installation issues... service or not?

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
User avatar
boco
Contributor
Posts: 25325
Joined: 2006-05-01 03:28
Location: Germany

Re: installation issues... service or not?

#16 Post by boco » 2010-09-06 22:35

The double bracket shows only in ftptest.net, but not in the logs
Then it is a bug in your router which destroys the valid syntax of this line (mandated by the FTP specifications) and may cause FTP clients to complain and error out. Look for a firmware update, the problem may be known already.
Also note that the last two numbers differ in both cases, for some reason...
No, that's not normal (and not desired). The router does port remapping. In the posted logs, the server tells it will listen for the data connection on port 5010. However, the router changes it into port 61781 for the outside world (the FTP tester in this case). This is bad behavior, as now the router must handle ALL conversions from one number to another. This will break sooner or later.
You said you added port mapping? Check the settings you made: You have to select the same internal ports as the external ones.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
JasonD
550 File not found
Posts: 34
Joined: 2010-09-04 17:08
First name: Jason
Last name: Doucette
Location: Seattle, WA, USA
Contact:

Re: installation issues... service or not?

#17 Post by JasonD » 2010-09-07 00:48

Thanks again...

My router says there are no firmware updates, in its own Internet check. Perhaps I should check manually, but apparently there are multiple places to get such fireware (why is this so complicated?): Siemens and Bell, and I see that people are having problems with this. I have a SpeedStream 6520, which is a modem and router (source of my confusion over my belief that I had no router).

I had a friend use Google Chrome to connect, and it fails at the PASV command, and tried two more things, and disconnects for them as well, then finally it gets in!! using "extended passive mode":

Code: Select all

EPSV
229 Entering Extended Passive Mode (|||5000|)
Ok 19*256+146 = 5010. But this changed into 241*256+85 = 61781. So the router should not be doing this, right? It should leave the port as 5010, and only change the IP?

My router is set to port map ports 21, and 5000 through 5100. And FileZilla Server is set to accept custom ports 5000 through 5010 for passive mode settings.

User avatar
botg
Site Admin
Posts: 33233
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: installation issues... service or not?

#18 Post by botg » 2010-09-07 06:13

Ok 19*256+146 = 5010. But this changed into 241*256+85 = 61781. So the router should not be doing this, right?
Yes.
It should leave the port as 5010, and only change the IP?
It should only change the IP in the TCP header, not ever change the packet contents.

User avatar
JasonD
550 File not found
Posts: 34
Joined: 2010-09-04 17:08
First name: Jason
Last name: Doucette
Location: Seattle, WA, USA
Contact:

Re: installation issues... service or not?

#19 Post by JasonD » 2010-09-07 13:46

Update: I've set up FTP on my brother's PC using all the same settings, with no router, with Windows Firewall exception for FileZilla Server, and it works perfectly. This seems to indicate that it is definitely my router that is screwing up the information. If there is no firmware update, then I can do nothing except replace the hardware. I'll have to see if there is a firmware update manually somewhere, I guess, and if that doesn't work, complain to my ISP.

Even though it appears that "extended passive mode" works, through Chrome, whatever that is?

Thanks for the help guys.

User avatar
JasonD
550 File not found
Posts: 34
Joined: 2010-09-04 17:08
First name: Jason
Last name: Doucette
Location: Seattle, WA, USA
Contact:

Re: installation issues... service or not?

#20 Post by JasonD » 2010-09-08 00:06

Update: FTPS (FTP + SSL) works. So this is fine. I didn't want to use FTP anyway, since it's insecure and sends info over the net as plain text. So, I don't care that my router screws up FTP, as long as it handles FTPS fine.

Thanks for all of your help guys, it was useful. :)

My bro and I have created a helpful start-up tutorial follow-along to get people set up. We figured it'd be helpful for us and others in the future, due to the lack of documentation for FileZilla Server. We'll be posting it on Xona.com soon. Everything is always rather obvious afterwords, but quite honestly it looks like a complete mess when you're starting out.

P.S. To be honest, I'm still uncertain why ports 5000-5100 need to be open at all. Why doesn't the directory listings, passive mode, and such just work over port 21 FTP (or port 990 FTPS)? And even if it needs other ports, why does it need 101 of them? Why not just one?

Again thanks for all your help!! 8)

Stunner
226 Transfer OK
Posts: 63
Joined: 2009-03-31 01:19
First name: A
Last name: Dog

Re: installation issues... service or not?

#21 Post by Stunner » 2010-09-08 02:37

JasonD wrote: My bro and I have created a helpful start-up tutorial follow-along to get people set up. We figured it'd be helpful for us and others in the future, due to the lack of documentation for FileZilla Server. We'll be posting it on Xona.com soon.
Awesome, please post back here with a direct link when it's up. :)

User avatar
boco
Contributor
Posts: 25325
Joined: 2006-05-01 03:28
Location: Germany

Re: installation issues... service or not?

#22 Post by boco » 2010-09-08 19:30

So, I don't care that my router screws up FTP, as long as it handles FTPS fine.
Simple, the router cannot read encrypted FTP.
Why doesn't the directory listings, passive mode, and such just work over port 21 FTP (or port 990 FTPS)?
Because that's the way the FTP protocol works. Data connections need separate ports. You can continue browsing the server while transferring this way.
And even if it needs other ports, why does it need 101 of them? Why not just one?
Because a port, once used, cannot be reused immediately. It stays in limbo (TIME_WAIT/CLOSE_WAIT) for about 4 minutes. So you need to always have plenty o' free ports to satisfy your needs. The number of ports required depends on the usage level of your server. Imagine you're transferring many small files, and imagine other people do the same at the same time. Ports can easily get used up fast. So heavily frequented servers expose the complete port range (minus the first 1024 ports) to the public for data connections.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
JasonD
550 File not found
Posts: 34
Joined: 2010-09-04 17:08
First name: Jason
Last name: Doucette
Location: Seattle, WA, USA
Contact:

Re: installation issues... service or not?

