Page 1 of 1

Can't FTP to new directory

Posted: 2019-05-31 16:26
by philmand
Hello,
I'm using FileZilla Server 0.9.46 on a Windows 10 platform.
I've had FileZilla Server working for a number of years with no problem. Recently, I changed the directory on the server where the incoming files are placed. Now I can't FTP. It seems that the User is able to login OK, but I can't FTP. In the FileZilla Server app here are some of the settings:
Edit/Users/General--The one user (susanna)
Edit/Users/Shared Folders--The Network Share Name (\\Server1\Attachments) [susanna in the Users column, all 8 options checked for now]
Edit/Users/Shared Folders--The File Folder Name (C:\app\product\apex\images\attachments) [susanna in the Users column, all 8 options checked for now]
I just looked at the router for the server and ports 20 and 21 are forwarded to the server.
Below is a log from the client

Code: Select all

* Hostname was NOT found in DNS cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 100.0.41.39...
* Connected to (server_hostname).com (ServerIP.address.shown.here) port 21 (#0)
< 220-FileZilla Server version 0.9.46 beta
< 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
< 220 Please visit http://sourceforge.net/projects/filezilla/
> USER susanna
< 331 Password required for susanna
> PASS (my password went here)
< 230 Logged on
> PWD
< 257 "/" is current directory.
* Entry path is '/'
> EPSV
* Connect data stream passively
* ftp_perform ends with SECONDARY: 0
< 229 Entering Extended Passive Mode (|||20116|)
* Hostname was NOT found in DNS cache
*   Trying 100.0.41.39...
* Connecting to ServerIP.address.shown.here (ServerIP.address.shown.here) port 20116
  0     0    0     0    0     0      0      0 --:--:--  0:00:20 --:--:--     0* connect to (ServerIP.address.shown.here) port 21 failed: Timed out
* Failed to connect to (server_hostname).com port 21: Timed out
* Failed EPSV attempt. Disabling EPSV
> PASV
  0     0    0     0    0     0      0      0 --:--:--  0:00:21 --:--:--     0< 227 Entering Passive Mode (ff,ff,ff,ff,78,149)
* Hostname was NOT found in DNS cache
*   Trying (ServerIP.address.shown.here)...
* Connecting to ServerIP.address.shown.here (ServerIP.address.shown.here) port 20117
  0     0    0     0    0     0      0      0 --:--:--  0:00:42 --:--:--     0* connect to ServerIP.address.shown.here port 21 failed: Timed out
* Failed to connect to (ServerIP.address.shown.here) port 21: Timed out
* Closing connection 0
curl: (7) Failed to connect to (server_hostname).com port 21: Timed out
The log from FileZilla Server is:

Code: Select all

(000207)5/31/2019 12:06:33 PM - (not logged in) ((an.ip.address.here))> Connected on port 21, sending welcome message...
(000207)5/31/2019 12:06:33 PM - (not logged in) ((an.ip.address.here))> 220-FileZilla Server version 0.9.46 beta
(000207)5/31/2019 12:06:33 PM - (not logged in) ((an.ip.address.here))> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000207)5/31/2019 12:06:33 PM - (not logged in) ((an.ip.address.here))> 220 Please visit http://sourceforge.net/projects/filezilla/
(000207)5/31/2019 12:06:33 PM - (not logged in) ((an.ip.address.here))> USER susanna
(000207)5/31/2019 12:06:33 PM - (not logged in) ((an.ip.address.here))> 331 Password required for susanna
(000207)5/31/2019 12:06:33 PM - (not logged in) ((an.ip.address.here))> PASS ********
(000207)5/31/2019 12:06:33 PM - susanna ((an.ip.address.here))> 230 Logged on
(000207)5/31/2019 12:06:33 PM - susanna ((an.ip.address.here))> PWD
(000207)5/31/2019 12:06:33 PM - susanna ((an.ip.address.here))> 257 "/" is current directory.
(000207)5/31/2019 12:06:33 PM - susanna ((an.ip.address.here))> EPSV
(000207)5/31/2019 12:06:33 PM - susanna ((an.ip.address.here))> 229 Entering Extended Passive Mode (|||20120|)
(000207)5/31/2019 12:06:55 PM - susanna ((an.ip.address.here))> PASV
(000207)5/31/2019 12:06:55 PM - susanna ((an.ip.address.here))> 227 Entering Passive Mode (ff,ff,ff,ff,78,133)
(000207)5/31/2019 12:07:16 PM - susanna ((an.ip.address.here))> disconnected.
I'm guessing the problem is with Windows permissions, since it was working for the prior directory, but I don't know what else to do to enable FTP to a new directory.
Thanks for looking at this.
Phil

Re: Can't FTP to new directory

Posted: 2019-05-31 20:01
by boco
No support for outdated versions. Update first.

