Setup FXP on local server

[rexolb]

Hello all


I want to setup FXP support on my filezilla ftp server
the reason users have to be able to move files from directory A to directory B on the same server without download the files first to their client pc .

when i trie to move the file config.php to the subdirectory \install the server refuse this

I paste a piece off my log her :


[T] 230 Logged on
[T] SYST
[T] 230 Logged on
[T] SYST
[T] 215 UNIX emulated by FileZilla
[T] TYPE A
[T] 215 UNIX emulated by FileZilla
[T] TYPE A
[T] 200 Type set to A
[T] REST 1
[T] 200 Type set to A
[T] REST 1
[T] 350 Rest supported. Restarting at 1
[T] REST 0
[T] 350 Rest supported. Restarting at 1
[T] REST 0
[T] 350 Rest supported. Restarting at 0
[T] FEAT
[T] 350 Rest supported. Restarting at 0
[T] FEAT
[T] 211-Features:
[T] MDTM
[T] REST STREAM
[T] 211-Features:
[T] SIZE
[T] MLST type*;size*;modify*;
[T] MLSD
[T] MDTM
[T] UTF8
[T] REST STREAM
[T] CLNT
[T] SIZE
[T] MFMT
[T] MLST type*;size*;modify*;
[T] 211 End
[T] MLSD
[T] CLNT FTP Rush 2.1.8U
[T] UTF8
[T] CLNT
[T] MFMT
[T] 211 End
[T] CLNT FTP Rush 2.1.8U
[T] 200 Don't care
[T] OPTS UTF8 ON
[T] 200 Don't care
[T] OPTS UTF8 ON
[T] 200 UTF8 mode enabled
[T] PWD
[T] 200 UTF8 mode enabled
[T] PWD
[T] 257 "/" is current directory.
[T] 257 "/" is current directory.
[T] CWD /install/
[T] 250 CWD successful. "/install" is current directory.
[T] PWD
[T] 257 "/install" is current directory.
[T] PASV
[T] 227 Entering Passive Mode (88,88,129,148,5,245)
[T] Openen verbinding IP: 88.88.129.148 POORT: 1525
[T] MLSD
[T] 150 Connection accepted
[T] 226 Transfer OK
[T] Opmaken lijst voltooid: 119 bytes in 0,00 seconden (0,12KB/s)
[T] TYPE I
[T] 200 Type set to I
[T] TYPE I
[T] 200 Type set to I
[T] PASV
[T] 227 Entering Passive Mode (88,88,129,148,5,246)
[T] PORT 88,88,129,148,5,246
[T] 200 Port command successful
[T] STOR config.php
[T] 150 Opening data channel for file transfer.
[T] RETR config.php
[T] 425 Can't open data connection.
[T] ABOR
[T] 226 ABOR command successful
[1] CWD .
[2] CWD .
[1] 250 CWD successful. "/" is current directory.
[1] PWD
[2] 250 CWD successful. "/install" is current directory.
[2] PWD
[1] 257 "/" is current directory.
[2] 257 "/install" is current directory.


Is there someone ho can help me ?

[boco]

the reason users have to be able to move files from directory A to directory B on the same server without download the files first to their client pc .

You don't need FXP for that. You can already move items using Drag&Drop with one connection (through RNFR and RNTO commands).

Of course you need to adjust FZ Server's Security settings to make FXP work.

[rexolb]

boco

move files is all ready possible with one connection
but i need fxp to work becouse the user use 2 different logins

how can i modify fz security settings to enable fxp

[boco]

but i need fxp to work becouse the user use 2 different logins

FXP needs two logins.

how can i modify fz security settings to enable fxp

fzssecurity.png (55.54 KiB) Viewed 13206 times

You'd need to uncheck these. Have a close eye on the server, enabling FXP also enables the possibility for bounce attacks.

And please make sure that FZ Server is correctly configured for Passive, and the client for Active mode.

[rexolb]

fz server security setings are OK
When i use 2 different logins I still get the error

425 Can't open data connection

The server is behind a firewall but port 21 and pasive ports 1024-2048 are mapped to the server

[botg]

Got server logs?

[boco]

On second thought, I do not think that scenario is possible. The problem is that the external IP does not work in the server's LAN.

[rexolb]

Hello all I post here some server logs:

