mazix Posted May 10, 2013 Share Posted May 10, 2013 PASV Ftp isn't working from Filezilla client to Heliohost Ftp svr.Control connection (client to svr tcp 21) works but data connection (client to svr, tcp random ports (37291-->16725)) gets no ack / response.Filezilla is configured to make this session with explicit Ftps (Ftp + Tls). Presumeably Heliohost supports Ftp + Tls because the Ftp configuration guidance states "FTP & explicit FTPS port: 21" : Manual Settings FTP username: [b]champ1@mazix.heliohost.org[/b] FTP server: [b]ftp.mazix.heliohost.org[/b] FTP & explicit FTPS port: [b]21[/b] Outbound high Tcp ports are open on local (client and network) firewalls ; it's not a local firewall issue.So, why doesn't the data connection work with Ftp + Tls ??? Only similar forum thread about Ftps was from 2011 : http://www.helionet....?showtopic=8599No resolution there of the Ftps failure problem ; the OP just reverted to standard Ftp. Data connection works Ok with standard Ftp (without tls) ...No. Time Source Destination Protocol Length Info 20 1.215407000 192.168.2.127 64.62.211.131 TCP 74 35163 > 21 [PSH, ACK] Seq=52 Ack=401 Win=15616 Len=8 TSval=173285309 TSecr=3948722504 21 1.284614000 64.62.211.131 192.168.2.127 TCP 96 21 > 35163 [PSH, ACK] Seq=401 Ack=60 Win=5888 Len=30 TSval=3948722577 TSecr=173285309 22 1.286309000 192.168.2.127 64.62.211.131 TCP 72 35163 > 21 [PSH, ACK] Seq=60 Ack=431 Win=15616 Len=6 TSval=173285326 TSecr=3948722577 23 1.392264000 64.62.211.131 192.168.2.127 TCP 115 21 > 35163 [PSH, ACK] Seq=431 Ack=66 Win=5888 Len=49 TSval=3948722683 TSecr=173285326 24 1.394189000 192.168.2.127 64.62.211.131 TCP 72 35163 > 21 [PSH, ACK] Seq=66 Ack=480 Win=15616 Len=6 TSval=173285353 TSecr=3948722683 25 1.397891000 192.168.2.127 64.62.211.131 TCP 74 58606 > 13072 [sYN] Seq=0 Win=14520 Len=0 MSS=1452 SACK_PERM=1 TSval=173285354 TSecr=0 WS=2 26 1.495906000 64.62.211.131 192.168.2.127 TCP 74 13072 > 58606 [sYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1452 SACK_PERM=1 TSval=3948722789 TSecr=173285354 WS=128 27 1.495982000 192.168.2.127 64.62.211.131 TCP 66 58606 > 13072 [ACK] Seq=1 Ack=1 Win=14520 Len=0 TSval=173285379 TSecr=3948722789 28 1.523899000 64.62.211.131 192.168.2.127 TCP 66 21 > 35163 [ACK] Seq=480 Ack=72 Win=5888 Len=0 TSval=3948722816 TSecr=173285353 29 1.576659000 64.62.211.131 192.168.2.127 TCP 96 21 > 35163 [PSH, ACK] Seq=480 Ack=72 Win=5888 Len=30 TSval=3948722869 TSecr=173285353 30 1.615285000 192.168.2.127 64.62.211.131 TCP 66 35163 > 21 [ACK] Seq=72 Ack=510 Win=15616 Len=0 TSval=173285409 TSecr=3948722869 31 1.755920000 64.62.211.131 192.168.2.127 TCP 287 13072 > 58606 [PSH, ACK] Seq=1 Ack=1 Win=5888 Len=221 TSval=3948723048 TSecr=173285379 32 1.755992000 192.168.2.127 64.62.211.131 TCP 66 58606 > 13072 [ACK] Seq=1 Ack=222 Win=15592 Len=0 TSval=173285444 TSecr=3948723048 33 1.759572000 64.62.211.131 192.168.2.127 TCP 66 13072 > 58606 [FIN, ACK] Seq=222 Ack=1 Win=5888 Len=0 TSval=3948723048 TSecr=173285379 34 1.761310000 192.168.2.127 64.62.211.131 TCP 66 58606 > 13072 [FIN, ACK] Seq=1 Ack=223 Win=15592 Len=0 TSval=173285445 TSecr=3948723048 35 1.767077000 64.62.211.131 192.168.2.127 TCP 108 21 > 35163 [PSH, ACK] Seq=510 Ack=72 Win=5888 Len=42 