Page 1 of 1

Connect to FTP server using FTP

Posted: Mon Apr 29, 2013 8:33 am
by hardware@intamac.com
Hi,

I am trying to trouble shoot connectivity via FTP. I have enabled FTP logins but, every time I connect it disconnects me.
See entry below from the log file, showing it is enabled/listening on FTP. If I try to connect to 127.0.0.1 it says "connection closed by remote host"
Log file :-

2013-04-29 13:07:22]: SYSTEM [server] - Interface 33 (FTP) listening at 192.168.31.41 on port 21
[2013-04-29 13:07:22]: SYSTEM [server] - Interface 35 (SFTP) listening at 192.168.31.41 on port 22
[2013-04-29 13:07:22]: SYSTEM [server] - Interface 37 (FTP) listening at 127.0.0.1 on port 21
[2013-04-29 13:07:22]: SYSTEM [server] - Interface 39 (SFTP) listening at 127.0.0.1 on port 22
[2013-04-29 13:07:22]: SYSTEM [server] - Interface 41 (FTP) listening at 127.0.0.1 on port 23
[2013-04-29 13:07:42]:CONNECT [ 493] - Incoming connection request on FTP interface 37 at 127.0.0.1
[2013-04-29 13:07:42]:CONNECT [ 493] - Connection request rejected from blocked address '127.0.0.1'
[2013-04-29 13:16:06]:CONNECT [ 494] - Incoming connection request on FTP interface 33 at 192.168.31.41
[2013-04-29 13:16:21]:CONNECT [ 494] - Connection request rejected from blocked address '167.165.110.150'
[2013-04-29 13:17:51]:CONNECT [ 495] - Incoming connection request on SSH interface 35 at 192.168.31.41
[2013-04-29 13:17:51]:CONNECT [ 495] - SSH FTP connection request accepted from 192.168.31.160
[2013-04-29 13:17:51]: INFO [ 495] - Client Identification: SSH-2.0-libssh-0.1

Re: Connect to FTP server using FTP

Posted: Mon Apr 29, 2013 10:30 am
by Serin
Hello,

The log indicates the connections are on you IP block list. Look for the message that says the connection was rejected from a blocked address.

Go to the IP manager and remove the blocked addresses that you want to allow to connect. You might also want to check your auto-blocking settings if IPs are getting blocked that shouldn't.

Re: Connect to FTP server using FTP

Posted: Tue Apr 30, 2013 4:38 am
by hardware@intamac.com
Thanks for that reply have stopped/started the underlying Windows service. I have checked the IP Manager Under General - Set From 0.0.0.0 to 0.0.0.0 NEVER Block

Still unable to ftp to 127.0.0.1

[2013-04-30 09:32:56]: SYSTEM [server] - Interface 8 (FTP) listening at 192.168.30.5 on port 21
[2013-04-30 09:32:56]: SYSTEM [server] - Interface 9 (FTPS) listening at 192.168.30.5 on port 990
[2013-04-30 09:32:56]: SYSTEM [server] - Interface 10 (SFTP) listening at 192.168.30.5 on port 22
[2013-04-30 09:32:56]: SYSTEM [server] - Interface 12 (FTP) listening at 127.0.0.1 on port 21
[2013-04-30 09:32:56]: SYSTEM [server] - Interface 13 (FTPS) listening at 127.0.0.1 on port 990
[2013-04-30 09:32:56]: SYSTEM [server] - Interface 14 (SFTP) listening at 127.0.0.1 on port 22
[2013-04-30 09:33:01]:CONNECT [ 3] - Incoming connection request on FTP interface 12 at 127.0.0.1
[2013-04-30 09:33:01]:CONNECT [ 3] - Connection request rejected from blocked address '127.0.0.1'

ANy ideas as to why still I am unable to ftp to the loopback address ?

Re: Connect to FTP server using FTP

Posted: Tue Apr 30, 2013 5:25 am
by hardware@intamac.com
I have even tried to connect from a 167.165.x.x network and added under IP manager 167.165.x.x to 167.165.x.x NEVER block and I cant conenct using an SFTP client even.

