Jump to content

Forward Ftpes Connection


niels
 Share

Recommended Posts

Hey everybody,

I have some problems connecting to my FTP Server outside my LAN.

I'm using Filezilla with FTPES and it was working fine till my provider found out I was running an FTP Server and they block all the ports below 1024.

I can get a connection with my server.

But because I'm using the FTPES protocol I know the protocol is using a second data channel and Filezilla loses track of the server after login and can't use the LIST command.

At home I have a Linksys WRT120N router.

Does anybody knows how I can solve this ?

Thanks in advance.

Link to comment
Share on other sites

You have two options:

1. use an encrypted FTP server and change its default port to a higher port or above 1024

2. or use SSH to tunnel any FTP traffic you want, also make sure to change the default SSH port to something above 1024.

Edited by Infiltrator
Link to comment
Share on other sites

don't you mean FTPS? I have not known there to be an "E" in it anywhere.

Even though the S stands for "secure", its still encrypting the connection between the client and the server side.

But yeah it should've been FTPS.

Link to comment
Share on other sites

No I meant FTPES the E stands for Explicit TLS/SSL

I changed the server so I can use the normal FTPS.

But it still won't work !

This is my vsftpd.conf file

#GLOBAL FTP SETTINGS
listen=YES
chmod_enable=NO
use_localtime=YES
ftpd_banner=Welkom on Niels Home File Server
connect_from_port_20=YES
hide_ids=YES

#USER SETTINGS
#ANON
anonymous_enable=NO
anon_world_readable_only=NO

#LOCAL
local_enable=YES
chroot_local_user=YES
passwd_chroot_enable=YES
write_enable=YES

# SSL SETTINGS
ssl_enable=YES
implicit_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
strict_ssl_read_eof=YES
strict_ssl_write_shutdown=YES
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

#LOG FILE SETTINGS
log_ftp_protocol=YES
debug_ssl=YES
dual_log_enable=YES
xferlog_enable=YES
xferlog_std_format=YES

#PASV SETTINGS
pasv_enable=YES
pasv_addr_resolve=YES
pasv_min_port=6000
pasv_max_port=6050
pasv_address=host.dyndns.org
pasv_promiscuous=YES

When I connect with filezilla I get the next error message :

.....

Response: 200 Switching to Binary mode.

Command: PASV

Response: 227 Entering Passive Mode (84,136,18,180,23,115).

Command: LIST

Error: GnuTLS error -53: Error in the push function.

Error: Connection timed out

Error: Failed to retrieve directory listing

and the server log mentions the following

Fri Nov  5 00:42:52 2010 [pid 1] [niels] OK LOGIN: Client "193.190.253.146"
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP response: Client "193.190.253.146", "230 Login successful."
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP command: Client "193.190.253.146", "OPTS UTF8 ON"
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP response: Client "193.190.253.146", "200 Always in UTF8 mode."
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP command: Client "193.190.253.146", "PBSZ 0"
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP response: Client "193.190.253.146", "200 PBSZ set to 0."
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP command: Client "193.190.253.146", "PROT P"
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP response: Client "193.190.253.146", "200 PROT now Private."
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP command: Client "193.190.253.146", "PWD"
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP response: Client "193.190.253.146", "257 "/""
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP command: Client "193.190.253.146", "TYPE I"
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP response: Client "193.190.253.146", "200 Switching to Binary mode."
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP command: Client "193.190.253.146", "PASV"
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP response: Client "193.190.253.146", "227 Entering Passive Mode (84,136,18,180,23,115)."
Fri Nov  5 00:42:52 2010 [pid 3] [niels] FTP command: Client "193.190.253.146", "LIST"
Fri Nov  5 00:43:14 2010 [pid 3] [niels] FTP response: Client "193.190.253.146", "425 Failed to establish connection."
Fri Nov  5 00:43:14 2010 [pid 2] [niels] DEBUG: Client "193.190.253.146", "Connection terminated without SSL shutdown - buggy client?"
Fri Nov  5 00:43:52 2010 [pid 3] [niels] FTP response: Client "193.190.253.146", "425 Failed to establish connection."
Fri Nov  5 00:43:52 2010 [pid 2] [niels] DEBUG: Client "193.190.253.146", "Connection terminated without SSL shutdown - buggy client?"

Anybody knows how to solve this ?

