Hi:
I am trying to access a FTP site that require Secure SSL Implicit using port 990, but I have hit a problem. It seems that the site has a non-valid security certificate, and this is not enabling me to access the site.
I have connected with FireFtp (which allows me to create a security exception) and FileZilla which also warns about the invalid certificate. I have also connected with a 3rd party FTP component (Limilabs), and can indicate upon connecting what action I should take if an invalid certificate is found.
The problem I have with Dopus is that I can access the site, but it seems to be in an endless loop (I'm presuming because of the bad certificate). Here is the log:
Abriendo Conexión ftp01.indra.es:990
220 FTP
331 Enter password
230-User logged in
Welcome to FTP Corporative.
230 User logged in
200 PBSZ=0
200 PRIVATE data channel protection level set
215 UNIX
211-Extensions supported
SIZE
XMD5
XSHA1
XSHA256
XSHA512
XQUOTA
LANG EN, ES, FR, GE
MDTM
MLST size*;type*;perm*;create*;modify*;
REST STREAM
TVFS
UTF8
AUTH SSL;TLS-P;
PBSZ
PROT C;P;
211 end
200 Command OPTS succeed
200 Command OPTS succeed
200 Transfer mode set to ASCII
257 "/" is current directory
250 Command CWD succeed
257 "/" is current directory
227 Entering Passive Mode (172,22,241,183,0,21).
FD_CONNECT - WSAETIMEDOUT: Connection timed out
550 Command PORT failed
Can I change anything in the configuration to allow me access?
Here is the log from FileZilla:
Status: Resolving address of ftp.mysupplier.com
Status: Connecting to 94.126.241.183:990...
Status: Connection established, initializing TLS...
Status: Verifying certificate...
Status: TLS/SSL connection established, waiting for welcome message...
Response: 220 FTP
Command: USER
Response: 331 Enter password
Command: PASS *****
Response: 230-User logged in
Response: Welcome to FTP Corporative.
Response: 230 User logged in
Command: SYST
Response: 215 UNIX
Command: FEAT
Response: 211-Extensions supported
Response: SIZE
Response: XMD5
Response: XSHA1
Response: XSHA256
Response: XSHA512
Response: XQUOTA
Response: LANG EN, ES, FR, GE
Response: MDTM
Response: MLST size*;type*;perm*;create*;modify*;
Response: REST STREAM
Response: TVFS
Response: UTF8
Response: AUTH SSL;TLS-P;
Response: PBSZ
Response: PROT C;P;
Response: 211 end
Command: PBSZ 0
Response: 200 PBSZ=0
Command: PROT P
Response: 200 PRIVATE data channel protection level set
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory
Command: TYPE I
Response: 200 Transfer mode set to BINARY
Command: PASV
Response: 227 Entering Passive Mode (172,22,241,183,0,21).
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: LIST
Response: 125 Transferring directory
Here is the log from FireFtp:
FireFTP 2.0.7 'Nature Boy' designed by Mime Cuvalo in Croatia
220 FTP
PBSZ 0
200 PBSZ=0
USER
331 Enter password
PASS (password not shown)
230-User logged in
Welcome to FTP Corporative.
230 User logged in
FEAT
211-Extensions supported
SIZE
XMD5
XSHA1
XSHA256
XSHA512
XQUOTA
LANG EN, ES, FR, GE
MDTM
MLST size*;type*;perm*;create*;modify*;
REST STREAM
TVFS
UTF8
AUTH SSL;TLS-P;
PBSZ
PROT C;P;
211 end
OPTS UTF8 ON
200 Command OPTS succeed
PWD
257 "/" is current directory
TYPE A
200 Transfer mode set to ASCII
PROT P
200 PRIVATE data channel protection level set
PASV
227 Entering Passive Mode (172,22,241,183,3,222).
LIST
125 Transferring directory
226 Transfer completed
I gave created a security exception for FireFtp because the certificate is not valid. See attachment.
Filezilla notices that IP is the wrong one somehow:
Maybe FireFtp also notices, or maybe it always reconnects to the server's real IP and ignores everything but the port information in the PASV response.
Opus doesn't seem to be detecting the IP as unroutable and tries to connect to it, which fails.
That 172.22.241.183 address is presumably the server's IP on an internal network and not its internet-facing IP. From my understanding of the FTP protocol, the server should not be giving its internal IP (it's meaningless to anything that isn't on the same internal network) in reply to the PASV command; it should be giving its external, internet-facing IP.
By the way, Opus does try to detect non-routable IPs here. I just checked with a server I have access to which (incorrectly) reports its internal IP address (one in the 192.168.1.x range which is only for internal networks and never routable over the Internet) and Opus detects that and uses the server's IP instead. So it seems like a combination of both the server not reporting the correct IP and the server's internal IP being an unusual one that not everything will detect as non-routable. (Indeed, I can try to ping and tracert it and my machine will happily give it a try before eventually timing out as there doesn't seem to be anything at the other end of that IP on the internet.)
Long story short: My guess is that the server's configuration needs to be changed so that it gives out its external IP when replying to the PASV command.