2013-04-30 09:32:56]: SYSTEM [server] - Interface 8 (FTP) listening at 192.168.30.5 on port 21
[2013-04-30 09:32:56]: SYSTEM [server] - Interface 9 (FTPS) listening at 192.168.30.5 on port 990
[2013-04-30 09:32:56]: SYSTEM [server] - Interface 10 (SFTP) listening at 192.168.30.5 on port 22
[2013-04-30 09:32:56]: SYSTEM [server] - Interface 12 (FTP) listening at 127.0.0.1 on port 21
[2013-04-30 09:32:56]: SYSTEM [server] - Interface 13 (FTPS) listening at 127.0.0.1 on port 990
[2013-04-30 09:32:56]: SYSTEM [server] - Interface 14 (SFTP) listening at 127.0.0.1 on port 22
[2013-04-30 09:33:01]:CONNECT [ 3] - Incoming connection request on FTP interface 12 at 127.0.0.1
[2013-04-30 09:33:01]:CONNECT [ 3] - Connection request rejected from blocked address '127.0.0.1'
[2013-04-30 09:38:11]:CONNECT [ 4] - Incoming connection request on FTP interface 12 at 127.0.0.1
[2013-04-30 09:38:11]:CONNECT [ 4] - Connection request rejected from blocked address '127.0.0.1'
[2013-04-30 10:12:37]:CONNECT [ 5] - Incoming connection request on FTP interface 8 at 192.168.30.5
[2013-04-30 10:12:37]:CONNECT [ 5] - Connection request rejected from blocked address '167.165.110.211'
[2013-04-30 10:13:30]:CONNECT [ 6] - Incoming connection request on SSH interface 10 at 192.168.30.5
[2013-04-30 10:13:30]:CONNECT [ 6] - Connection request rejected from blocked address '167.165.110.211'
[2013-04-30 10:14:20]:CONNECT [ 7] - Incoming connection request on SSH interface 10 at 192.168.30.5
[2013-04-30 10:14:20]:CONNECT [ 7] - Connection request rejected from blocked address '167.165.110.211'
[2013-04-30 10:15:22]:CONNECT [ 8] - Incoming connection request on SSH interface 10 at 192.168.30.5
[2013-04-30 10:15:22]:CONNECT [ 8] - Connection request rejected from blocked address '167.165.110.211'
[2013-04-30 10:16:58]:CONNECT [ 9] - Incoming connection request on SSH interface 10 at 192.168.30.5
[2013-04-30 10:16:58]:CONNECT [ 9] - Connection request rejected from blocked address '167.165.110.211'

Re: Connect to FTP server using FTP

Posted: Tue Apr 30, 2013 7:33 am
by hardware@intamac.com
Hi,
Although I had a from 0.0.0.0 to 0.0.0.0 and 167.165.0.0 to 167.165.0.0, I added a 167.165.110.1 to 167.165.110.253 (my test device is on this network) I can now connct via FTP and SFTP over a private address. My client IP was 167.165.110.50
So do I need to specify a network range even though I had a FROM 0.0.0.0 to 0.0.0.0 ? e.g if I wanted 192.168.30.1 to 192.168.30.200 to be connect I am best to define this network ?
I assume external conenctions using a STATIC over a firewall are treated differently ? e.g. connect externall via a URL/IP this then via a Cisco firewall has a an allow in by traffic with a stic through to the Cerberus FTP server.

Look forward your thoughts.

Re: Connect to FTP server using FTP

Posted: Tue Apr 30, 2013 10:04 am
by Serin
Hello,

What version of Cerberus FTP Server are your running? Please make sure you are running the latest release (6.0.0.3) as we fixed an IP manager bug in the last release.

What mode is the IP Manager in? It's either in blacklist mode, or white list mode. Regardless, the range 0.0.0.0 - 0.0.0.0 would never apply to anything. If you are operating in blacklist mode, any IPs or ranges in the list will be blocked. If you are in white list mode, only the IPs or ranges in the list will be allowed to connect.


I recommend reading the following for a detailed understanding of the IP Manager:

http://www.cerberusftp.com/support/help/ipmanager.htm

Re: Connect to FTP server using FTP

Posted: Wed May 01, 2013 8:55 am
by hardware@intamac.com
Hi,
It looks like I m running the latest version.
Ok I will remember not to use 0.0.0.0 and 0.0.0.0 and thanks I will read the document you provided and provide feedback.

Thanks