[BUG] SSL FTP port issue

pzolja2 · Post by *pzolja2 » 2007-02-09, 23:07 UTC

I've installed FileZilla 0.9.22 and configure it to work with SSL/TLS. The FileZilla client works without a problem. TC7 beta 3 connecting to the same machine (via domain name not localhost) works fine. The problem is connecting with TC7B3 behind a modem and router. When I try to connect to FileZilla from the same machine (no router or modem) I get this:

I replaced the first two IPs with letters (XX.YYY and AA.BB)

(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> Connected, sending welcome message...
(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> 220-FileZilla Server version 0.9.22 beta
(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> 220 Please visit [ removed because TC forum doesn't like links ]
(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> AUTH TLS
(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> 234 Using authentication type TLS
(000021) 2/9/2007 17:49:42 PM - (not logged in) (XX.YYY.11.108)> SSL connection established
(000021) 2/9/2007 17:49:42 PM - (not logged in) (XX.YYY.11.108)> USER pzolja
(000021) 2/9/2007 17:49:42 PM - (not logged in) (XX.YYY.11.108)> 331 Password required for pzolja
(000021) 2/9/2007 17:49:42 PM - (not logged in) (XX.YYY.11.108)> PASS ********
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 230 Logged on
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> SYST
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 215 UNIX emulated by FileZilla
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> FEAT
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 211-Features:
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> MDTM
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> REST STREAM
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> SIZE
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> MLST type*;size*;modify*;
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> MLSD
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> AUTH SSL
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> AUTH TLS
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> UTF8
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> CLNT
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 211 End
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> PBSZ 0
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 200 PBSZ=0
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> PROT P
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 200 Protection level set to P
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> PWD
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 257 "/" is current directory.
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> TYPE A
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 200 Type set to A
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> PORT XX,YYY,11,108,17,199
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 200 Port command successful
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> LIST
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 150 Opening data channel for directory list.
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> SSL connection for data connection established
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 226 Transfer OK

When I try to connect to the same machine from a computer behind a modem and router I get this:

(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> Connected, sending welcome message...
(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> 220-FileZilla Server version 0.9.22 beta
(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> 220 Please visit [ removed because TC forum doesn't like links ]
(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> AUTH TLS
(000021) 2/9/2007 17:49:41 PM - (not logged in) (XX.YYY.11.108)> 234 Using authentication type TLS
(000021) 2/9/2007 17:49:42 PM - (not logged in) (XX.YYY.11.108)> SSL connection established
(000021) 2/9/2007 17:49:42 PM - (not logged in) (XX.YYY.11.108)> USER pzolja
(000021) 2/9/2007 17:49:42 PM - (not logged in) (XX.YYY.11.108)> 331 Password required for pzolja
(000021) 2/9/2007 17:49:42 PM - (not logged in) (XX.YYY.11.108)> PASS ********
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 230 Logged on
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> SYST
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 215 UNIX emulated by FileZilla
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> FEAT
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 211-Features:
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> MDTM
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> REST STREAM
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> SIZE
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> MLST type*;size*;modify*;
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> MLSD
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> AUTH SSL
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> AUTH TLS
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> UTF8
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> CLNT
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 211 End
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> PBSZ 0
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 200 PBSZ=0
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> PROT P
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 200 Protection level set to P
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> PWD
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 257 "/" is current directory.
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> TYPE A
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 200 Type set to A
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> PORT XX,YYY,11,108,17,199
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 200 Port command successful
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> LIST
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 150 Opening data channel for directory list.
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> SSL connection for data connection established
(000021) 2/9/2007 17:49:42 PM - pzolja (XX.YYY.11.108)> 226 Transfer OK

Now, if I just uncheck the SSL/TLS setting from TC7B3 it works fine and I get this:

