Hi all,
first: many tnx for Filezilla's progs.
second ... my problem
I am reading all the info about SSL and passive mode settings on filezilla server. But there is a very strange thing that i want to report to you.
I hope you will understand my questions because my english is very poor (I'm sorry)
The question follows:
I have a private network on 192.168.1.x with some stations. These stestions have installed filezilla client. There is a server in this network. Its IP is 192.168.1.1 and it runs filezilla server.
Ok, now i report to you that this server has a second ethernet board connected to a firewall/router. Their network number is 192.168.2.x and are: server 192.168.2.1, firewall/router 192.168.2.2.
The firewall/router is connected to INTERNET and his public IP is x.x.x.x
-----
now some server settings:
There is SSL abilited on the server:
enable SSL/TLS support checked
Allow explict SSL/TLS checked
Force explict SSL/TLS UNchecked
Force PROT P to encrypt ... checked
Listen Port ... 990
-----
now, i explain to you what's is the thing that i don't understand:
[1st example]
If i Connect to my ftp server (port 21 not using SSL) from a station on private network 192.168.1.x and try to download a file, all things will work.
[2nd example]
If i Connect to my ftp server (port 21 not using SSL) from a client on internet and try do download a file, all things will work.
[CLIENT SIDE]
Command: PASV
Answer: 227 Entering Passive Mode (x.x.x.x,39,18)
Command: LIST
Answer: 150 Connection accepted
Answer: 226 Transfer OK
State: download succesfully terminated
[SERVER SIDE]
(000403) 6/12/2006 11:00:05 AM - prova (client ip)> TYPE A
(000403) 6/12/2006 11:00:05 AM - prova (client ip)> 200 Type set to A
(000403) 6/12/2006 11:00:06 AM - prova (client ip)> PASV
(000403) 6/12/2006 11:00:06 AM - prova (client ip)> 227 Entering Passive Mode (192,168,2,1,18,113)
(000403) 6/12/2006 11:00:06 AM - prova (client ip)> RETR example.txt
(000403) 6/12/2006 11:00:06 AM - prova (client ip)> 150 Connection accepted
(000403) 6/12/2006 11:00:06 AM - prova (client ip)> 226 Transfer OK
[3rd example]
BUT If i connect to my ftp server (port 990 using SSL) from a client on internet and try to download a file ...
[CLIENT SIDE]
command: PASV
Answer: 227 Entering Passive Mode (192,168,2,1,18,195)
Command: LIST
Answer: 425 Can't open data connection.
Error: Not be able to read the directory content
[SERVER SIDE]
(000404) 6/12/2006 11:06:28 AM - usename (client ip)> TYPE A
(000404) 6/12/2006 11:06:28 AM - usename (client ip)> 200 Type set to A
(000404) 6/12/2006 11:06:28 AM - usename (client ip)> PASV
(000404) 6/12/2006 11:06:28 AM - usename (client ip)> 227 Entering Passive Mode (192,168,2,1,18,195)
(000404) 6/12/2006 11:06:28 AM - usename (client ip)> LIST
(000404) 6/12/2006 11:06:39 AM - usename (client ip)> 425 Can't open data connection.
(000404) 6/12/2006 11:06:49 AM - usename (client ip)> disconnected.
----
Note that I HAVE NOT SETTED any external server IP address for passive mode transfer on filezilla server options. I don't understand this fact. Why even if i have not setted any External Server IP Address for passive mode the connection explained in the 2nd example always works ??? The client ftp receive (in the 2nd example .. see above) the correct x.x.x.x (PUBLIC IP of the gateway):
Answer: 227 Entering Passive Mode (x.x.x.x,39,18)
And more ... why the 2nd example works and the third example don't work?
Any idea ...
many tnx for your effort
Rikkardo
Failed to enter in passive mode only if SSL is used ...
Moderator: Project members