0 votes
by (120 points)
edited

Hi

I am attempting to list files from an FTPS connection directory but getting the above exception. My connection code looks like:-

   private static bool FTPSInitiateConnection(string address, string ftpUsername, string ftpPassword, Rebex.Net.Ftp client)
    {
        TlsParameters par = new TlsParameters();
        par.CertificateVerifier = new FileTransferCustomVerifier();
        //par.Options |= TlsOptions.StayConnected;

        // Additional debugging information
        client.LogWriter = new Rebex.FileLogWriter(@"C:\temp\rebex.log");
        client.LogWriter.Level = Rebex.LogLevel.Verbose;

        client.TlsDebug += new FtpTlsDebugEventHandler(client_TlsDebug);
        client.CommandSent += new FtpCommandSentEventHandler(client_CommandSent);
        client.ResponseRead += new FtpResponseReadEventHandler(client_ResponseRead);
        client.Options |= FtpOptions.ConnectPassiveLater;
        client.Options |= FtpOptions.IgnorePassiveModeAddress;

        if (!string.IsNullOrWhiteSpace(_proxyAddress))
        {
            // Set the proxy if one is in use
            client.Proxy = new FtpProxy(FtpProxyType.HttpConnect, _proxyAddress, Rebex.Net.Ftp.DefaultImplicitSslPort);
        }

        client.Connect(address,21, par,FtpSecurity.Explicit);
        client.Secure(par);

        try
        {
            string res = client.Login(ftpUsername, ftpPassword);
            #region Tracing
            if (FTPFileTransfer.ApplicationTracing.TraceVerbose)
            {
                Trace.TraceInformation(@"Log in result " + res);
            }
            #endregion
            return true;
        }
        catch (Rebex.Net.FtpException ftpEx)
        {
            #region Tracing
            if (FTPFileTransfer.ApplicationTracing.TraceError)
            {
                Trace.TraceError(ftpEx.ToString());
            }
            #endregion
            return false;
        }
    }

but when I try and list the files from this connection I get an error...

foreach (FtpItem  _filename in client.GetList() )
                        {
                            if (_filename.IsFile)
                            {
                                ret.Add(_filename.Name);
                            }
                        }

From the rebex log file:

2012-11-07 11:42:58.794 INFO Ftp(1) Response: 200 Type set to A.
2012-11-07 11:42:58.794 VERBOSE Ftp(1) TLS: Sent TLS packet: 
    17-03-01-00-00
2012-11-07 11:42:58.794 VERBOSE Ftp(1) TLS: Sent TLS packet: 
    17-03-01-00-06-50-41-53-56-0D-0A
2012-11-07 11:42:58.810 VERBOSE Ftp(1) Info: Sent data over control connection: 
    50-41-53-56-0D-0A
2012-11-07 11:42:58.810 INFO Ftp(1) Command: PASV
2012-11-07 11:42:58.934 VERBOSE Ftp(1) TLS: Received TLS packet: 
    17-03-01-00-31-32-32-37-20-45-6E-74-65-72-69-6E-67-20-50-61-73-73-69-76
    65-20-4D-6F-64-65-20-28-31-36-39-2C-38-31-2C-31-37-32-2C-31-33-2C-36-37
    2C-38-32-29-0D-0A
2012-11-07 11:42:58.934 VERBOSE Ftp(1) Info: Received data over control connection: 
    32-32-37-20-45-6E-74-65-72-69-6E-67-20-50-61-73-73-69-76-65-20-4D-6F-64
    65-20-28-31-36-39-2C-38-31-2C-31-37-32-2C-31-33-2C-36-37-2C-38-32-29-0D
    0A
2012-11-07 11:42:58.934 VERBOSE Ftp(1) Info: Response available to be received on control connection.
2012-11-07 11:42:58.934 INFO Ftp(1) Response: 227 Entering Passive Mode (169,81,172,13,67,82)
2012-11-07 11:42:58.934 INFO Ftp(1) Info: Using server address 169.81.172.13 instead of received address 169.81.172.13.
2012-11-07 11:42:58.934 VERBOSE Ftp(1) TLS: Sent TLS packet: 
    17-03-01-00-00
2012-11-07 11:42:58.934 VERBOSE Ftp(1) TLS: Sent TLS packet: 
    17-03-01-00-06-4C-49-53-54-0D-0A
2012-11-07 11:42:58.950 VERBOSE Ftp(1) Info: Sent data over control connection: 
    4C-49-53-54-0D-0A
2012-11-07 11:42:58.950 INFO Ftp(1) Command: LIST
2012-11-07 11:42:58.966 DEBUG Ftp(1) Info: Establishing data connection to 169.81.172.13:17234.
2012-11-07 11:43:20.111 DEBUG Ftp(1) Info: Error while starting data transfer: Rebex.Net.FtpException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ---> Rebex.Net.ProxySocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ---> Rebex.Net.ProxySocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 169.81.172.13:17234
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
   at wWGvS.BnRMAeZ.kRCyw(String , IPAddress , Int32 )
   --- End of inner exception stack trace ---
   at wWGvS.BnRMAeZ.kRCyw(String , IPAddress , Int32 )
   --- End of inner exception stack trace ---
   at wWGvS.BnRMAeZ.YqGDG(IAsyncResult , String )
   at wWGvS.BnRMAeZ.cCoahHZ(IAsyncResult , Int32 )
   at Rebex.Net.ProxySocket.EndConnect(IAsyncResult asyncResult)
   at wWGvS.AoLBks.kRCyw(EndPoint )
   --- End of inner exception stack trace ---
   at wWGvS.AoLBks.kRCyw(EndPoint )
   at Rebex.Net.Ftp.CgtFNEZ(String , Boolean , AoLBks , Int64 , String , String , Int64 , FtpTransferState )