TSval=3948723048 TSecr=173285409 36 1.767138000 192.168.2.127 64.62.211.131 TCP 66 35163 > 21 [ACK] Seq=72 Ack=552 Win=15616 Len=0 TSval=173285446 TSecr=3948723048 37 1.836654000 64.62.211.131 192.168.2.127 TCP 66 13072 > 58606 [ACK] Seq=223 Ack=2 Win=5888 Len=0 TSval=3948723129 TSecr=173285445 51 7.075295000 192.168.2.127 64.62.211.131 TCP 66 35163 > 21 [FIN, ACK] Seq=72 Ack=552 Win=15616 Len=0 TSval=173286774 TSecr=3948723048 52 7.151838000 64.62.211.131 192.168.2.127 TCP 79 21 > 35163 [PSH, ACK] Seq=552 Ack=73 Win=5888 Len=13 TSval=3948728443 TSecr=173286774 53 7.151913000 192.168.2.127 64.62.211.131 TCP 54 35163 > 21 [RST] Seq=73 Win=0 Len=0 But, doesn't work with ftp + tls.No. Time Source Destination Protocol Length Info 42 8.082758000 192.168.2.127 64.62.211.131 TCP 327 34941 > 21 [PSH, ACK] Seq=886 Ack=2492 Win=21376 Len=261 TSval=172876356 TSecr=3947086687 43 8.157563000 64.62.211.131 192.168.2.127 TCP 135 21 > 34941 [PSH, ACK] Seq=2492 Ack=1147 Win=11264 Len=69 TSval=3947086766 TSecr=172876356 44 8.158045000 192.168.2.127 64.62.211.131 TCP 279 34941 > 21 [PSH, ACK] Seq=1147 Ack=2561 Win=21376 Len=213 TSval=172876375 TSecr=3947086766 45 8.229019000 64.62.211.131 192.168.2.127 TCP 135 21 > 34941 [PSH, ACK] Seq=2561 Ack=1360 Win=12288 Len=69 TSval=3947086837 TSecr=172876375 46 8.234438000 192.168.2.127 64.62.211.131 TCP 263 34941 > 21 [PSH, ACK] Seq=1360 Ack=2630 Win=21376 Len=197 TSval=172876394 TSecr=3947086837 47 8.309626000 64.62.211.131 192.168.2.127 TCP 151 21 > 34941 [PSH, ACK] Seq=2630 Ack=1557 Win=13312 Len=85 TSval=3947086918 TSecr=172876394 48 8.311379000 192.168.2.127 64.62.211.131 TCP 295 34941 > 21 [PSH, ACK] Seq=1557 Ack=2715 Win=21376 Len=229 TSval=172876413 TSecr=3947086918 49 8.316885000 192.168.2.127 64.62.211.131 TCP 74 37291 > 16725 [sYN] Seq=0 Win=14520 Len=0 MSS=1452 SACK_PERM=1 TSval=172876415 TSecr=0 WS=2 50 8.420653000 64.62.211.131 192.168.2.127 TCP 66 21 > 34941 [ACK] Seq=2715 Ack=1786 Win=14464 Len=0 TSval=3947087029 TSecr=172876413 53 9.315988000 192.168.2.127 64.62.211.131 TCP 74 37291 > 16725 [sYN] Seq=0 Win=14520 Len=0 MSS=1452 SACK_PERM=1 TSval=172876665 TSecr=0 WS=2 56 11.320058000 192.168.2.127 64.62.211.131 TCP 74 37291 > 16725 [sYN] Seq=0 Win=14520 Len=0 MSS=1452 SACK_PERM=1 TSval=172877166 TSecr=0 WS=2 60 15.327996000 192.168.2.127 64.62.211.131 TCP 74 37291 > 16725 [sYN] Seq=0 Win=14520 Len=0 MSS=1452 SACK_PERM=1 TSval=172878168 TSecr=0 WS=2 Link to comment Share on other sites More sharing options...
Krydos Posted May 10, 2013 Share Posted May 10, 2013 If you don't want to use FTP because of security concerns, and can't figure out how to get FTPS working, why not use SFTP on port 1373? Link to comment Share on other sites More sharing options...
mazix Posted May 10, 2013 Author Share Posted May 10, 2013 If you don't want to use FTP because of security concerns, and can't figure out how to get FTPS working, why not use SFTP on port 1373? Sftp works Ok but you only / must access the main hosting account shell, ie all folders.I need to have sub accounts - like Ftp accounts - with different default / root directories ... and a secure prootocol for users to get / put files. Link to comment Share on other sites More sharing options...