#23 Post by JasonD » 2010-09-08 20:23

boco wrote:Simple, the router cannot read encrypted FTP.
This implies that regular FTP is encrypted. I thought it was all plain text. A server of mine got hacked once since I used FTP instead of FTPS (FTP + SSL), and to my horror I discovered that the password was being sent over the 'net as plain text! :o Further, I am a little surprised that FTPS works when FTP does not, but I guess that's just a consequence of the particular bug in the firmware on my router.

Regarding ports: I understand mostly now... data transfer is happening over port 21 (or 990), and other ports are used to continue communication, directory navigation, file rename, file permission settings, etc. with the FTP server. Basically there's 2 communication lines. I wasn't aware that ports have a time out, I would have assumed any port (say 5000) used would just stay open, and be used for the duration. I have actually programmed client/server using TCP/IP and ports, and this is what I did. So I'm still a little perplexed -- I would guess that the FTP server simply shuts off the port as soon as it's no longer needed, requiring a new one when a new command comes in -- but again, this seems like an awful waste, since you could just keep using port 5000, and avoid the time out wait. But maybe this is done to free up ports as fast as possible for other users...? I guess if you're talking about opening up (almost) ALL 65,000+ ports for some FTP servers, then this is a very legitimate concern.

User avatar
boco
Contributor
Posts: 25325
Joined: 2006-05-01 03:28
Location: Germany

Re: installation issues... service or not?

#24 Post by boco » 2010-09-08 21:23

This implies that regular FTP is encrypted. I thought it was all plain text.
No, I wrote "encrypted FTP". This includes FTPS, FTPES, and SFTP*, but NOT FTP (also called plain FTP or basic FTP)!

*Note that SFTP is not FTP at all, but for the sake of encryption, it is included.
I understand mostly now... data transfer is happening over port 21 (or 990), and other ports are used to continue communication, directory navigation, file rename, file permission settings, etc. with the FTP server.
No, only directory listings and transfers use data ports. All other commands use the primary connection.
I would have assumed any port (say 5000) used would just stay open, and be used for the duration.
Every transfer uses a new port in a round-robin style.
this seems like an awful waste
FileZilla didn't invent FTP. These are the rules, FileZilla must obey. Using only one port would permit only one transfer at a time, without a chance to continue browsing.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
JasonD
550 File not found
Posts: 34
Joined: 2010-09-04 17:08
First name: Jason
Last name: Doucette
Location: Seattle, WA, USA
Contact:

Re: installation issues... service or not?

#25 Post by JasonD » 2010-09-09 00:43

Stunner wrote:
JasonD wrote: My bro and I have created a helpful start-up tutorial follow-along to get people set up. We figured it'd be helpful for us and others in the future, due to the lack of documentation for FileZilla Server. We'll be posting it on Xona.com soon.
Awesome, please post back here with a direct link when it's up. :)
Ok, we uploaded the document:

How to Install FileZilla FTP Server
http://xona.com/2010/09/08.html

User avatar
JasonD
550 File not found
Posts: 34
Joined: 2010-09-04 17:08
First name: Jason
Last name: Doucette
Location: Seattle, WA, USA
Contact:

Re: installation issues... service or not?

#26 Post by JasonD » 2010-09-09 00:53

boco wrote:
This implies that regular FTP is encrypted. I thought it was all plain text.
No, I wrote "encrypted FTP". This includes FTPS, FTPES, and SFTP*, but NOT FTP (also called plain FTP or basic FTP)!

*Note that SFTP is not FTP at all, but for the sake of encryption, it is included.
Ok I was confused, since I said: "So, I don't care that my router screws up FTP, as long as it handles FTPS fine."
And you replied: "Simple, the router cannot read encrypted FTP."
Which I didn't understand, since I thought normal FTP is what it couldn't 'read' as it was messing it up, and FTPS is what it appears to handle properly.

But I get it now... what you mean is that, the router can read (i.e. parse) FTP, so it has a chance to mess it up (if it's buggy, which mine is), but since it cannot parse encrypted data, it doesn't mess with it at all, and thus even a buggy router won't mess it up.
FileZilla didn't invent FTP. These are the rules, FileZilla must obey. Using only one port would permit only one transfer at a time, without a chance to continue browsing.
Yes I know, I didn't imply that FileZilla should 'fix' the FTP protocol, I'm just wondering, as a scientist, why it is the way it is. But the round-robin style seems to suit heavily accessed FTP servers, so this makes sense.

Thanks for your time.

User avatar
botg
Site Admin
Posts: 33233
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: installation issues... service or not?

#27 Post by botg » 2010-09-09 06:23

Well, routers often destroy plain FTP precisely because they can read it. Then they see "oh, it _is_ FTP, let's sabotage it to annoy the user".

User avatar
JasonD
550 File not found
Posts: 34
Joined: 2010-09-04 17:08
First name: Jason
Last name: Doucette
Location: Seattle, WA, USA
Contact:

Re: installation issues... service or not?

#28 Post by JasonD » 2010-09-09 14:59

Right. I understand... the ability to read means the ability to change and potentially destroy if buggy. I must say I'm a little shocked that this behavior is actually common... :?

Post Reply