(000025) 2/9/2007 17:53:33 PM - (not logged in) (AA.BBB.38.245)> Connected, sending welcome message...
(000025) 2/9/2007 17:53:33 PM - (not logged in) (AA.BBB.38.245)> 220-FileZilla Server version 0.9.22 beta
(000025) 2/9/2007 17:53:33 PM - (not logged in) (AA.BBB.38.245)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000025) 2/9/2007 17:53:33 PM - (not logged in) (AA.BBB.38.245)> 220 Please visit [ removed because TC forum doesn't like links ]
(000025) 2/9/2007 17:53:33 PM - (not logged in) (AA.BBB.38.245)> USER pzolja
(000025) 2/9/2007 17:53:33 PM - (not logged in) (AA.BBB.38.245)> 331 Password required for pzolja
(000025) 2/9/2007 17:53:33 PM - (not logged in) (AA.BBB.38.245)> PASS ********
(000025) 2/9/2007 17:53:33 PM - pzolja (AA.BBB.38.245)> 230 Logged on
(000025) 2/9/2007 17:53:33 PM - pzolja (AA.BBB.38.245)> SYST
(000025) 2/9/2007 17:53:33 PM - pzolja (AA.BBB.38.245)> 215 UNIX emulated by FileZilla
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> FEAT
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> 211-Features:
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> MDTM
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> REST STREAM
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> SIZE
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> MLST type*;size*;modify*;
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> MLSD
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> AUTH SSL
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> AUTH TLS
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> UTF8
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> CLNT
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> 211 End
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> PWD
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> 257 "/" is current directory.
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> TYPE A
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> 200 Type set to A
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> PORT AA,BBB,38,245,198,146
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> 200 Port command successful
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> LIST
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> 150 Opening data channel for directory list.
(000025) 2/9/2007 17:53:34 PM - pzolja (AA.BBB.38.245)> 226 Transfer OK

I hope this helps...

pzolja2 · Post by *pzolja2 » 2007-02-10, 16:04 UTC

I tried a similar test from a different location, same version of TC (and I didn't have to cut out the IPs, so maybe this will help more)...

Test #1, this worked... The computer was plugged in directly into the cable modem, with a real IP (68.184.136.173, ie not behind a NAT). It worked fine, here's the results as the server saw them:

(000045) 2/10/2007 10:49:02 AM - (not logged in) (68.184.136.173)> Connected, sending welcome message...
(000045) 2/10/2007 10:49:02 AM - (not logged in) (68.184.136.173)> 220-FileZilla Server version 0.9.22 beta
(000045) 2/10/2007 10:49:02 AM - (not logged in) (68.184.136.173)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000045) 2/10/2007 10:49:02 AM - (not logged in) (68.184.136.173)> 220 Please visit [removed]
(000045) 2/10/2007 10:49:02 AM - (not logged in) (68.184.136.173)> AUTH TLS
(000045) 2/10/2007 10:49:02 AM - (not logged in) (68.184.136.173)> 234 Using authentication type TLS
(000045) 2/10/2007 10:49:02 AM - (not logged in) (68.184.136.173)> SSL connection established
(000045) 2/10/2007 10:49:02 AM - (not logged in) (68.184.136.173)> USER pzolja
(000045) 2/10/2007 10:49:02 AM - (not logged in) (68.184.136.173)> 331 Password required for pzolja
(000045) 2/10/2007 10:49:02 AM - (not logged in) (68.184.136.173)> PASS ********
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> 230 Logged on
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> SYST
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> 215 UNIX emulated by FileZilla
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> FEAT
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> 211-Features:
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> MDTM
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> REST STREAM
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> SIZE
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> MLST type*;size*;modify*;
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> MLSD
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> AUTH SSL
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> AUTH TLS
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> UTF8
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> CLNT
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> 211 End
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> PBSZ 0
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> 200 PBSZ=0
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> PROT P
(000045) 2/10/2007 10:49:02 AM - pzolja (68.184.136.173)> 200 Protection level set to P
(000045) 2/10/2007 10:49:03 AM - pzolja (68.184.136.173)> PWD
(000045) 2/10/2007 10:49:03 AM - pzolja (68.184.136.173)> 257 "/" is current directory.
(000045) 2/10/2007 10:49:03 AM - pzolja (68.184.136.173)> TYPE A
(000045) 2/10/2007 10:49:03 AM - pzolja (68.184.136.173)> 200 Type set to A
(000045) 2/10/2007 10:49:03 AM - pzolja (68.184.136.173)> PORT 68,184,136,173,6,153
(000045) 2/10/2007 10:49:03 AM - pzolja (68.184.136.173)> 200 Port command successful
(000045) 2/10/2007 10:49:03 AM - pzolja (68.184.136.173)> LIST
(000045) 2/10/2007 10:49:03 AM - pzolja (68.184.136.173)> 150 Opening data channel for directory list.
(000045) 2/10/2007 10:49:03 AM - pzolja (68.184.136.173)> SSL connection for data connection established
(000045) 2/10/2007 10:49:03 AM - pzolja (68.184.136.173)> 226 Transfer OK

