NO
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.key
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
utf8_filesystem=YES
port_enable=NO
pasv_enable=YES
pasv_address=xxx.xx.xx.xxx(static internet ip of my server)
pasv_addr_resolve=NO
pasv_min_port=30399
pasv_max_port=30621
local_root=/var/ftp
allow_writeable_chroot=YES
The specific error is this:
When I use FileZilla in Windows, I cannot list directories after logging in correctly. It will definitely time out. I manually selected FileZilla to use passive mode.
Status: Connecting to xxx.xx.xx.xxx:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/var/ftp" is the current directory
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (xxx,xx,xx,xxx,119,157).
Command: LIST
Response: 150 Here comes the directory listing.
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
I also tried on another Ubuntu server with ftp-ssl.
Connected to xxx.xx.xx.xxx.
220 (vsFTPd 3.0.3)
Name (xxx.xx.xx.xxx:root): xxx
234 Proceed with negotiation.
[SSL Cipher TLS_AES_256_GCM_SHA384]
200 PBSZ set to 0.
200 PROT now Private.
[Encrypted data transfer.]
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
550 Permission denied.
ftp: bind: Address already in use
After a few tries, I checked these things:
ufw allow 20,21/tcp
ufw allow 30399:30621/tcp
set the permissions of the FTP root directory to 777
disabled the firewall on my Windows client
I cannot find out where the problem is and it still cannot use TLS to transmit data.
I am trying to connect to my server using FTP but every time I try to connect I get the below error.
Status: Resolving address of ftp.bhuumi.com
Status: Connecting to 160.153.245.204:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (64,202,160,248,195,178)
Command: MLSD
Error: The data connection could not be established: ETIMEDOUT - Connection attempt timed out
I have tried changing encryption to only use plain FTP but still getting the sam error
Once, Try with SFTP. For SSH select 22 port, mine got connected.
I ported vsftpd on my ARM based board running under linux 3.0.8 kernel.
When I try to establish a ftp connection to the board using Filezilla (3.7.3), I get the following error:
Status: Connecting to XXX.XXX.XXX.XXX:21
Status: Connection established, waiting for welcome message...
Response: 220 (vsFTPd 3.0.2)
Command: USER anonymous
Response: 331 Please specify the password.
Command: PASS **************
Response: 230 Login successful.
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 500 OOPS: socket
Error: Failed to retrieve directory listing
Error: Connection closed by server
Command: PASV
Response: 500 OOPS: socket
Error: Failed to retrieve directory listing
Error: Connection closed by server
The configuration used for my server is as follow:
listen=YES
max_clients=2
max_per_ip=4
# Access rights
anonymous_enable=YES
local_enable=NO
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# Security
anon_world_readable_only=YES
connect_from_port_20=YES
hide_ids=YES
pasv_enable=yes
pasv_min_port=0
pasv_max_port=0
# Features
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
# Performance
one_process_model=YES
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
anon_max_rate=50000
pam_service_name=vsftpd
port_enable=YES
log_ftp_protocol=YES
There is no firewall installed in my board.
When I force the ftp connection mode to ACTIVE mode, I can connect to the server, retrieve data, upload files ...
I tried with several ftp server, but I always face the same issue.
Any idea what could be the issue?
Could be that there is some kernel module missing?
I'm currently connected to my FTP server using FTPES.
I'm wondering: when I connect to the FTP server is the data transferred between my PC and the server encrypted? From the log I can see it is authenticated.
Here is my server log. From it, can I tell if it was encrypted?:
Status: Retrieving directory listing...
Command: CWD MyS03
Response: 250 CWD command successful
Command: PWD
Response: 257 "/MyFiles" is the current directory
Command: PASV
Response: 227 Entering Passive Mode (37,58,52,72,195,33).
Command: MLSD
Response: 150 Opening ASCII mode data connection for MLSD
Response: 226 Transfer complete
Status: Directory listing successful
Error: Connection timed out
Error: File transfer failed after transferring 155,893,760 bytes in 247 seconds
Status: Resolving address of 192.168.10.111
Status: Connecting to 11.135.156.147:21210...
Status: Connection established, waiting for welcome message...
Response: 220 (vsFTPd 2.3.5)
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER darklord
Status: TLS/SSL connection established.
Response: 331 Please specify the password.
Command: PASS ********
Response: 230 Login successful.
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Command: PBSZ 0
Response: 200 PBSZ set to 0.
Command: PROT P
Response: 200 PROT now Private.
Status: Connected
Status: Starting download of /test.mov
Command: CWD /rtorrent/data
Response: 250 Directory successfully changed.
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (5,135,156,147,78,83).
Command: REST 155893760
Response: 350 Restart position accepted (55893760).
Command: RETR test.mov
Response: 150 Opening BINARY mode data connection for test.mov (197992856 bytes).
In general the FTPS (FTPES) does not necessarily mean that data is encrypted. Though typically it is encrypted (as is in this particular instance).
Your client requested Private Data Channel Protection Level using the PROT P command. The Private level means that the data will be integrity and confidentiality protected.
As the server acknowledged the request (the response 200 PROT now Private), the data are encrypted (= confidentiality protection).
For details see the RFC 2228.
I have to create my own FTP client. I found there are two kinds of directory listing styles a FTP server might use, UNIX and MS-DOS.
Is there a way that I can send an message to FTP server, to ask what kind of directory it is using?
Simply use Filezilla to connect to an Unix server. you will see server responses as below example.
Response: IDLE
Response: MDTM
Response: SIZE
Response: REST STREAM
Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response: MLSD
Response: AUTH TLS
Response: PBSZ
Response: PROT
Response: ESTA
Response: PASV
Response: EPSV
Response: SPSV
Response: ESTP
Note the text UNIX.mode. It says server lists file in Unix mode. You can test the same with a Windows server too.