(000261) 11/11/2011 11:24:14 - bennytest (81.164.72.140)> CWD .
(000261) 11/11/2011 11:24:14 - bennytest (81.164.72.140)> 250 CWD successful. "/" is current directory.
(000261) 11/11/2011 11:24:14 - bennytest (81.164.72.140)> PWD
(000261) 11/11/2011 11:24:14 - bennytest (81.164.72.140)> 257 "/" is current directory.
(000263) 11/11/2011 11:24:16 - (not logged in) (81.164.72.140)> Connected, sending welcome message...
(000263) 11/11/2011 11:24:16 - (not logged in) (81.164.72.140)> USER bennytest
(000263) 11/11/2011 11:24:16 - (not logged in) (81.164.72.140)> 331 Password required for bennytest
(000263) 11/11/2011 11:24:16 - (not logged in) (81.164.72.140)> PASS ******
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 230 Logged on
(000264) 11/11/2011 11:24:16 - (not logged in) (81.164.72.140)> Connected, sending welcome message...
(000264) 11/11/2011 11:24:16 - (not logged in) (81.164.72.140)> USER benny
(000264) 11/11/2011 11:24:16 - (not logged in) (81.164.72.140)> 331 Password required for benny
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> SYST
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 215 UNIX emulated by FileZilla
(000264) 11/11/2011 11:24:16 - (not logged in) (81.164.72.140)> PASS ******
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 230 Logged on
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> TYPE A
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 200 Type set to A
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> SYST
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 215 UNIX emulated by FileZilla
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> REST 1
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 350 Rest supported. Restarting at 1
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> TYPE A
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 200 Type set to A
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> REST 0
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 350 Rest supported. Restarting at 0
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> REST 1
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 350 Rest supported. Restarting at 1
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> FEAT
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 211-Features:
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> MDTM
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> REST STREAM
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> SIZE
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> MLST type*;size*;modify*;
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> MLSD
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> UTF8
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> CLNT
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> MFMT
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 211 End
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> REST 0
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 350 Rest supported. Restarting at 0
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> FEAT
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 211-Features:
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> MDTM
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> REST STREAM
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> SIZE
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> MLST type*;size*;modify*;
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> MLSD
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> UTF8
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> CLNT
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> MFMT
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 211 End
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> CLNT FTP Rush 2.1.8U
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 200 Don't care
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> OPTS UTF8 ON
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 200 UTF8 mode enabled
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> CLNT FTP Rush 2.1.8U
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 200 Don't care
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> PWD
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 257 "/" is current directory.
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> OPTS UTF8 ON
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 200 UTF8 mode enabled
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> PWD
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 257 "/" is current directory.
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> CWD /install/
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 250 CWD successful. "/install" is current directory.
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> PWD
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 257 "/install" is current directory.
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> PASV
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 227 Entering Passive Mode (178,18,129,148,6,254)
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> MLSD
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 150 Connection accepted
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 226 Transfer OK
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> SIZE config (7).zip
(000264) 11/11/2011 11:24:16 - benny (81.164.72.140)> 550 File not found
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> TYPE I
(000263) 11/11/2011 11:24:16 - bennytest (81.164.72.140)> 200 Type set to I
(000264) 11/11/2011 11:24:17 - benny (81.164.72.140)> TYPE I
(000264) 11/11/2011 11:24:17 - benny (81.164.72.140)> 200 Type set to I
(000263) 11/11/2011 11:24:17 - bennytest (81.164.72.140)> PASV
(000263) 11/11/2011 11:24:17 - bennytest (81.164.72.140)> 227 Entering Passive Mode (178,18,129,148,6,255)
(000264) 11/11/2011 11:24:17 - benny (81.164.72.140)> PORT 178,18,129,148,6,255
(000264) 11/11/2011 11:24:17 - benny (81.164.72.140)> 200 Port command successful
(000264) 11/11/2011 11:24:17 - benny (81.164.72.140)> STOR config (7).zip
(000264) 11/11/2011 11:24:17 - benny (81.164.72.140)> 150 Opening data channel for file transfer.
(000263) 11/11/2011 11:24:17 - bennytest (81.164.72.140)> RETR config (7).zip
(000264) 11/11/2011 11:24:27 - benny (81.164.72.140)> 425 Can't open data connection.
(000263) 11/11/2011 11:24:27 - bennytest (81.164.72.140)> 425 Can't open data connection.
(000264) 11/11/2011 11:24:27 - benny (81.164.72.140)> ABOR
(000264) 11/11/2011 11:24:27 - benny (81.164.72.140)> 226 ABOR command successful
(000263) 11/11/2011 11:24:27 - bennytest (81.164.72.140)> disconnected.
(000264) 11/11/2011 11:24:28 - benny (81.164.72.140)> disconnected.
(000262) 11/11/2011 11:24:28 - benny (81.164.72.140)> PASV
(000262) 11/11/2011 11:24:28 - benny (81.164.72.140)> 227 Entering Passive Mode (178,18,129,148,7,0)
(000261) 11/11/2011 11:24:28 - bennytest (81.164.72.140)> PASV
(000261) 11/11/2011 11:24:28 - bennytest (81.164.72.140)> 227 Entering Passive Mode (178,18,129,148,7,1)
(000262) 11/11/2011 11:24:28 - benny (81.164.72.140)> MLSD
(000262) 11/11/2011 11:24:28 - benny (81.164.72.140)> 150 Connection accepted
(000262) 11/11/2011 11:24:28 - benny (81.164.72.140)> 226 Transfer OK
(000261) 11/11/2011 11:24:28 - bennytest (81.164.72.140)> MLSD
(000261) 11/11/2011 11:24:28 - bennytest (81.164.72.140)> 150 Connection accepted
(000261) 11/11/2011 11:24:28 - bennytest (81.164.72.140)> 226 Transfer OK


Is there any solution to get this working behind a NAT device ?
would it work when i connect the server direct to the internet without a NAT device ?

[boco]

Is there any solution to get this working behind a NAT device ?

The problem is the NAT separates two different networks: The internet (everything outside the router, public IPs) and the server's local area network (LAN, with the internal IPs). Because of that separation, the NAT device is also called a gateway.

Now the public IPs do not work in LAN and vice versa. You see both the PORT and the PASV reply communicate the public IP. But connecting to itself is a LAN/localhost connection, and so public IPs are invalid.

You could do a test:
1. Make sure the ''Don't use external IP for local connections'' option in FZ Server's Passive settings is enabled.
2. Configure the client not to send the public IP with the port command, but 127.0.0.1 instead (the localhost IP).
3. If FZ server receives that IP it will reply with its local/localhost IP.