FTPS connection failing, I think due to server broadcasting non-routable IP address

0 votes
asked Mar 9 by fdrdnadkdc (160 points)

I'm trying to connect to an end user FTP site using SSL, but they don't have their server configured correctly, so the data connection fails - active or passive, and the IP it returns is a 10.x.x.x IP. FileZilla will notice this and drop back to using the original IP address for the command connection. Is there anyway that I can have the Rebex library do the same? Or use an IP that I specify?

Thanks.

Applies to: Rebex FTP/SSL

1 Answer

+1 vote
answered Mar 9 by Lukas Matyska (36,240 points)
selected Mar 10 by fdrdnadkdc
 
Best answer

Yes, please set the Ftp.Settings.IgnorePassiveModeAddress to true.
This will use the server's IP instead of the announced 10.x.x.x one.

commented Mar 9 by Lukas Matyska (36,240 points)
Actually, Rebex FTP also implements this workaround. It should be triggered automatically. Can you please post here or send us the communication log to support@rebex.net, so we can diagnose the problem, why it was not triggered? The log can be done like this: http://www.rebex.net/kb/logging/default.aspx
commented Mar 10 by fdrdnadkdc (160 points)
Actually the above worked to get me past the error, then I had to fix the hostname to have it agree with the certificate, but now I'm faced with what seems to be a similar issue in the opposite direction:

