FTP Passive Mode Issue with "MasqueradeAddress" in proftpd

Advertisement

optimanet
Joined:
Posts:
1

FTP Passive Mode Issue with "MasqueradeAddress" in proftpd

hello,

i am managing several proftpd services in NAT-environment.
in proftpd.conf i define public IP with "MasqueradeAddress" option.
now, in WINSCP passive connections do not work anymore:

. 2016-04-25 10:05:16.489 Connected
. 2016-04-25 10:05:16.489 Doing startup conversation with host.
> 2016-04-25 10:05:16.541 PWD
< 2016-04-25 10:05:16.559 257 "/" is the current directory
. 2016-04-25 10:05:16.559 Getting current directory name.
. 2016-04-25 10:05:16.694 Retrieving directory listing...
> 2016-04-25 10:05:16.694 TYPE A
< 2016-04-25 10:05:16.711 200 Type set to A
> 2016-04-25 10:05:16.711 PASV
. 2016-04-25 10:05:17.030 Disconnected from server
. 2016-04-25 10:05:17.030 Could not retrieve directory listing
* 2016-04-25 10:05:17.153 (EFatal) **Lost connection.**
* 2016-04-25 10:05:17.153 Disconnected from server
* 2016-04-25 10:05:17.153 Could not retrieve directory listing
* 2016-04-25 10:05:17.153 Error listing directory '/'.


in other clients (eg. filezilla) everything works fine;
what could be the root cause for this issue?


thank you,
andy

Reply with quote

Advertisement

Guest

log from winscp:

. 2016-04-25 11:26:59.460 --------------------------------------------------------------------------
. 2016-04-25 11:26:59.460 WinSCP Version 5.7.7 (Build 6257) (OS 10.0.10586 - Windows 10 Pro)
. 2016-04-25 11:26:59.460 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2016-04-25 11:26:59.460 Log level: Normal
. 2016-04-25 11:26:59.460 Local account: ******
. 2016-04-25 11:26:59.460 Working directory: C:\Program Files (x86)\WinSCP
. 2016-04-25 11:26:59.460 Process ID: 3568
. 2016-04-25 11:26:59.460 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2016-04-25 11:26:59.460 Time zone: Current: GMT+2, Standard: GMT+1 (Mitteleuropäische Zeit), DST: GMT+2 (Mitteleuropäische Sommerzeit), DST Start: 27.03.2016, DST End: 30.10.2016
. 2016-04-25 11:26:59.460 Login time: Montag, 25. April 2016 11:26:59
. 2016-04-25 11:26:59.460 --------------------------------------------------------------------------
. 2016-04-25 11:26:59.460 Session name: ******
. 2016-04-25 11:26:59.460 Host name: ****** (Port: 21)
. 2016-04-25 11:26:59.460 User name: ****** (Password: Yes, Key file: No)
. 2016-04-25 11:26:59.460 Transfer Protocol: FTP
. 2016-04-25 11:26:59.460 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2016-04-25 11:26:59.460 Disable Nagle: No
. 2016-04-25 11:26:59.460 Proxy: none
. 2016-04-25 11:26:59.460 Send buffer: 262144
. 2016-04-25 11:26:59.460 UTF: 2