Now, I plugged in a router and my new IP was 192.168.251.198. Here's what the server reported:

(000046) 2/10/2007 10:51:04 AM - (not logged in) (68.184.136.173)> Connected, sending welcome message...
(000046) 2/10/2007 10:51:04 AM - (not logged in) (68.184.136.173)> 220-FileZilla Server version 0.9.22 beta
(000046) 2/10/2007 10:51:04 AM - (not logged in) (68.184.136.173)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000046) 2/10/2007 10:51:04 AM - (not logged in) (68.184.136.173)> 220 Please visit [removed]
(000046) 2/10/2007 10:51:04 AM - (not logged in) (68.184.136.173)> AUTH TLS
(000046) 2/10/2007 10:51:04 AM - (not logged in) (68.184.136.173)> 234 Using authentication type TLS
(000046) 2/10/2007 10:51:04 AM - (not logged in) (68.184.136.173)> SSL connection established
(000046) 2/10/2007 10:51:04 AM - (not logged in) (68.184.136.173)> USER pzolja
(000046) 2/10/2007 10:51:04 AM - (not logged in) (68.184.136.173)> 331 Password required for pzolja
(000046) 2/10/2007 10:51:04 AM - (not logged in) (68.184.136.173)> PASS ********
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> 230 Logged on
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> SYST
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> 215 UNIX emulated by FileZilla
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> FEAT
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> 211-Features:
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> MDTM
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> REST STREAM
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> SIZE
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> MLST type*;size*;modify*;
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> MLSD
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> AUTH SSL
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> AUTH TLS
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> UTF8
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> CLNT
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> 211 End
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> PBSZ 0
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> 200 PBSZ=0
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> PROT P
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> 200 Protection level set to P
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> PWD
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> 257 "/" is current directory.
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> TYPE A
(000046) 2/10/2007 10:51:04 AM - pzolja (68.184.136.173)> 200 Type set to A
(000046) 2/10/2007 10:51:05 AM - pzolja (68.184.136.173)> PORT 192,168,251,198,6,212
(000046) 2/10/2007 10:51:05 AM - pzolja (68.184.136.173)> 200 Port command successful
(000046) 2/10/2007 10:51:05 AM - pzolja (68.184.136.173)> LIST
(000046) 2/10/2007 10:51:05 AM - pzolja (68.184.136.173)> 150 Opening data channel for directory list.
(000046) 2/10/2007 10:51:15 AM - pzolja (68.184.136.173)> 425 Can't open data connection.

TC would hang at 150 Opening data channel for directory list.

Let me know if there's anything else I can try...

Post by *ghisler(Author) » 2007-02-11, 15:31 UTC

You cannot use active (PORT) mode over ssl/tls if there is a NAT (network address translation) router in between. Why?

The NAT router has to read the control connection to convert the internal 192.* addresses to real internet addresses. Since the control connection is encrypted, the NAT router cannot make this conversion.

