I've got my Filezilla server up and running live.
I have one user with a so-far unknown client that is attempting to use EPSV. They've been doing this all along, but since our old FTP server software didn't support it, the client would automatically switch to PASV and life was good. The Filezilla software sends back a 229 and that's all we here from the client. I haven't been able to talk to the people on the other end directly, but it's been reported that they believe the file has been sent.
Here's the complete (if sanitized) log:
(004146) 10/19/2010 5:00:45 AM - (not logged in) (x.x.x.x)> Connected, sending welcome message...
(004146) 10/19/2010 5:00:45 AM - (not logged in) (x.x.x.x)> 220 Welcome to <us>
(004146) 10/19/2010 5:00:45 AM - (not logged in) (x.x.x.x)> USER <username>
(004146) 10/19/2010 5:00:45 AM - (not logged in) (x.x.x.x)> 331 Password required for <username>
(004146) 10/19/2010 5:00:45 AM - (not logged in) (x.x.x.x)> PASS *****
(004146) 10/19/2010 5:00:45 AM - <username> (x.x.x.x)> 230 Logged on
(004146) 10/19/2010 5:00:45 AM - <username> (x.x.x.x)> SYST
(004146) 10/19/2010 5:00:45 AM - <username> (x.x.x.x)> 215 UNIX emulated by FileZilla
(004146) 10/19/2010 5:00:45 AM - <username> (x.x.x.x)> SITE NAMEFMT 1
(004146) 10/19/2010 5:00:45 AM - <username> (x.x.x.x)> 200 Now using naming format "1"
(004146) 10/19/2010 5:00:45 AM - <username> (x.x.x.x)> TYPE I
(004146) 10/19/2010 5:00:45 AM - <username> (x.x.x.x)> 200 Type set to I
(004146) 10/19/2010 5:00:45 AM - <username> (x.x.x.x)> CWD customers/<username>
(004146) 10/19/2010 5:00:45 AM - <username> (x.x.x.x)> 250 CWD successful. "/customers/<username>" is current directory.
(004146) 10/19/2010 5:00:46 AM - <username> (x.x.x.x)> EPSV
(004146) 10/19/2010 5:00:46 AM - <username> (x.x.x.x)> 229 Entering Extended Passive Mode (|||1732|)
(004146) 10/19/2010 5:02:46 AM - <username> (x.x.x.x)> 421 Connection timed out.
(004146) 10/19/2010 5:02:46 AM - <username> (x.x.x.x)> disconnected.
I'm wondering if the firewall is getting in the way. PASV has been working all along. Are there any additional things that need to be opened to allow EPSV connections?
TIA,
Steve
EPSV and firewalls?
Moderator: Project members
-
stevefromdodge
- 504 Command not implemented
- Posts: 11
- Joined: 2010-10-05 23:23
- First name: Steve
- Last name: Hart
Re: EPSV and firewalls?
What is your firewall configuration?
-
stevefromdodge
- 504 Command not implemented
- Posts: 11
- Joined: 2010-10-05 23:23
- First name: Steve
- Last name: Hart
Re: EPSV and firewalls?
It's at a managed co-lo site and unfortunately I don't have the subtle details immediately available. I know that it's Cisco gear and I know that it's open to "FTP" and SFTP. I know passive and active mode FTP have worked all along. This is our first foray into Extended Passive.
I've reached the low level tech support at the sender and they are sending directly from an AS400. Reconfiguring on their end may be difficult.
Is there a way to turn off EPSV support in the Filezilla server software? That will take us basically back to where we were with our old software and I know their client will roll over to passive mode in that environment.
I've reached the low level tech support at the sender and they are sending directly from an AS400. Reconfiguring on their end may be difficult.
Is there a way to turn off EPSV support in the Filezilla server software? That will take us basically back to where we were with our old software and I know their client will roll over to passive mode in that environment.
-
BostonBoy
- 504 Command not implemented
- Posts: 9
- Joined: 2010-10-06 18:57
- First name: Peter
- Last name: Jekel
Re: EPSV and firewalls?
There are a couple of things you may want to look into beside your firewall. The EPSV command without any arguments is identical to PASV. The plain EPSV command, as shown in your trace, allows the server to determine what protocol to use, IPv4 or IPv6. Typically a FTP server will use the same protocol for the data channel as is used for the control channel which in this case is IPv4. If however the client would send the command EPSV 2 it is proposing to establish an IPv6 connection for the data channel.
Based on my experience, what I think is hapening is that the users client is trying to establish an IPv6 data connection as it probably assumes that because it got a 229 response IPv6 is supported. However, as I stated before, if the client does not specify a protocol with the EPSV command it is the server, FileZilla in your case, who will determine what protocol to use. Please note; FileZilla currently does not support IPv6 and therefore you user MUST establish an IPv4 connection..
Hope this helps.
Based on my experience, what I think is hapening is that the users client is trying to establish an IPv6 data connection as it probably assumes that because it got a 229 response IPv6 is supported. However, as I stated before, if the client does not specify a protocol with the EPSV command it is the server, FileZilla in your case, who will determine what protocol to use. Please note; FileZilla currently does not support IPv6 and therefore you user MUST establish an IPv4 connection..
Hope this helps.
Re: EPSV and firewalls?
EPSV cannot be disabled.
Most likely your firewall is maliciously inspecting traffic, thinking it is FTP and doing some strange filtering but it's unable to cope with the less commonly used EPSV command. See the section about firewalls sabotaging the connection in the Network Configuration guide.
Most likely your firewall is maliciously inspecting traffic, thinking it is FTP and doing some strange filtering but it's unable to cope with the less commonly used EPSV command. See the section about firewalls sabotaging the connection in the Network Configuration guide.