troubleshooting Question

FileZilla FTPS server setup issue

Avatar of Alexandre Takacs
Alexandre TakacsFlag for Switzerland asked on
NetworkingHardware FirewallsFTP
2 Comments1 Solution8 ViewsLast Modified:
I am having an issue setting up a FTPS server using FileZilla.

Basically everything work as intended when I am connecting form FileZilla client or using the Online FTP test tool

(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> Connected on port 2221, sending welcome message...
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> 220 This is not a public server !
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> AUTH TLS
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> 234 Using authentication type TLS
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> TLS connection established
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> USER --someid--
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> 331 Password required for --someid--
(000048)6/23/2021 16:05:43 PM - (not logged in) (*.*.*.*)> PASS --someid--
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 230 Logged on
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PBSZ 0
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 PBSZ=0
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PROT P
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 Protection level set to P
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> CWD /ClientTIFF
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 250 CWD successful. "/ClientTIFF" is current directory.
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PWD
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 257 "/ClientTIFF" is current directory.
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TYPE A
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 Type set to A
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PASV
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 227 Entering Passive Mode (x,x,x,x,199,117)
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> STOR zlog.txt
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 150 Opening data channel for file upload to server of "/ClientTIFF/zlog.txt"
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TLS connection for data connection established
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 226 Successfully transferred "/ClientTIFF/zlog.txt"
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TYPE I
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 200 Type set to I
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> PASV
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 227 Entering Passive Mode (x,x,x,x,201,32)
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> MLSD
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 150 Opening data channel for directory listing of "/ClientTIFF"
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> TLS connection for data connection established
(000048)6/23/2021 16:05:43 PM - --someid-- (*.*.*.*)> 226 Successfully transferred "/ClientTIFF"
However using a (Fujitsu N7100) network scanner I get an error "450 TLS session of data connection has not resumed or the session does not match the control connection" as per bellow:
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> Connected on port 2221, sending welcome message...
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 220 This is not a public server !
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> AUTH TLS-P
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 504 Auth type not supported
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> AUTH TLS
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 234 Using authentication type TLS
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> TLS connection established
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> PBSZ 0
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 200 PBSZ=0
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> PROT P
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 200 Protection level set to P
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> USER --someid--
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> 331 Password required for --someid--
(000052)6/23/2021 16:05:58 PM - (not logged in) (212.90.216.146)> PASS --someid--
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 230 Logged on
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> FEAT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 211-Features:
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  MDTM
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  REST STREAM
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  SIZE
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  MLST type*;size*;modify*;
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  MLSD
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  AUTH SSL
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  AUTH TLS
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  PROT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  PBSZ
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  UTF8
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  CLNT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  MFMT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  EPSV
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)>  EPRT
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 211 End
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> OPTS UTF8 ON
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 202 UTF8 mode is always enabled. No need to send this command.
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> NOOP
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 200 OK
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> PWD
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 257 "/" is current directory.
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> CWD ClientTIFF
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 250 CWD successful. "/ClientTIFF" is current directory.
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> SIZE scan150551001.tif
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 550 File not found
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> TYPE I
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 200 Type set to I
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> PASV
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 227 Entering Passive Mode (x,x,x,x,201,212)
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> STOR scan150551001.tif
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 150 Opening data channel for file upload to server of "/ClientTIFF/scan150551001.tif"
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 450 TLS session of data connection has not resumed or the session does not match the control connection
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> DELE scan150551001.tif
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> 250 File deleted successfully
(000052)6/23/2021 16:05:58 PM - --someid-- (212.90.216.146)> disconnected.
(000048)6/23/2021 16:06:43 PM - --someid-- (*.*.*.*)> disconnected.
(000047)6/23/2021 16:07:39 PM - --someid-- (*.*.*.*)> 421 Connection timed out.
(000047)6/23/2021 16:07:39 PM - --someid-- (*.*.*.*)> disconnected.

the only thing I can see is that in the latter attempt the server will use port 51668 for the passive FTP whereas in the first case it used 51488. Both are in the firewall (Mikrotik) 51000-52000 defined range.

In the FileZilla Securtiy Settings I have unchecked the "require matching peer IP address of control and data connection" option (although I don't see why they would not match, but on the off-chance this would be my issue).

Any suggestion most welcome !
ASKER CERTIFIED SOLUTION
Alexandre Takacs
CTO

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros