Tech4Him – Technology with Integrity

I find myself in a bit of a pickle. Recently, we’ve started having users have problems connecting to our Gene6 FTP server via FTP explicit SSL/TLS using FileZilla clients. Now for almost 2 years, this has been working fine. I’ve spent most of the day looking at the FileZilla and Gene6 forums without a concrete solution.

I’m guessing that the FileZilla folks might point fingers at the Gene6 folks saying something like Gene6 doesn’t follow RFC XXX correctly and vice versa, so I thought I’d see if anyone else is having the same problem with the same server/client pair.

The problem is that clients get all the way to the LIST or MLSD command and then the client gets a timeout while the Gene6 server reports:

09/09/09 15:09:25, 9, xxx.xxx.xxx.xxx, username, PASV
09/09/09 15:09:25, 9, xxx.xxx.xxx.xxx, username, 227 Entering Passive Mode
 (xxx,xxx,xxx,xxx,195,142)
09/09/09 15:09:25, 9, xxx.xxx.xxx.xxx, username, MLSD
09/09/09 15:09:46, 9, xxx.xxx.xxx.xxx, username, 150 Data connection
 accepted from xxx.xxx.xxx.xxx:1876; transfer starting.
09/09/09 15:09:46, 9, xxx.xxx.xxx.xxx, username, establishing encrypted
 session
09/09/09 15:09:46, 9, xxx.xxx.xxx.xxx, username, 426 Retrieve aborted;
 SSL/TLS negotiation failed
09/09/09 15:09:46, 9, xxx.xxx.xxx.xxx, username, disconnected.
 (00d00:00:22)

Interestingly, if I start a connection via FileZilla and then immediately stop it and start another, it sometimes works.

Here is the last part of the FileZilla Client debug trace:

16:35:06	Command:	PASV
16:35:06	Trace:	CFtpControlSocket::OnReceive()
16:35:06	Trace:	CTlsSocket::OnRead()
16:35:06	Trace:	CFtpControlSocket::OnReceive()
16:35:06	Trace:	CTlsSocket::OnRead()
16:35:06	Trace:	CFtpControlSocket::OnReceive()
16:35:06	Trace:	CTlsSocket::OnRead()
16:35:06	Trace:	CFtpControlSocket::OnReceive()
16:35:06	Trace:	CTlsSocket::OnRead()
16:35:06	Trace:	CFtpControlSocket::OnReceive()
16:35:06	Response:	227 Entering Passive Mode
 (xxx,xxx,xxx,xxx,195,146)
16:35:06	Trace:	CFtpControlSocket::TransferParseResponse()
16:35:06	Trace:	  code = 2
16:35:06	Trace:	  state = 2
16:35:06	Trace:	CFtpControlSocket::SendNextCommand()
16:35:06	Trace:	CFtpControlSocket::TransferSend()
16:35:06	Trace:	  state = 4
16:35:06	Command:	LIST
16:35:06	Trace:	CFtpControlSocket::OnReceive()
16:35:06	Trace:	CTransferSocket::OnConnect
16:35:06	Trace:	CTlsSocket::Handshake()
16:35:27	Error:	Connection timed out
16:35:27	Trace:	CFtpControlSocket::ResetOperation(2114)
16:35:27	Trace:	CControlSocket::ResetOperation(2114)
16:35:27	Trace:	CFtpControlSocket::ResetOperation(2114)
16:35:27	Trace:	CControlSocket::ResetOperation(2114)
16:35:27	Error:	Failed to retrieve directory listing

We love Gene6 for its great feature set and really don’t want to have to move to another FTP server platform. Also, we love FileZilla and it is what has been deployed to all our remote staff starting back in 2007. Also note, same problem shows up using the Free FTP client from Coffee Cup software, while CoreFTP Lite works fine.

Server: Gene6 FTP Server 3.10.0 build 2
Domain: IP binding is set to Explicit SSL/TLS only, Active Directory authentication

Client: FileZilla 3.0.11.1 – 3.2.7

G6 FTP Test comes back fine and gets the directory listing without a problem.

And no, none of the firewall policies or NAT entries have been modified from the time it has been working until the problem started.

Finally, we have the same issue when testing this on the LAN to the same server with the same clients so I am thinking this is probably not a PASV problem.

It’ll be interesting to hear what the Gene6 and FileZilla folks each have to say about our forums posts on this subject. I really hope we don’t get the “Read the Network Configuration wiki page” as our response. That would be lame. We’ll see where this goes in short order.

Blessings.

Popularity: 2% [?]