Any thoughts/ideas? I've tried suggestions in similar threads here but to no avail...

Applies to: Rebex FTP/SSL

1 Answer

0 votes
by (148k points)
edited

Errors such as this are almost always caused by a firewall or server settings issue - the FTP protocol is quite unique in the way it performs data transfers - multiple TCP/IP connection are used, one for the control connection and one for each download, upload or directory listing. This makes it very firewall-unfriendly, particularly when the control connection is encrypted using SSL (as in this case) - there is actually an internet draft dedicated to this.

In short, firewalls that need to understand the FTP control connection in order to make FTP protocol work are not compatible with FTP over SSL unless the encrypted control connection is reverted back to unencrypted mode after authentication has been performed.

Things to try:

  1. Nearly all FTP servers make it possible to specify a port range for data ports. If you have control over the FTP server, configure it to only use a certain range (don't make it to narrow) and configure the firewall to allow these to go through.

  2. If non-secure FTP works fine over your firewall, it is most likely a content-aware firewall that needs to be able to see the FTP communication to do its work. However, SSL makes this impossible. You might use Ftp object's ClearCommandChannel to revert back to unencrypted FTP control connection after logging in (data connections can stay encrypted after this), making it possible for the firewall to work again in exchange for a degree of security.

  3. If this is a firewall issue and Rebex FTP/SSL doesn't work in either passive or active mode, then no other FTP client would work either. Can you give it a try? There are many free GUI clients that can be used to test this, such as FileZilla. If you find any client that works, please send us its communication log for analysis - it is very likely we would spot the reason and let you know how to do the same thing with Rebex FTP/SSL.

  4. If possible, use the SFTP protocol (and Rebex SFTP) instead of FTP or FTP/SSL. It's a more modern protocol that only uses a single TCP connection (on port 22) for all its data, which makes it very simple for firewalls to handle.

  5. FTP has two transfer modes, active and passive. These represent different ways to establish the data connection. In passive mode, which is used in Rebex FTP/SSL by default, the server tells the client to which IP/port it should connect to establish the data connection. In active mode, it is opposite - the server actually connects to the client. Naturally, passive mode is the less problematic, but you might give active mode a try just in case, although it most likely won't work either. Try setting Ftp object's Passive property to false to enable active mode.

  6. Are you able to connect to our FTP server at test.rebex.net (with SSL) from the same location, and are you able to list directories and download files? If you are, the issue is almost certainly not caused by a firewall at the client side. The server side firewall or the server itself is the most likely cause (see point 1).

...