Link to home
Start Free TrialLog in
Avatar of brettr
brettr

asked on

How to connect securely?

I downloaded Serv-U and setup a domain on my local box that has Vista installed.  I set the IP to an internal IP, security is SSL/TLS only on port 990.  I'm using CORE FTP to connect.  When I try to connect using port 990 and AUTH SSL option, I get this message:

can't establish connection to 192.168.66.1 port 990.

I then downloaded FTPVoyager (by people that made serv-u) and it says:

431 unable to negotiate secure command connection

If I set Serv-U to accept connections on port 21, and accept regular and SSL connections, I can connect without problems.  I'm also prompted to accept the certificate.

Why doesn't port 990 with "SSL only" not work?
Avatar of couritech
couritech

UDP port 990 uses UDP and is connectionless and does not guarantee reliable communication; it's up to the application that received the message on Port 990 to process any errors and verify correct delivery. If you use McAfee at the client it will block this port unless you specifically allow it to run in your rules (sees it as a virus).

A better idea may be to use Serv-U setup guides for port usage...

You should setup the IP for Passive mode to reflect the actual IP address and not the Internal IP address Serv-U sees.

To do this:
Select "Settings" under your domain
Select the "Advanced: tab. Here enter the external IP Address of the your internet connection or leave it blank.
Also set up the PASV port range option:
Under "Local Server" select "Settings" and then the "Advanced" tab. Here you will see the PASV port range option.
Open ports 2000 - 2010.
Open the same port range in your firewall, proxy server, or router.

Be sure your ISP is not bloking 2000 - 2010 as some do because of high bandwidth P2P file sahring prograns that also use this range
You should now be able to connect from any FTP Client using PASV mode.

However, if you are still unable to connect, disable the Block "FTP_bounce" attacks and FXP in the Serv-U options. According to Serv-U this option is known to cause complications.

Avatar of brettr

ASKER

Thanks but your option doesn't use SSL, which I want to use.  I can connect to the ftp server fine without SSL.  That's not the issue.
Just talked to another admin who uses Serv-U and Core-FTP. He said you would absolutely have to use the following if your going to use port 990. He go this on the Core-FTP forums and he tested it. He had been previously told he had to use 989 on a Sambar server.... anyway-

Your server has to be set up for a clear data channel, the server's router must be set to forward requests on port 990. The Client must be set for encryption on the WAN address, put the data channel on 50001-50100. Client's router is set to trigger ports 50001-50100 for incoming on outgoing requests to port 990
Avatar of brettr

ASKER

Your making it overly complicated.  I have the ftp client and the server on the same machine.  Once I get that going, I'll work on external access.

Also, it isn't CORE FTP specific.  Rhinosoft makes VoyagerFTP and Serv-U.  I thought that might be a benefit but it didn't work out that way.
Sorry - thought you were going across the wire.... Have you enabled FTPS locally yet, and are you using Core FTP LE v1.3c 1446 build as the client (this has a known issue with port connects in the 1 - 4096 range)?
Avatar of brettr

ASKER

I'm using build 1447.6 but neither ftp client will connect.  So, it isn't an ftp client specific issue.

On Serv-U, I have these options:
- Allow only SSL/TSL sessions
- FTP port number 990
Are you using NAT on the router? If you have NAT set up it will have a problem translating the encryption. If you have NAT set up thenb try disabling it on the router and then refresh and try to connect. It shuold allow an implicit SSL/TLS connection then.
If you don't have NAT on your router then check your firewall, because this is definitely sounding like a translation issue now and sounds like this is because of the encryption requirement being levied? I don't know about Voyager in gerat detail, but would guess its tables cannot pass encrypted traffic though a  NAT box.
Avatar of brettr

ASKER

Again, no NAT.  It's all on "one" machine.  Firewall is off.  I've done much of everything that you can do to get it going.  Sorry.  
Whats the Version of Serv-U (Is it Serv-U secure)? You didn't say... I only assumed... (it is required).
Avatar of brettr

ASKER

I just downloaded all of the software this evening.  Serv-U version 6.4.0.2 (build is the same).
Gertting tough here then - its tricky... have you looked at the Local Area Connection settings and the advanced tab in particular to be sure you are set up to allow a secure connection into the NIC and opened the 990 port connect? You are also sure the firewall (Windows, etc) are disabled and you don't use McAfee or Norton "of anything of theirs" on the client?
I assume you went to http://www.serv-u.com/versions.asp and got the "secure" "professional" or "Corporate version? They all handle tables differently for SSL/TLs - just looking to clarifiy here if you missed getting one of these versions or if you got the right one - to figure out which one you have.
Avatar of brettr

ASKER

Actually, it's the trial version: http://www.serv-u.com/dn.asp.  I'm assuming it should have all features since there is a 30 day limit.

I don't know about secure connections into the NIC. I'm not sure which NIC related advanced tab you're referring to that mentions security.  No firewall or virus software is running.

To save time, do you know of any (trial/free) FTP servers that support SSL?  I imagine though that it will be the same problem.
Serv-U has a trial version of secure sofwtare that is free for 30 days - you just have to download it.

http://www.serv-u.com/versions.asp 

shows you the versions of the 5 that are available. I should have thought ahead about this - you were right - it was a simple thing - but the root cause of the failure in the end is often simple and most overlooked.

The trial for secure is 30 days. I'd try it and see if you like it - all seem to be pay to play these days. This is as good as any and you have experience now using the product?

Good luck!
the dn.asp does not support secure SSL
or SFTP
Avatar of brettr

ASKER

There isn't a trial for the secure version.  There is only one trial and they don't say which version that is.
Its corp by default, which supports SSL auithoring. If it isn't your NIC card settings and disallowing SFTP traffic, then I can't explain any reason why you wouold not be connecting unlkess you had prerviously had McAfee or Norton installed (even if they wre unloaded). The cause problems with these programs after removal and close port 990. They both have site uninstall tools to remove remnants, but since you make no mention I am about out of options. Sounds to me like you should have been up and running from the start.
Avatar of brettr

ASKER

Going to try phone tech support with RhinoSoft tomorrow.
Sounds liuke your best support optoin?
Avatar of brettr

ASKER

Here's the solution:

Set Serv-U this way:
Security: Allow SSL/TSL and regular sessions
Port: 21 or 990

FTP client:
AUTH SSL
port 21 or 990

It fails when I set Serv-U to allow SSL/TSL only.  Not sure why.
ASKER CERTIFIED SOLUTION
Avatar of couritech
couritech

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of brettr

ASKER

If I get an answer on why SSL only doesn't work, I'll post back.  Thanks for all of the help.