. 2016-04-25 11:26:59.460 FTP: FTPS: None; Passive: Yes [Force IP: +]; MLSD: A [List all: A]
. 2016-04-25 11:26:59.460 Local directory: default, Remote directory: home, Update: No, Cache: No
. 2016-04-25 11:26:59.460 Cache directory changes: No, Permanent: Yes
. 2016-04-25 11:26:59.460 Timezone offset: 0h 0m
. 2016-04-25 11:26:59.460 --------------------------------------------------------------------------
. 2016-04-25 11:26:59.539 Connecting to ****** ...
. 2016-04-25 11:26:59.544 Connected with ******. Waiting for welcome message...
< 2016-04-25 11:26:59.640 220 ProFTPD 1.3.5a Server (ProFTPD) [******]
> 2016-04-25 11:26:59.640 HOST ******
< 2016-04-25 11:26:59.677 500 HOST not understood
> 2016-04-25 11:26:59.677 USER ******
< 2016-04-25 11:26:59.740 331 Password required for ******
> 2016-04-25 11:26:59.740 PASS **********
< 2016-04-25 11:26:59.809 230 User ******0 logged in
> 2016-04-25 11:26:59.809 SYST
< 2016-04-25 11:26:59.867 215 UNIX Type: L8
> 2016-04-25 11:26:59.867 FEAT
< 2016-04-25 11:26:59.920 211-Features:
< 2016-04-25 11:26:59.920 MDTM
< 2016-04-25 11:26:59.920 SSCN
< 2016-04-25 11:26:59.920 TVFS
< 2016-04-25 11:26:59.920 MFMT
< 2016-04-25 11:26:59.920 SIZE
< 2016-04-25 11:26:59.920 PROT
< 2016-04-25 11:26:59.920 CCC
< 2016-04-25 11:26:59.920 PBSZ
< 2016-04-25 11:26:59.920 AUTH TLS
< 2016-04-25 11:26:59.920 MFF modify;UNIX.group;UNIX.mode;
< 2016-04-25 11:26:59.920 REST STREAM
< 2016-04-25 11:26:59.920 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
< 2016-04-25 11:26:59.920 LANG en-US.UTF-8*
< 2016-04-25 11:26:59.920 UTF8
< 2016-04-25 11:26:59.920 EPRT
< 2016-04-25 11:26:59.920 EPSV
< 2016-04-25 11:26:59.920 211 End
> 2016-04-25 11:26:59.920 OPTS UTF8 ON
< 2016-04-25 11:27:00.050 200 UTF8 set to on
. 2016-04-25 11:27:00.198 Connected
. 2016-04-25 11:27:00.198 --------------------------------------------------------------------------
. 2016-04-25 11:27:00.198 Using FTP protocol.
. 2016-04-25 11:27:00.198 Doing startup conversation with host.
> 2016-04-25 11:27:00.259 PWD
< 2016-04-25 11:27:00.331 257 "/" is the current directory
. 2016-04-25 11:27:00.340 Getting current directory name.
. 2016-04-25 11:27:00.517 Retrieving directory listing...
> 2016-04-25 11:27:00.517 TYPE A
< 2016-04-25 11:27:00.581 200 Type set to A
> 2016-04-25 11:27:00.581 PASV
. 2016-04-25 11:27:00.940 Disconnected from server
. 2016-04-25 11:27:00.940 Could not retrieve directory listing
* 2016-04-25 11:27:01.070 (EFatal) **Lost connection.**
* 2016-04-25 11:27:01.070 Disconnected from server
* 2016-04-25 11:27:01.070 Could not retrieve directory listing
* 2016-04-25 11:27:01.070 Error listing directory '/'.