Re: Can't FTP to new directory

Posted: 2019-06-01 01:52
by philmand
Hello,
I downloaded and installed 0.9.60 of FileZilla Server. I ran the FTP again and got the same results. I'm also including the results from https://ftptest.net

Code: Select all

Warning: Allowing fallback to plaintext FTP is insecure. You should use explicit FTP over TLS.
Status: Resolving address of (server_hostname)
Status: Connecting to (ServerIP.address.shown.here)
Warning: The entered address does not resolve to an IPv6 address.
Status: Connected, waiting for welcome message...
Reply: 220-FileZilla Server 0.9.60 beta
Reply: 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
Reply: 220 Please visit https://filezilla-project.org/
Command: CLNT https://ftptest.net on behalf of (SomeIP.address.shown.here)
Reply: 200 Don't care
Command: AUTH TLS
Reply: 502 Explicit TLS authentication not allowed
Warning: Server refused AUTH TLS, trying deprecated AUTH SSL fallback.
Command: AUTH SSL
Reply: 502 Explicit TLS authentication not allowed
Warning: Server refused AUTH SSL, falling back to insecure plaintext FTP.
Command: USER susanna
Reply: 331 Password required for susanna
Command: PASS ********
Reply: 230 Logged on
Command: SYST
Reply: 215 UNIX emulated by FileZilla
Command: FEAT
Reply: 211-Features:
Reply: MDTM
Reply: REST STREAM
Reply: SIZE
Reply: MLST type*;size*;modify*;
Reply: MLSD
Reply: UTF8
Reply: CLNT
Reply: MFMT
Reply: EPSV
Reply: EPRT
Reply: 211 End
Command: PWD
Reply: 257 "/" is current directory.
Status: Current path is /
Command: TYPE I
Reply: 200 Type set to I
Command: PASV
Reply: 227 Entering Passive Mode (ff,ff,ff,ff,78,138)
Command: MLSD
Reply: 425 Can't open data connection for transfer of "/"
Error: Listing failed
And here are the results from FileZilla Server

Code: Select all

FileZilla Server 0.9.60 beta
Copyright 2001-2016 by Tim Kosse (tim.kosse@filezilla-project.org)
https://filezilla-project.org/
Connecting to server 127.0.0.1:14147...
Connected, waiting for authentication
Logged on
Warning: FTP over TLS is not enabled, users cannot securely log in.
(000001)5/31/2019 21:43:39 PM - (not logged in) (141.154.16.190)> Connected on port 21, sending welcome message...
(000001)5/31/2019 21:43:39 PM - (not logged in) (141.154.16.190)> 220-FileZilla Server 0.9.60 beta
(000001)5/31/2019 21:43:39 PM - (not logged in) (141.154.16.190)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000001)5/31/2019 21:43:39 PM - (not logged in) (141.154.16.190)> 220 Please visit https://filezilla-project.org/
(000001)5/31/2019 21:43:39 PM - (not logged in) (141.154.16.190)> USER susanna
(000001)5/31/2019 21:43:39 PM - (not logged in) (141.154.16.190)> 331 Password required for susanna
(000001)5/31/2019 21:43:39 PM - (not logged in) (141.154.16.190)> PASS ********
(000001)5/31/2019 21:43:39 PM - susanna (141.154.16.190)> 230 Logged on
(000001)5/31/2019 21:43:39 PM - susanna (141.154.16.190)> PWD
(000001)5/31/2019 21:43:39 PM - susanna (141.154.16.190)> 257 "/" is current directory.
(000001)5/31/2019 21:43:39 PM - susanna (141.154.16.190)> EPSV
(000001)5/31/2019 21:43:39 PM - susanna (141.154.16.190)> 229 Entering Extended Passive Mode (|||20114|)
(000001)5/31/2019 21:44:00 PM - susanna (141.154.16.190)> PASV
(000001)5/31/2019 21:44:00 PM - susanna (141.154.16.190)> 227 Entering Passive Mode (100,0,41,39,78,136)
(000001)5/31/2019 21:44:21 PM - susanna (141.154.16.190)> disconnected.
(000002)5/31/2019 21:46:51 PM - (not logged in) (136.243.154.86)> Connected on port 21, sending welcome message...
(000002)5/31/2019 21:46:51 PM - (not logged in) (136.243.154.86)> 220-FileZilla Server 0.9.60 beta
(000002)5/31/2019 21:46:51 PM - (not logged in) (136.243.154.86)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000002)5/31/2019 21:46:51 PM - (not logged in) (136.243.154.86)> 220 Please visit https://filezilla-project.org/
(000002)5/31/2019 21:46:51 PM - (not logged in) (136.243.154.86)> CLNT https://ftptest.net on behalf of 141.154.16.190
(000002)5/31/2019 21:46:51 PM - (not logged in) (136.243.154.86)> 200 Don't care
(000002)5/31/2019 21:46:51 PM - (not logged in) (136.243.154.86)> AUTH TLS
(000002)5/31/2019 21:46:51 PM - (not logged in) (136.243.154.86)> 502 Explicit TLS authentication not allowed
(000002)5/31/2019 21:46:51 PM - (not logged in) (136.243.154.86)> AUTH SSL
(000002)5/31/2019 21:46:51 PM - (not logged in) (136.243.154.86)> 502 Explicit TLS authentication not allowed
(000002)5/31/2019 21:46:52 PM - (not logged in) (136.243.154.86)> USER susanna
(000002)5/31/2019 21:46:52 PM - (not logged in) (136.243.154.86)> 331 Password required for susanna
(000002)5/31/2019 21:46:52 PM - (not logged in) (136.243.154.86)> PASS ********
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)> 230 Logged on
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)> SYST
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)> 215 UNIX emulated by FileZilla
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)> FEAT
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)> 211-Features:
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)>  MDTM
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)>  REST STREAM
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)>  SIZE
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)>  MLST type*;size*;modify*;
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)>  MLSD
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)>  UTF8
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)>  CLNT
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)>  MFMT
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)>  EPSV
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)>  EPRT
(000002)5/31/2019 21:46:52 PM - susanna (136.243.154.86)> 211 End
(000002)5/31/2019 21:46:53 PM - susanna (136.243.154.86)> PWD
(000002)5/31/2019 21:46:53 PM - susanna (136.243.154.86)> 257 "/" is current directory.
(000002)5/31/2019 21:46:53 PM - susanna (136.243.154.86)> TYPE I
(000002)5/31/2019 21:46:53 PM - susanna (136.243.154.86)> 200 Type set to I
(000002)5/31/2019 21:46:53 PM - susanna (136.243.154.86)> PASV
(000002)5/31/2019 21:46:53 PM - susanna (136.243.154.86)> 227 Entering Passive Mode (100,0,41,39,78,138)
(000002)5/31/2019 21:46:53 PM - susanna (136.243.154.86)> MLSD
(000002)5/31/2019 21:47:03 PM - susanna (136.243.154.86)> 425 Can't open data connection for transfer of "/"
(000002)5/31/2019 21:47:04 PM - susanna (136.243.154.86)> disconnected.
Thanks again for looking at this.
Phil