Solution: Use passive mode: Ctrl+F - Edit connection - Passive mode.

pzolja2 · Post by *pzolja2 » 2007-02-11, 19:06 UTC

That worked; now I know what passive mode is for

Maybe you could add to the passive mode check box hint so it'd be something like this: "like a WWW browser or if behind a router (NAT)"

pjotrb · Post by *pjotrb » 2007-02-22, 21:12 UTC

Hi,

My setup:
- using OpenSSL from www.openssl.org
- PC is behind a NAT router/firewall, so it has a 192.168.* address;
- FTP server is somewhere on the internet, it supports SSL.

With SSL enabled in TotalCmd 7b4, this is what I get even before the first LIST command, in both Active and Passive mode:
-
PORT 192,168,1,100,4,98
530 Only client IP address allowed for PORT command.
-

After much googling, I found this page which seems to describe the cause AND a solution:
http://www.example-code.com/vb/ftp-ccc.asp

Christian, if their solution seems practical, maybe you can give it a try? Of course I am willing to test if needed.

Bye,
Peter

Post by *ghisler(Author) » 2007-02-23, 10:19 UTC

Just use passive mode, then there should be no problem with NAT routers.
Ctrl+F - Edit connection - Passive mode

pjotrb · Post by *pjotrb » 2007-02-23, 10:58 UTC

ghisler(Author) wrote:Just use passive mode, then there should be no problem with NAT routers

I know it should be that way... But as I said, I get this with SSL in both Passive and Active mode!

Maybe the server is behaving in an unexpected way?

The server runs Windows 2003 Server.
I don't know however if it uses the built-in MS FTP server, or something else. It identifies itself using this string: "FTP Server v6.3 for WinSock ready". If you need more info, let me know!

Bye,
Peter

PS am at work now, here I get the same from inside the company LAN.

pjotrb · Post by *pjotrb » 2007-02-23, 16:25 UTC

A Question - Is it really necessary to send PORT commands in Passive mode?

I have found documentation that seems to suggest that PORT is only to be sent in Active mode.
See this page: http://slacksite.com/other/ftp.html

It contains examples of Active and Passive ftp sessions.
The Passive session shows no PORT commands being sent by the client to the server.
(Commands sent by the client are in red)

Bye,
Peter

Post by *ghisler(Author) » 2007-02-25, 15:49 UTC

A Question - Is it really necessary to send PORT commands in Passive mode?

No, TC doesn't send the PORT command in passive mode. The only exception is when the server returns an ERROR to the PASV command, which usually means that the server doesn't support passive mode. Then TC automatically switches to PORT mode.

Are you sure that this connection is configured for PASSIVE mode? This is stored separately per connection, plus once in the settings for NEW connections.

pjotrb · Post by *pjotrb » 2007-02-25, 16:14 UTC

Yes, it is absolutely configured for Passive mode!
Active mode is unusable from behind a NAT router.

Please see the 2 ftp logs that I sent to the beta@... address.
Both logs are from the same Connection entry, the only difference is the SSL/TSL setting - ON vs. OFF.

Post by *ghisler(Author) » 2007-02-25, 16:21 UTC

In your logs, I see this:

PASV
227 Entering Passive Mode (xx,xx,xx,xx,7,227)
PORT 192,168,1,100,8,145
530 Only client IP address allowed for PORT command.

Something must be forcing TC to switch to port mode. I don't see any reason at the moment. I fear that the only way to find out the reason would be to get a test account and try from here in a debugger.

pjotrb · Post by *pjotrb » 2007-02-25, 16:48 UTC

ghisler(Author) wrote:I fear that the only way to find out the reason would be to get a test account and try from here in a debugger.

See your inbox!

Post by *ghisler(Author) » 2007-02-27, 21:39 UTC

Thanks - but I could connect without any problems to your server!?

We will continue this discussion by e-mail, OK?

Post by *ghisler(Author) » 2007-04-03, 14:40 UTC

The user told me by e-mail that the problem was caused by active "MODE Z" option. Apparently the server doesn't correctly support MODE Z together with FTPS...

Total Commander

[BUG] SSL FTP port issue

[BUG] SSL FTP port issue

Confirmed on a different machine

Thanks

SSL over NAT router: "Only client IP address allowed&qu

question