2017-03-10 09:47:54.809 Opening log file.
2017-03-10 09:47:54.840 INFO Ftp(1)[16] Info: Connecting to --snip--:990 using Ftp 4.0.4700.0.
2017-03-10 09:47:54.840 INFO Ftp(1)[16] Info: Using proxy none.
2017-03-10 09:47:55.230 DEBUG Ftp(1)[16] Info: Connection succeeded.
2017-03-10 09:47:55.230 DEBUG Ftp(1)[16] Info: Upgrading control connection to TLS/SSL.
2017-03-10 09:47:55.292 INFO Ftp(1)[16] TLS: State StateChange:Negotiating
2017-03-10 09:47:55.292 DEBUG Ftp(1)[16] TLS: HandshakeMessage:ClientHello was sent.
2017-03-10 09:47:55.635 DEBUG Ftp(1)[16] TLS: HandshakeMessage:ServerHello was received.
2017-03-10 09:47:55.651 DEBUG Ftp(1)[16] TLS: HandshakeMessage:Certificate was received.
2017-03-10 09:47:55.651 DEBUG Ftp(1)[16] TLS: HandshakeMessage:ServerHelloDone was received.
2017-03-10 09:47:55.651 DEBUG Ftp(1)[16] TLS: Verifying server certificate --snip--
2017-03-10 09:47:55.713 DEBUG Ftp(1)[16] TLS: Certificate verification result: Accept
2017-03-10 09:47:55.776 DEBUG Ftp(1)[16] TLS: HandshakeMessage:ClientKeyExchange was sent.
2017-03-10 09:47:55.791 DEBUG Ftp(1)[16] TLS: CipherSpec:ChangeCipherSpec was sent.
2017-03-10 09:47:55.807 DEBUG Ftp(1)[16] TLS: HandshakeMessage:Finished was sent.
2017-03-10 09:47:55.963 DEBUG Ftp(1)[16] TLS: CipherSpec:ChangeCipherSpec was received.
2017-03-10 09:47:55.979 DEBUG Ftp(1)[16] TLS: HandshakeMessage:Finished was received.
2017-03-10 09:47:55.979 INFO Ftp(1)[16] TLS: State StateChange:Secured
2017-03-10 09:47:55.979 INFO Ftp(1)[16] TLS: Connection secured using cipher: TLS 1.0, RSA, 128bit AES in CBC mode, SHA1
2017-03-10 09:47:55.979 DEBUG Ftp(1)[16] TLS: Session ID:
 0000 |CD-31-00-00-E7-4F-AF-0D 90-34-8F-3F-A5-CA-E3-31| .1...O...4.?...1
 0010 |CC-F7-AC-8C-8F-2E-35-0B B2-CB-17-31-8C-C1-5D-C8| ......5....1..].
2017-03-10 09:47:55.979 DEBUG Ftp(1)[16] Info: Control connection upgraded to TLS/SSL.
2017-03-10 09:47:55.994 INFO Ftp(1)[16] Response: 220 Microsoft FTP Service
2017-03-10 09:47:56.025 INFO Ftp(1)[16] Command: USER --snip--
2017-03-10 09:47:56.181 INFO Ftp(1)[16] Response: 331 Password required for --snip--
2017-03-10 09:47:56.181 INFO Ftp(1)[16] Command: PASS ********
2017-03-10 09:47:56.337 INFO Ftp(1)[16] Response: 230 User logged in.
2017-03-10 09:47:56.337 INFO Ftp(1)[16] Command: FEAT
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response: 211-Extended features supported:
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response:  LANG EN*
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response:  UTF8
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response:  AUTH TLS;TLS-C;SSL;TLS-P;
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response:  PBSZ
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response:  PROT C;P;
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response:  CCC
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response:  HOST
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response:  SIZE
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response:  MDTM
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response:  REST STREAM
2017-03-10 09:47:56.493 INFO Ftp(1)[16] Response: 211 END
2017-03-10 09:47:56.509 INFO Ftp(1)[16] Command: OPTS UTF8 ON
2017-03-10 09:47:56.665 INFO Ftp(1)[16] Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
2017-03-10 09:47:56.712 DEBUG Ftp(1)[16] Info: Starting data transfer.
2017-03-10 09:47:56.712 INFO Ftp(1)[16] Command: PBSZ 0
2017-03-10 09:47:56.868 INFO Ftp(1)[16] Response: 200 PBSZ command successful.
2017-03-10 09:47:56.868 INFO Ftp(1)[16] Command: PROT P
2017-03-10 09:47:57.024 INFO Ftp(1)[16] Response: 200 PROT command successful.
2017-03-10 09:47:57.024 INFO Ftp(1)[16] Command: TYPE I
2017-03-10 09:47:57.180 INFO Ftp(1)[16] Response: 200 Type set to I.
2017-03-10 09:47:57.180 DEBUG Ftp(1)[16] Info: Accepting data connection.
2017-03-10 09:47:57.211 INFO Ftp(1)[16] Command: PORT 192,168,1,14,208,90
2017-03-10 09:47:57.367 INFO Ftp(1)[16] Response: 501 Server cannot accept argument.
2017-03-10 09:47:57.367 DEBUG Ftp(1)[16] Info: Error while starting data transfer: Rebex.Net.FtpException: Server cannot accept argument (501).
   at Rebex.Net.Ftp.1SAJuN(Int32 , Boolean )
   at Rebex.Net.Ftp.ykKHPZ(EndPoint )
   at Rebex.Net.Ftp.2aYAeNZ(String , Boolean , OTxlj , Int64 , String , String , Int64 , FtpTransferState )
2017-03-10 09:47:57.367 DEBUG Ftp(1)[16] Info: Error while initializing data connection.
2017-03-10 09:47:57.367 ERROR Ftp(1)[16] Info: Rebex.Net.FtpException: Server cannot accept argument (501).
   at Rebex.Net.Ftp.1SAJuN(Int32 , Boolean )
   at Rebex.Net.Ftp.ykKHPZ(EndPoint )
   at Rebex.Net.Ftp.2aYAeNZ(String , Boolean , OTxlj , Int64 , String , String , Int64 , FtpTransferState )
   at Rebex.Net.Ftp.2aYAeNZ(String , Boolean , OTxlj , 27NpLhZ , Int64 , FtpTransferState )
   at Rebex.Net.Ftp.1Qy0ja(String , String , Stream , Int64 , Int64 , 27NpLhZ )
commented Mar 10 by Lukas Matyska (36,240 points)
To specify IP address for active mode, please use the `Ftp.DataAddress` property. To limit the local port range use the `Ftp.DataPortRange` property.
commented Mar 10 by fdrdnadkdc (160 points)
How embarrassing. My code was still set to active, which I was trying during testing...

Thank you for your time and patience.
...