Re: Can't FTP to new directory

Posted: 2019-06-04 14:21
by philmand
Hello,
I've read read Network Configuration a few times and believe I have implemented FileZilla Server according to the manual. Is there any other information that I can provide to help with this problem?

Re: Can't FTP to new directory

Posted: 2019-06-04 16:55
by boco
There's still a firewall or other "security software" on your side, preventing the data connection. You need to find and rectify it. Such third-party soft- or hardware is beyond the scope of our forums, unfortunately.

Also, please enable and use FTP over TLS (Explicit). Plain FTP transmits everything in plain text and thus is mightily insecure.

Re: Can't FTP to new directory

Posted: 2019-06-04 17:26
by philmand
Thanks.
I resolved the problem. On the Verizon Router I discovered that someone deleted the second set of ports. Ports 20 and 21 were always open. However, I recently discovered the range from 20101 - 20120 were opened at one time but were removed a few weeks ago. That range corresponds to the settings at Edit/Settings/Passive Mode Settings. Once I opened those ports on the router again, the FTP went through fine. Thanks for your help.

Re: Can't FTP to new directory

Posted: 2019-06-04 18:20
by boco
Port 20 is not required to be forwarded.

Re: Can't FTP to new directory

Posted: 2019-06-07 13:31
by philmand
Thanks. I removed Port 20 from the router.
I'm taking your advice and trying to implement TLS. I'm Using CURL version 7.39.0 on Windows for the FTP client.
When I issue the following command, the file transfers fine:

Code: Select all

curl --cert curl-ca-bundle.crt -v -T C:\file_to_be_transferred.pdf -ssl ftp://username:password@host.top_level_example.com/filename.pdf
However, I don't think it's using TLS with that command.
So when I go on the FIleZilla Server and check Edit/Users/Force TLS for user login for the user and run the same command, I get the following response from CURL:

Code: Select all

* Hostname was NOT found in DNS cache
*   Trying 999.999.999.999
* Connected to host.top_level_example.com (999.999.999.999) port 21 (#0)
< 220-FileZilla Server 0.9.60 beta
< 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
< 220 Please visit https://filezilla-project.org/
> USER username
< 530 TLS required
* Access denied: 530
* Closing connection 0
The FileZilla Server log is as follows:

