FTPS - Data request is not for client...

Questions dealing with specific FTP clients and Cerberus FTP Server.
Post Reply
nick
Posts: 1
Joined: Mon Dec 15, 2014 5:56 pm

FTPS - Data request is not for client...

Post by nick » Mon Dec 15, 2014 6:11 pm

Hello,

I have a functioning installation running; however, I have a user that is having trouble browsing directories once connected to our server. The seem to be able to login ok but after that they can't do anything. The user is using WS_FTP Pro 12.3 and I keep seeing this error in our logs after the user authenticates:

Data request is not for client and server-to-server transfers are disabled

What exactly does that mean? I tried searching the forum and my searches either contain too many words or too many common words. Perhaps a firewall issue on their side?

When I tried to reproduce the issue everything seems to work fine with their username and password using FTPS and WS_FTP Pro 12.4. WinSCP also works fine. FTPS is configured for implicit only on PASV ports 9990-9999. Not sure if there is a list of error codes available? Didn't see much in the FAQ.

Here's a snip from the log:

2014/12/15 15:28:07 [1010] Incoming connection request on FTPS interface 1 at [xxx.xxx.xxx.xxx]
2014/12/15 15:28:07 [1010] FTPS connection request accepted from [xxx.xxx.xxx.xxx]
2014/12/15 15:28:07 [1010] SSL connection using TLSv1/SSLv3 (DHE-RSA-AES256-SHA), 256 bit encryption
2014/12/15 15:28:07 [1010] USER USERNAME
2014/12/15 15:28:07 [1010] 331 User USERNAME, password please
2014/12/15 15:28:07 [1010] PASS ***********
2014/12/15 15:28:08 [1010] Native user 'USERNAME' authenticated
2014/12/15 15:28:08 [1010] [USERNAME] 230 Password Ok, User logged in
2014/12/15 15:28:08 [1010] [USERNAME] SYST
2014/12/15 15:28:08 [1010] [USERNAME] 215 UNIX Type: L8
2014/12/15 15:28:08 [1010] [USERNAME] PBSZ 0
2014/12/15 15:28:08 [1010] [USERNAME] 200 PBSZ=0
2014/12/15 15:28:08 [1010] [USERNAME] PROT P
2014/12/15 15:28:08 [1010] [USERNAME] 200 PROT P OK, data channel will be secured
2014/12/15 15:28:08 [1010] [USERNAME] CLNT WS_FTP_Professional 12.3
2014/12/15 15:28:08 [1010] [USERNAME] 200 Command okay
2014/12/15 15:28:08 [1010] [USERNAME] PWD
2014/12/15 15:28:08 [1010] [USERNAME] 257 "/" is the current directory
2014/12/15 15:28:08 [1010] [USERNAME] TYPE A
2014/12/15 15:28:08 [1010] [USERNAME] 200 Type ASCII
2014/12/15 15:28:08 [1010] [USERNAME] PASV
2014/12/15 15:28:08 [1010] [USERNAME] 227 Entering Passive Mode (77,88,222,111,38,199)
2014/12/15 15:28:09 [1010] [USERNAME] PORT 10,111,111,22,213,2
2014/12/15 15:28:09 [1010] Data request is not for client and server-to-server transfers are disabled
2014/12/15 15:28:09 [1010] [USERNAME] 500 Port command invalid
2014/12/15 15:28:35 [1010] [USERNAME] QUIT
2014/12/15 15:28:35 [1010] Connection terminated

Thanks for the help!

Nick

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: FTPS - Data request is not for client...

Post by Serin » Mon Dec 29, 2014 11:40 am

The server-to-server transfer warning is because the client is attempting to use active mode and specifying a different IP address to connect to that they originated from. We don't allow this behavior by default for security reasons. In this case, they client is specifying their internal IP for the data connection, which doesn't match the public IP they are connecting from.

The bigger issue is why passive mode is failing and resulting in the client trying to connect using active mode. I believe we addressed this offline as a possible lack of ports available caused by too small of a passive port range.

Post Reply