Krydos Posted May 13, 2013 Share Posted May 13, 2013 Ok, I finally got around to testing some of this stuff for you. Yes, SFTP only works for the root FTP account so that won't work for you. I set up a FTP account that only has access to one subdirectory, and successfully connected to it with FTP protocol with TLS. I tested this on both Johnny and Stevie. Here are some example settings that work with Filezilla. Just replace the portions in <> with your information: Host: ftp.<domain>.heliohost.orgPort: 21Protcol: FTPEncryption: Require explicit FTP over TLSLogon type: NormalUser: <ftpusername>@<domain>.heliohost.orgPassword: <ftppassword> The first time you connect there will be a popup asking if you want to trust the self-signed SSL certificate. Let us know if you're still having trouble connecting to FTPS. Link to comment Share on other sites More sharing options...
mazix Posted May 13, 2013 Author Share Posted May 13, 2013 With Filezilla debug setting at 'verbose' : Status: Resolving address of ftp.mazix.heliohost.orgStatus: Connecting to 64.62.211.131:21...Status: Connection established, waiting for welcome message...Trace: CFtpControlSocket::OnReceive()Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------Response: 220-You are user number 14 of 20 allowed.Response: 220-Local time is now 22:45. Server port: 21.Response: 220-This is a private system - No anonymous loginResponse: 220 You will be disconnected after 2 minutes of inactivity.Trace: CFtpControlSocket::SendNextCommand()Command: AUTH TLSTrace: CFtpControlSocket::OnReceive()Response: 234 AUTH TLS OK.Status: Initializing TLS...Trace: CTlsSocket::Handshake()Trace: CTlsSocket::ContinueHandshake()Trace: CTlsSocket::ContinueHandshake()Trace: CTlsSocket::ContinueHandshake()Trace: CTlsSocket::ContinueHandshake()Trace: TLS Handshake successfulTrace: Cipher: AES-128-CBC, MAC: SHA1Status: Verifying certificate...Trace: CFtpControlSocket::SendNextCommand()Command: USER champ1@mazix.heliohost.orgStatus: TLS/SSL connection established.Trace: CFtpControlSocket::OnReceive()Response: 331 User champ1@mazix.heliohost.org OK. Password requiredTrace: CFtpControlSocket::SendNextCommand()Command: PASS ******Trace: CFtpControlSocket::OnReceive()Response: 230 OK. Current restricted directory is /Trace: CFtpControlSocket::SendNextCommand()Command: PBSZ 0Trace: CFtpControlSocket::OnReceive()Response: 200 PBSZ=0Trace: CFtpControlSocket::SendNextCommand()Command: PROT PTrace: CFtpControlSocket::OnReceive()Response: 200 Data protection level set to "private"Status: ConnectedTrace: CFtpControlSocket::ResetOperation(0)Trace: CControlSocket::ResetOperation(0)Status: Retrieving directory listing...Trace: CFtpControlSocket::SendNextCommand()Trace: CFtpControlSocket::ChangeDirSend()Command: PWDTrace: CFtpControlSocket::OnReceive()Response: 257 "/" is your current locationTrace: CFtpControlSocket::ResetOperation(0)Trace: CControlSocket::ResetOperation(0)Trace: CFtpControlSocket::ParseSubcommandResult(0)Trace: CFtpControlSocket::ListSubcommandResult()Trace: CFtpControlSocket::SendNextCommand()Trace: CFtpControlSocket::TransferSend()Command: TYPE ITrace: CFtpControlSocket::OnReceive()Response: 200 TYPE is now 8-bit binaryTrace: CFtpControlSocket::TransferParseResponse()Trace: CFtpControlSocket::SendNextCommand()Trace: CFtpControlSocket::TransferSend()Command: PASVTrace: CFtpControlSocket::OnReceive()Response: 227 Entering Passive Mode (64,62,211,131,252,181)Trace: CFtpControlSocket::TransferParseResponse()Trace: CFtpControlSocket::SendNextCommand()Trace: CFtpControlSocket::TransferSend()Command: MLSDError: Connection timed outTrace: CFtpControlSocket::ResetOperation(2114)Trace: CControlSocket::ResetOperation(2114)Trace: CFtpControlSocket::ResetOperation(2114)Trace: CControlSocket::ResetOperation(2114)Error: Failed to retrieve directory listing Link to comment Share on other sites More sharing options...
mazix Posted May 14, 2013 Author Share Posted May 14, 2013 Where are the ftpd logs ? Link to comment Share on other sites More sharing options...
mazix Posted May 14, 2013 Author Share Posted May 14, 2013 Where are the ftpd logs ? Link to comment Share on other sites More sharing options...
Krydos Posted May 14, 2013 Share Posted May 14, 2013 What do you need the ftpd logs for? What do you need the ftpd logs for? Link to comment Share on other sites More sharing options...
mazix Posted May 23, 2013 Author Share Posted May 23, 2013 http://www.helionet....dpost__p__92025> Posted 14 May 2013 - 12:50 PM> What do you need the ftpd logs for? Since previous topic was marked solved and closed, I have to ask via private message ...oops ... can't contact via message either ...The following errors were foundThe member Krydos cannot receive any new messagesThis personal message has not been sent So, start a new thread. ---------- Would ftpd log show attempted but failed Ftp data connections ?Need some evidence at the server end to show why the Ftp data connections fail. Link to comment Share on other sites More sharing options...
Shinryuu Posted May 23, 2013 Share Posted May 23, 2013 Have you considered checking firewall settings on your network? Link to comment Share on other sites More sharing options...
Recommended Posts