Code: Select all

(000268)6/7/2019 9:22:33 AM - (not logged in) (999.999.16.190)> Connected on port 21, sending welcome message...
(000268)6/7/2019 9:22:33 AM - (not logged in) (999.999.16.190)> 220-FileZilla Server 0.9.60 beta
(000268)6/7/2019 9:22:33 AM - (not logged in) (999.999.16.190)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000268)6/7/2019 9:22:33 AM - (not logged in) (999.999.16.190)> 220 Please visit https://filezilla-project.org/
(000268)6/7/2019 9:22:33 AM - (not logged in) (999.999.16.190)> USER username
(000268)6/7/2019 9:22:33 AM - (not logged in) (999.999.16.190)> 530 TLS required
(000268)6/7/2019 9:22:33 AM - (not logged in) (999.999.16.190)> disconnected.
I've generated a certificate from the FileZilla server with Edit/Settings/FTP over TLS settings and copied it to the client. I've appended the certificate to the curl-ca-bundle.crt file in the CURL directory.
Is there something else I should be doing on the FIleZilla server?
Should I be issuing the CURL command differently?

Re: Can't FTP to new directory

Posted: 2019-06-07 15:58
by philmand
I resolved the problem. It was how I referenced the certificates. Earlier I had transferred the certificate generated by the FileZilla Server (certificate.crt)to the Windows Client. I placed that certificate file in the folder C:\Program Files\cURL\bin. Also, I copied certificate.crt and appended it to the existing certificate called curl-ca-bundle.crt. Appending the new certificate to that bundle file is very important. That was my problem. Now, when I reference only the FileZilla_Server generated certificate in the client's CURL command, the transfer works. It seems that cURL will always reference the curl-ca-bundle.crt file in addition to what is referenced in the command line. The logs referenced the details of the SSLv3 handshake. Also I restructured the command a little bit to make it more readable. Here it is:

Code: Select all

curl --user username:password --cert "C:\Program Files\cURL\bin\certificate.crt" -v -T C:\folder_and_file_to_be_transferred.pdf ftps://host.top_level_example.com/filename.pdf
By the way, ftpS uses port 990 (not 21) so I closed port 21 and opened up port 990. I had to keep the port range 20101-20120 open as well.
I hope this helps someone else.

Re: Can't FTP to new directory

Posted: 2019-06-10 01:30
by boco
First, with FTPS, a client certificate isn't required. Second, we cannot recommend the non-standard FTPS Implicit (on port 990). For FTPS Explicit on the normal port, you just need to tell curl to use FTP over TLS (so it sends the AUTH TLS command). Maybe just use the ftps:// protocol identifier?

FTPS Explicit uses the standard FTP port. It is well formally standardized and thus an official FTP feature.
FTP Implicit doesn't have any official standard, so, there is no "correct" way for implementing it. Strictly said, FTPS Implicit isn't officially FTP.

Re: Can't FTP to new directory

Posted: 2019-06-10 12:44
by philmand
Hello,
I removed the "--CERT" from the command. It still transferred fine. So I get your first point that I don't have to specify the certificate at the client side.
As to the second point, in Windows / cURL, it seems that if I use simple FTP it defaults to port 21. If I use FTPS (the "S" invokes SSL/TLS), then it defaults to port 990.
So in cURL if I use simply "ftp//" it connects on port 21. Also, if I include "--SSL" in the command line, the --SSL will invoke TLS and and the client still sends the AUTH TLS command.
So If I use this statement:

Code: Select all

curl  --user username:password --SSL -v -T C:\file_to_be_transferred.pdf ftp://host.top_level_example.com/destination_filename.pdf
I get the following results:

Code: Select all

* Hostname was NOT found in DNS cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 100.0.41.39...
* Connected to host.top_level_example.com (999.999.999.999) port 21 (#0)
< 220-FileZilla Server 0.9.60 beta
< 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
< 220 Please visit https://filezilla-project.org/
> AUTH SSL
< 234 Using authentication type TLS
* successfully set certificate verify locations:
*   CAfile: C:\Program Files\cURL\bin\curl-ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server key exchange (12):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
Is this what you were directing me to?
Thanks for checking.

Re: Can't FTP to new directory

Posted: 2019-06-11 12:44
by boco
Yes, AUTH TLS with successful reply means you will use FTP over TLS Explicit. Maybe it supports the ftpes:// identifier, although that one is unofficial.

Btw. AUTH SSL is deprecated, does it also have any -TLS switch?

Re: Can't FTP to new directory

Posted: 2019-06-11 13:00
by philmand
I tried ftpes:// That was unrecognized.
I also tried some of the cURL TLS options. They didn't work with windows.
Windows has been bundling cURL for about a year now. I'm using version 7.39.0 of cURL.
So it seems that I have to use the --SSL options, at least until Microsoft / cURL change things.
Thanks for all your help

Re: Can't FTP to new directory

Posted: 2019-06-11 22:53
by boco
So you are using WSL. No idea if the WSL version of cURL is current. Not using Windows 10 so I can't check.