here is the log
Command: PASV
Trace: CRealControlSocket::OnClose()
Error: Disconnected from server
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Error: Failed to retrieve directory listing
Filezilla server will not allow data connections if I set the
"External Server Ip Address for passive mode tansfers" option in "Passive Mode Settings" to
"use the following ip" (and type the server's static public IP of a.b.c.d)
However I get 100% success if I set the same option of "External Server Ip Address for passive mode tansfers" to
"default"
so what is the difference between these two "modes"?
When set to default, I can see that filezilla server is correctly using the custom port range, and I can use PASV with no issues, and that the correct IP is set
a,b,c,d,n,m
where this means "use outgoing port n*256+m advertised to be from ip a.b.c.d"
So why if i type it in manually set to use a.b.c.d does it fail?
Just to clarify - I cant edit the settings, refresh and fail, edit and refresh and success. My firewall is checkpoint FW-1 between the client and server, but with no port restrictions to or from server. (In other words for testing I have set up two machines which have no firewall restircitons between them despite them having FW-1 inbetween)
disconnected from server
Moderator: Project members
-
shimmyshack
- 504 Command not implemented
- Posts: 6
- Joined: 2005-12-18 10:24
Re: disconnected from server
I've seen several threads with this issue around, but have not read them exhaustively yet as I am working on another issue. I'd keep searching. If I find something I'll let you know.
A definitive PASSIVE vs ACTIVE thread or a FileZilla approved abc guide to understanding the modes would be greatly appreciated.
I'll be following, good luck.
A definitive PASSIVE vs ACTIVE thread or a FileZilla approved abc guide to understanding the modes would be greatly appreciated.
I'll be following, good luck.
Re: disconnected from server
This abc guide does exist, follow the link: Network Configuration
Plenty of routers and firewalls sabotage FTP. The only solution is to uninstall all firewalls and to throw consumer grade routers away.
Plenty of routers and firewalls sabotage FTP. The only solution is to uninstall all firewalls and to throw consumer grade routers away.
-
shimmyshack
- 504 Command not implemented
- Posts: 6
- Joined: 2005-12-18 10:24
Re: disconnected from server
With great respect Tim, you haven't answered my question, what is the difference between setting "default" and "use this external IP"?
Remember I am using the same VERBs on the client.
The server either responds with a,b,c,d,n,m or doesn't.
It either works as an FTP server in PASV mode (when default is checked) or
It doesn't work - when manually setup with "external IP of a.b.c.d with port range 256n - 256n+p where p>=m"
If "default" means "respond in kind to the client" then when my commands specify PASV I would expect a reply along the lines of a,b,c,d,n,m and I do! yippee, but then again if "use this external IP" means just that - then why doesn't the server respond with a,b,c,d,n,m
Also just to be clear, the ftp server isn't hiding behind some high-street, non-RFC compliant, hastily thrown together NAT device running busybox with port-forwarding enabled, the server is has a static IP assigned from the netblock we own, there are NO firewall rules in place, no SPI, no port blocking in either direction, no sabotage going on (to the best of my knowledge) - how can I be sure? ... well the network firewall we have is actually an enterprise grade firewall cluster, it runs our enterprise - various subnets, hundreds of hosts and thousands of services, VPNs, Vlinks to COO round the world, the ruleset has been specifically edited to derestrict traffic between ftp server IP and my home IP, I know because I added the rules. And it does do this - I can map drives, attach to processes, RDP, VNC, remote registry, SSDP, antivirus update ports, the whole thing from 1 to (256^2)-1. Right round the world we have no issues, I can set up a WAF or an FTP server on a box run up for the purpose, create a few rules and bobs your uncle, but with filezilla I hit an apparent issue, and asked a question. Oh and our firewall cluster goes out through redundant Cisco routers, fibre ISP redundancy with wireless backup back to the exchange, (just covering all the bases and trying to alert you that it might not be us - but it still might).
So *is* there an answer to why the server works when in default mode, but not when specifically set to use the IP which it does anyway, if there is no easy answer, I guess I will just have to send you a wireshark (and any other) dump from both machines, which I am happy to do.
ps. That abc network guide - I only read it as a courtesy to see if you said anything I didnt already know, and you didnt. I have run any number of ftpd on any architecture/OS and they literally all run perfectly, even the IIS one, I have a preference for filezilla (I've used it for years), and want to encourage open source thinking in our enterprise, especially for services we can decouple from the windows servers we have here, it is a great shame when things do not work as advertised in the GUI, and this despite correct setup of both the server, the network firewall and the client. In the real world one expects slightly less control over the client, and a firewall of lower calibre.
Remember I am using the same VERBs on the client.
The server either responds with a,b,c,d,n,m or doesn't.