Thx

Link to comment
Share on other sites

Are you able to use another FTP Client software? Just for testing purposes. If you are able to connect to your FTP server with another client software, than it could mean that there is some bad settings within FTPES.

Link to comment
Share on other sites

No I tried using FireFTP but with the current file I get the following result in my vsftpd.log

No problems logging in but I can't get any further than that.

Fri Nov  5 15:42:22 2010 [pid 3] [niels] FTP command: Client "192.168.1.105", "PWD"
Fri Nov  5 15:42:22 2010 [pid 3] [niels] FTP response: Client "192.168.1.105", "257 "/""
Fri Nov  5 15:42:22 2010 [pid 3] [niels] FTP command: Client "192.168.1.105", "TYPE A"
Fri Nov  5 15:42:22 2010 [pid 3] [niels] FTP response: Client "192.168.1.105", "200 Switching to ASCII mode."
Fri Nov  5 15:42:22 2010 [pid 3] [niels] FTP command: Client "192.168.1.105", "PROT P"
Fri Nov  5 15:42:22 2010 [pid 3] [niels] FTP response: Client "192.168.1.105", "200 PROT now Private."
Fri Nov  5 15:42:22 2010 [pid 3] [niels] FTP command: Client "192.168.1.105", "PASV"
Fri Nov  5 15:42:22 2010 [pid 3] [niels] FTP response: Client "192.168.1.105", "227 Entering Passive Mode (84,136,18,180,23,137)."
Fri Nov  5 15:42:22 2010 [pid 3] [niels] FTP command: Client "192.168.1.105", "LIST"
Fri Nov  5 15:42:22 2010 [pid 3] [niels] FTP response: Client "192.168.1.105", "150 Here comes the directory listing."
Fri Nov  5 15:42:22 2010 [pid 2] [niels] DEBUG: Client "192.168.1.105", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
Fri Nov  5 15:42:22 2010 [pid 2] [niels] DEBUG: Client "192.168.1.105", "No SSL session reuse on data channel."
Fri Nov  5 15:42:22 2010 [pid 2] [niels] DEBUG: Client "192.168.1.105", "SSL shutdown state is: NONE"
Fri Nov  5 15:42:22 2010 [pid 2] [niels] DEBUG: Client "192.168.1.105", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Fri Nov  5 15:42:58 2010 [pid 2] [niels] DEBUG: Client "192.168.1.105", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Fri Nov  5 15:42:58 2010 [pid 2] [niels] DEBUG: Client "192.168.1.105", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Fri Nov  5 15:42:58 2010 [pid 2] [niels] DEBUG: Client "192.168.1.105", "SSL ret: 0, SSL error: error:00000000:lib(0):func(0):reason(0), errno: 0"
Fri Nov  5 15:42:58 2010 [pid 3] [niels] FTP response: Client "192.168.1.105", "522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page"
Fri Nov  5 15:43:21 2010 [pid 3] [niels] FTP command: Client "192.168.1.105", "NOOP"
Fri Nov  5 15:43:21 2010 [pid 3] [niels] FTP response: Client "192.168.1.105", "200 NOOP ok."

Link to comment
Share on other sites

I solved the problem.

Because my FTP server is behind a router I had to adjust the PASV settings but I specified a little bit too much.

I got everything working fine now with these settings.

There is still something a bit strange, I can connect perfectly with FileZilla but with FireFTP he is giving me some trouble.

#GLOBAL FTP SETTINGS
listen=YES
chmod_enable=NO
use_localtime=YES
ftpd_banner=Welkom on Niels Home File Server
connect_from_port_20=YES
hide_ids=YES

#USER SETTINGS
#ANON
anonymous_enable=NO
anon_world_readable_only=NO

#LOCAL
local_enable=YES
chroot_local_user=YES
passwd_chroot_enable=YES
write_enable=YES

# SSL SETTINGS
ssl_enable=YES
require_ssl_reuse=YES
implicit_ssl=YES
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
strict_ssl_read_eof=YES
strict_ssl_write_shutdown=YES
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

#PASV SETTINGS
pasv_min_port=6000
pasv_max_port=6050

#LOG FILE SETTINGS
log_ftp_protocol=YES
debug_ssl=YES
dual_log_enable=YES
xferlog_enable=YES
xferlog_std_format=YES


Thx for all the help but this topic is SOLVED

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...