troubleshooting Question

FileZilla FTPS server setup issue

Avatar of Alexandre Takacs
Alexandre TakacsFlag for Switzerland asked on
FTPHardware FirewallsNetworking
2 Comments1 Solution10 ViewsLast Modified:
I am having an issue setting up a FTPS server using FileZilla.

Basically everything work as intended when I am connecting form FileZilla client or using the Online FTP test tool

(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> Connected on port 2221, sending welcome message...
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> 220 This is not a public server !
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> AUTH TLS
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> 234 Using authentication type TLS
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> TLS connection established
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> USER --someid--
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> 331 Password required for --someid--
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> PASS --someid--
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 230 Logged on
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PBSZ 0
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 PBSZ=0
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PROT P
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 Protection level set to P
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> CWD /ClientTIFF
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 250 CWD successful. "/ClientTIFF" is current directory.
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PWD
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 257 "/ClientTIFF" is current directory.
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TYPE A
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 Type set to A
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PASV
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 227 Entering Passive Mode (x,x,x,x,199,117)
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> STOR zlog.txt
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 150 Opening data channel for file upload to server of "/ClientTIFF/zlog.txt"
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TLS connection for data connection established
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 226 Successfully transferred "/ClientTIFF/zlog.txt"
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TYPE I
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 Type set to I
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PASV
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 227 Entering Passive Mode (x,x,x,x,201,32)
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> MLSD
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 150 Opening data channel for directory listing of "/ClientTIFF"
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TLS connection for data connection established
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 226 Successfully transferred "/ClientTIFF"

Open in new window

However using a (Fujitsu N7100) network scanner I get an error "450 TLS session of data connection has not resumed or the session does not match the control connection" as per bellow:
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> Connected on port 2221, sending welcome message...
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 220 This is not a public server !
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> AUTH TLS-P
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 504 Auth type not supported
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> AUTH TLS
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 234 Using authentication type TLS
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> TLS connection established
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> PBSZ 0
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 200 PBSZ=0
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> PROT P
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 200 Protection level set to P
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> USER --someid--
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 331 Password required for --someid--
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> PASS --someid--
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 230 Logged on
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> FEAT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 211-Features:
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  MDTM
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  REST STREAM
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  SIZE
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  MLST type*;size*;modify*;
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  MLSD
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  AUTH SSL
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  AUTH TLS
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  PROT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  PBSZ
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  UTF8
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  CLNT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  MFMT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  EPSV
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  EPRT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 211 End
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> OPTS UTF8 ON
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 202 UTF8 mode is always enabled. No need to send this command.
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> NOOP
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 200 OK
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> PWD
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 257 "/" is current directory.
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> CWD ClientTIFF
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 250 CWD successful. "/ClientTIFF" is current directory.
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> SIZE scan150551001.tif
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 550 File not found
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> TYPE I
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 200 Type set to I
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> PASV
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 227 Entering Passive Mode (x,x,x,x,201,212)
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> STOR scan150551001.tif
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 150 Opening data channel for file upload to server of "/ClientTIFF/scan150551001.tif"
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 450 TLS session of data connection has not resumed or the session does not match the control connection
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> DELE scan150551001.tif
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 250 File deleted successfully
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> disconnected.
(000048)6/23/2021 16:06:43 PM - --someid-- (*.*.*.*)> disconnected.
(000047)6/23/2021 16:07:39 PM - --someid-- (*.*.*.*)> 421 Connection timed out.
(000047)6/23/2021 16:07:39 PM - --someid-- (*.*.*.*)> disconnected.

Open in new window


the only thing I can see is that in the latter attempt the server will use port 51668 for the passive FTP whereas in the first case it used 51488. Both are in the firewall (Mikrotik) 51000-52000 defined range.

In the FileZilla Securtiy Settings I have unchecked the "require matching peer IP address of control and data connection" option (although I don't see why they would not match, but on the off-chance this would be my issue).

Any suggestion most welcome !
ASKER CERTIFIED SOLUTION
Alexandre Takacs
CTO

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Log in to continue reading
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform for $9.99/mo
View membership options
Unlock 1 Answer and 2 Comments.
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
The Value of Experts Exchange in My Daily IT Life

Experts Exchange (EE) has become my company's go-to resource to get answers. I've used EE to make decisions, solve problems and even save customers. OutagesIO has been a challenging project and... Keep reading >>

Mike

Owner of Outages.IO
Phoenix, Arizona, United States
Member Since 2016
Join a full scale community that combines the best parts of other tools into one platform.
Unlock 1 Answer and 2 Comments.
View membership options
“All of life is about relationships, and EE has made a virtual community a real community. It lifts everyone's boat.”
William Peck

Member since 2004