log from filezilla:

Status: Auflösen der IP-Adresse für ******
Status: Verbinde mit ******:21...
Status: Verbindung hergestellt, warte auf Willkommensnachricht...
Status: Initialisiere TLS...
Status: Überprüfe Zertifikat...
Status: TLS-Verbindung hergestellt.
Status: Angemeldet
Status: Empfange Verzeichnisinhalt...
Status: Anzeigen des Verzeichnisinhalts für "/" abgeschlossen
Status: Empfange Verzeichnisinhalt für "/httpdocs"...
Status: Anzeigen des Verzeichnisinhalts für "/httpdocs" abgeschlossen

Reply with quote

martin
Site Admin
martin avatar

A real log file from FileZilla please, not the message log from GUI.

Though one obvious difference is that you use FTPS (FTP over TLS/SSL) in FileZilla, while plain FTP in WinSCP. Try FTPS in WinSCP too.

Reply with quote

Advertisement

Guest

hello,

logfile snippet from filezilla:

2016-04-28 08:57:02 5068 1 Status: Auflösen der IP-Adresse für <hostname>
2016-04-28 08:57:02 5068 1 Status: Verbinde mit <publicIP>:21...
2016-04-28 08:57:02 5068 1 Status: Verbindung hergestellt, warte auf Willkommensnachricht...
2016-04-28 08:57:02 5068 1 Antwort: 220 ProFTPD 1.3.5a Server (ProFTPD) [<publicIP>]
2016-04-28 08:57:02 5068 1 Befehl: AUTH TLS
2016-04-28 08:57:02 5068 1 Antwort: 234 AUTH TLS successful
2016-04-28 08:57:02 5068 1 Status: Initialisiere TLS...
2016-04-28 08:57:02 5068 1 Status: Überprüfe Zertifikat...
2016-04-28 08:57:05 5068 1 Status: TLS-Verbindung hergestellt.
2016-04-28 08:57:05 5068 1 Befehl: USER <user>
2016-04-28 08:57:05 5068 1 Antwort: 331 Password required for <user>
2016-04-28 08:57:05 5068 1 Befehl: PASS **********
2016-04-28 08:57:05 5068 1 Antwort: 230 User <user> logged in
2016-04-28 08:57:05 5068 1 Befehl: SYST
2016-04-28 08:57:05 5068 1 Antwort: 215 UNIX Type: L8
2016-04-28 08:57:05 5068 1 Befehl: FEAT
2016-04-28 08:57:05 5068 1 Antwort: 211-Features:
2016-04-28 08:57:05 5068 1 Antwort: CCC
2016-04-28 08:57:05 5068 1 Antwort: PBSZ
2016-04-28 08:57:05 5068 1 Antwort: AUTH TLS
2016-04-28 08:57:05 5068 1 Antwort: MFF modify;UNIX.group;UNIX.mode;
2016-04-28 08:57:05 5068 1 Antwort: REST STREAM
2016-04-28 08:57:05 5068 1 Antwort: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
2016-04-28 08:57:05 5068 1 Antwort: LANG en-US.UTF-8*
2016-04-28 08:57:05 5068 1 Antwort: UTF8
2016-04-28 08:57:05 5068 1 Antwort: EPRT
2016-04-28 08:57:05 5068 1 Antwort: EPSV
2016-04-28 08:57:05 5068 1 Antwort: MDTM
2016-04-28 08:57:05 5068 1 Antwort: SSCN
2016-04-28 08:57:05 5068 1 Antwort: TVFS
2016-04-28 08:57:05 5068 1 Antwort: MFMT
2016-04-28 08:57:05 5068 1 Antwort: SIZE
2016-04-28 08:57:05 5068 1 Antwort: PROT
2016-04-28 08:57:05 5068 1 Antwort: 211 End
2016-04-28 08:57:05 5068 1 Befehl: OPTS UTF8 ON
2016-04-28 08:57:05 5068 1 Antwort: 200 UTF8 set to on
2016-04-28 08:57:05 5068 1 Befehl: PBSZ 0
2016-04-28 08:57:05 5068 1 Antwort: 200 PBSZ 0 successful
2016-04-28 08:57:05 5068 1 Befehl: PROT P
2016-04-28 08:57:05 5068 1 Antwort: 200 Protection set to Private
2016-04-28 08:57:05 5068 1 Status: Angemeldet
2016-04-28 08:57:05 5068 1 Status: Empfange Verzeichnisinhalt...
2016-04-28 08:57:05 5068 1 Befehl: PWD
2016-04-28 08:57:05 5068 1 Antwort: 257 "/" is the current directory
2016-04-28 08:57:05 5068 1 Befehl: TYPE I
2016-04-28 08:57:05 5068 1 Antwort: 200 Type set to I
2016-04-28 08:57:05 5068 1 Befehl: PASV
2016-04-28 08:57:05 5068 1 Antwort: 227 Entering Passive Mode (pu,blic,IP,address,213,226).
2016-04-28 08:57:05 5068 1 Befehl: MLSD
2016-04-28 08:57:05 5068 1 Antwort: 150 Opening BINARY mode data connection for MLSD
2016-04-28 08:57:05 5068 1 Antwort: 226 Transfer complete
2016-04-28 08:57:05 5068 1 Status: Anzeigen des Verzeichnisinhalts für "/" abgeschlossen


i tried FTPs in WinSCP (explicit encryption) and this works like a charm, too.
but i do not understand, why there is a differenece regarding directory listing for FTP and FTPs?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Anonymous wrote:

i tried FTPs in WinSCP (explicit encryption) and this works like a charm, too.
but i do not understand, why there is a differenece regarding directory listing for FTP and FTPs?
There's no difference. Though what can make the difference is a broken firewall/NAT on the way. With a plain FTP, the firewall/NAT can try to manipulate (and possibly break) the FTP connection. With encryption, it cannot do that. Though that's just a wild guess.

Reply with quote

Advertisement

You can post new topics in this forum