Cannot connect to FTP server over SSL.

This forum is for anyone experiencing problems related to their firewall settings. More specifically, anyone experiecing connection issues should take a look at this forum.
Post Reply
snakyjake1
Posts: 1
Joined: Wed Mar 29, 2006 5:16 pm

Cannot connect to FTP server over SSL.

Post by snakyjake1 » Wed Mar 29, 2006 5:40 pm

Problem:
Cannot connect to FTP server over SSL.

Description:
I'm trying to connect to FTP Server via SSL Explict (using WS_FTP Pro client or SmartFTP) external of my local network (NAT). I can successfully make connection when not using SSL, and can make successful connection inside my local network. This leads me to believe SSL is not working using PASV external to my network.

FTP Server Log:

Wed Mar 29 14:22:35 2006 32 Incoming connection request on interface 192.168.0.3
Wed Mar 29 14:22:35 2006 32 Connection request accepted from X.X.X.X <--- X's hide my IP address for privacy.
Wed Mar 29 14:22:36 2006 32 AUTH TLS
Wed Mar 29 14:22:36 2006 32 234 Authentication method accepted <--- Server usually hangs here for a while.
Wed Mar 29 14:23:22 2006 32 SSL_accept Error: The TLS/SSL connection has been closed <--- Line received after timeout.
Wed Mar 29 14:23:22 2006 32 Unable to establish SSL connection
Wed Mar 29 14:23:22 2006 32 421 Unable to negotiate secure connection
Wed Mar 29 14:23:22 2006 32 Connection terminated.

Client Log:

Connecting to X.X.X.X:21
Connected to X.X.X.X:21 in 0.062438 seconds, Waiting for Server Response
Initializing SSL Session ...
220-Cerberus FTP Server Personal Edition
220-UNREGISTERED
220-Welcome to Cerberus FTP Server
220 Created by Grant Averett
AUTH TLS
234 Authentication method accepted
SSL session NOT set for reuse
SSL Connect error 2:
Connect Failed.
SSL Connect Failed

Troubleshooting:

1. FTP connection works fine if not using SSL. I would assume this would eliminate any configuration problems with PASV.
2. SLL FTP connection works find when connecting on local network.


Information:

1. Server:
Cerberus FTP Server v2.4 Beta 1

2. Client:
WS_FTP Pro
SmartFTP

3. Behind firewall. Linksys WGC200.


Thank you,

Jake

Ragefire
Posts: 1
Joined: Wed May 31, 2006 10:08 am

Post by Ragefire » Wed May 31, 2006 10:13 am

I'm having exactly the same problem. I'm thinking it has somehting to do with the client not being presented with the certificate - when I connected on the LAN, the PC was prompted to install the certificate. Not getting anything on the external PC. Will try tonight on this machine (that has the certificate). If that works, just got to convert the .PEM certificate into tsomething XP understands.

User avatar
linux.llama
User
Posts: 31
Joined: Wed Jun 13, 2007 3:19 am
Location: Scottsdale, AZ

Post by linux.llama » Tue Jul 10, 2007 3:59 am

Hey guys,
I just fixed this on my own system.
You have to put the external router interface in the PASV options page in the Use Different IP for PASV command option.

intracore
Posts: 1
Joined: Fri Feb 22, 2008 3:13 pm

Post by intracore » Fri Feb 22, 2008 3:24 pm

I'm having exactly the same symptoms as OP. I have tried entering the external IP, and the internalIP in the "Use Different IP for PASV Command", neither has any effect on operation. Both ways work 100% over internal network, and non-ssl connections work over external, but SSL connections will not work over external, whichever way the server is configured. No software firewall, and all ports are appropriately forwarded on hardware firewall.

log:

Feb 22 14:22:31 0 Incoming connection request on interface 192.168.80.10
Feb 22 14:22:31 0 Connection request accepted from xx.xx.xx.xx
Feb 22 14:22:31 0 AUTH TLS
Feb 22 14:22:31 0 234 Authentication method accepted

the connection hangs indefinitely at this point every time.

brentlyv
Posts: 1
Joined: Sat May 16, 2009 2:54 pm

Re: Cannot connect to FTP server over SSL.

Post by brentlyv » Sun May 17, 2009 1:26 am

I had a very similar problem. I could connect plain ol FTP but when I added TLS/SSL it would connect but never display the directory.

I dunno the technicals on this, but I dug around for the "normal" FTPS ports and found that FTPS needs port 990 opened up for TCP and 989 for UDP. I dunno if it needs UDP or not so I opened um both up and presto.

Hope this helps someone?

Dial-e-ma-thing = Filezilla
Router deal-e = ZyXEL 2 plus
Don't member the version of CFTP

User avatar
linux.llama
User
Posts: 31
Joined: Wed Jun 13, 2007 3:19 am
Location: Scottsdale, AZ

Re: Cannot connect to FTP server over SSL.

Post by linux.llama » Mon Feb 01, 2010 9:39 pm

Port 989 and 990 refer to FTP over SSH, not FTP over SSL.
Cerberus doesn't support FTP over SSH, just FTP over implicit or explict TLS/SSL, so you just have to open port 21 and your PASV ports (11000-13000 by default).

Post Reply