It either works as an FTP server in PASV mode (when default is checked) or
It doesn't work - when manually setup with "external IP of a.b.c.d with port range 256n - 256n+p where p>=m"
If "default" means "respond in kind to the client" then when my commands specify PASV I would expect a reply along the lines of a,b,c,d,n,m and I do! yippee, but then again if "use this external IP" means just that - then why doesn't the server respond with a,b,c,d,n,m
Also just to be clear, the ftp server isn't hiding behind some high-street, non-RFC compliant, hastily thrown together NAT device running busybox with port-forwarding enabled, the server is has a static IP assigned from the netblock we own, there are NO firewall rules in place, no SPI, no port blocking in either direction, no sabotage going on (to the best of my knowledge) - how can I be sure? ... well the network firewall we have is actually an enterprise grade firewall cluster, it runs our enterprise - various subnets, hundreds of hosts and thousands of services, VPNs, Vlinks to COO round the world, the ruleset has been specifically edited to derestrict traffic between ftp server IP and my home IP, I know because I added the rules. And it does do this - I can map drives, attach to processes, RDP, VNC, remote registry, SSDP, antivirus update ports, the whole thing from 1 to (256^2)-1. Right round the world we have no issues, I can set up a WAF or an FTP server on a box run up for the purpose, create a few rules and bobs your uncle, but with filezilla I hit an apparent issue, and asked a question. Oh and our firewall cluster goes out through redundant Cisco routers, fibre ISP redundancy with wireless backup back to the exchange, (just covering all the bases and trying to alert you that it might not be us - but it still might).
So *is* there an answer to why the server works when in default mode, but not when specifically set to use the IP which it does anyway, if there is no easy answer, I guess I will just have to send you a wireshark (and any other) dump from both machines, which I am happy to do.
ps. That abc network guide - I only read it as a courtesy to see if you said anything I didnt already know, and you didnt. I have run any number of ftpd on any architecture/OS and they literally all run perfectly, even the IIS one, I have a preference for filezilla (I've used it for years), and want to encourage open source thinking in our enterprise, especially for services we can decouple from the windows servers we have here, it is a great shame when things do not work as advertised in the GUI, and this despite correct setup of both the server, the network firewall and the client. In the real world one expects slightly less control over the client, and a firewall of lower calibre.
Re: disconnected from server
lmao, and i thought i was at least pointing you to a better search phrase
i will shut up now
i will shut up now
Re: disconnected from server
"Default" asks the system, the other option uses the address you entered.
Re: disconnected from server
The router will change your internal IP to the external one (and vice versa) on the fly if you select 'default'. To test for such a router, simply change the port 21 to another one, say 2100. As routers only monitor port 21 for FTP, you'll now get the real, unmodified FTP experience. 
Then test again.
Then test again.No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
shimmyshack
- 504 Command not implemented
- Posts: 6
- Joined: 2005-12-18 10:24
Re: disconnected from server
Thank you for your replies.
Just in case someone reading this thread thinks I was right to be miffed, I jumped the gun and I am finding that Tim and his excellent FileZilla Server is right, and I am wrong.
After a lot of playing with the firewall cluster, I was eventually able to find a configuration which allowed me to use FTP on port 21 in passive mode, and passive FTP over implicit SSL on port 990.
The problem was indeed that there was hidden modification of the packets going on, which as boco said, was easy to discover once the firewall was set to not look into the packets on that port.
Thank you both very much for your help, and I am pleased to say that until there are problems I cannot solve, FileZilla will be a working example of an opensource FTP server which I intend to use to show the company that OS software has its place. If it works without a hitch and does what we expect it will do, I will ask for (and get) a donation in the right ball-park towards this project.
Thanks again, particularly since there are many people on this forum having great difficulty setting up the server, and unjustly IMHO blaming FileZilla - like I did.
Just in case someone reading this thread thinks I was right to be miffed, I jumped the gun and I am finding that Tim and his excellent FileZilla Server is right, and I am wrong.
After a lot of playing with the firewall cluster, I was eventually able to find a configuration which allowed me to use FTP on port 21 in passive mode, and passive FTP over implicit SSL on port 990.
The problem was indeed that there was hidden modification of the packets going on, which as boco said, was easy to discover once the firewall was set to not look into the packets on that port.
Thank you both very much for your help, and I am pleased to say that until there are problems I cannot solve, FileZilla will be a working example of an opensource FTP server which I intend to use to show the company that OS software has its place. If it works without a hitch and does what we expect it will do, I will ask for (and get) a donation in the right ball-park towards this project.
Thanks again, particularly since there are many people on this forum having great difficulty setting up the server, and unjustly IMHO blaming FileZilla - like I did.