Connection refused error when internal IP address is set on listener
Hi all, We observed some strange behavior that I can’t quite explain: Our FTP server is running in passive mode and offering a listener for FTP over TLS. When the internal IP address is set in the configuration, I am not able to connect with the FTP client (tested with both Filezilla and Cyberbuck). The error „Connection refused“ is raised when trying to connect. However, when the internal IP address is set to „0.0.0.0“, the connection is fine. I have stepped through the code and the listener seems to be instantiated alright. So, what could be the problem? Cheers, Martin censhare featured as Cool Vendor for Content Management by Gartner
Re: Strange exception caught in DefaultFtpHandler: java.io.IOException: Connection reset by peer
Hi all, just to provide a brief update on this: I have been able to track down these exceptions to connection attempt to the FTP server coming from two distinct IP addresses. Like Brett suggests, the root cause seems to be on the TPC/IP level: The clients connect from those addresses to the secure port of the FTP server and then terminate the connection, leading to the exception on the server side. What exactly is running under those IP addresses is currently being investigated. Cheers, Martin Am 03.06.2015 um 13:26 schrieb Brett Bergquist br...@thebergquistfamily.com: My suggestion would be to use Wireshark and get a capture of traffic to and from the server not the fTP port. You might find something hitting the port that you don’t expect, even something like a port scanner, etc. that starts to establish a TCP connection to the port and abruptly closes the TCP connection with a TCP RST. On Jun 3, 2015, at 6:31 AM, Martin Wunderlich m...@censhare.de wrote: Hi all, We have implemented an FTP service based on Apache FTPServer/MINA. Recently, there are some odd exceptions being logged (see below), the root cause of which isn’t clear at all. There are no uploads or connections attempts at the time of the exception. It seems the exceptions are thrown simply for the running FTP server as it is listening on its port. We are using: - ftpserver-core 1.0.6 - log4j 1.2.14 - mina-core 2.0.9 - ftplet-api 1.0.6 - jcl-over-slf4j 1.6.1 It seems others have had the same issue, but I haven’t been able to find out, if a fix exists. https://mail-archives.apache.org/mod_mbox/mina-ftpserver-users/201105.mbox/%3cbanlktinap_znvmacjy5bd2ju61nwb2j...@mail.gmail.com%3E https://mail-archives.apache.org/mod_mbox/mina-ftpserver-users/201105.mbox/%3cbanlktinap_znvmacjy5bd2ju61nwb2j...@mail.gmail.com%3E Does anyone know what this might be? Cheers, Martin PS: I hope you won’t mind the crossposting to both the MINA and the FTPServer lists. 2015.06.03-12:14:19.867 SEVERE : pool-45-thread-2: DefaultFtpHandler: Exception caught, closing session java.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcherImpl.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39. at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) at sun.nio.ch.IOUtil.read(IOUtil.java:197) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:311) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:45) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:694) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1121) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2015.06.03-12:14:22.133 SEVERE : pool-45-thread-1: DefaultFtpHandler: Exception caught, closing session java.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcherImpl.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) at sun.nio.ch.IOUtil.read(IOUtil.java:197) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:311) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:45) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:694) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1121) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142
Re: Connection refused error when internal IP address is set on listener
This is the log output I get when I set the log level to Debug: (the contents are identical in the console and the log file) 16:01:50 Status:Disconnected from server 16:01:50 Trace: CControlSocket::DoClose(64) 16:01:50 Trace: CControlSocket::DoClose(64) 16:01:50 Trace: CControlSocket::DoClose(64) 16:01:50 Trace: CFileZillaEnginePrivate::ResetOperation(0) 16:01:50 Status:Resolving address of example.com 16:01:50 Status:Connecting to 123.123.123.123:4243... 16:01:50 Status:Connection attempt failed with ECONNREFUSED - Connection refused by server. 16:01:50 Trace: CRealControlSocket::OnClose(61) 16:01:50 Trace: CControlSocket::DoClose(64) 16:01:50 Trace: CFtpControlSocket::ResetOperation(66) 16:01:50 Trace: CControlSocket::ResetOperation(66) 16:01:50 Error: Could not connect to server 16:01:50 Trace: CFileZillaEnginePrivate::ResetOperation(66) Cheers, Martin Am 09.06.2015 um 15:47 schrieb David Latorre dvl...@gmail.com: Probably the full Filezilla log file will be enough El 09/06/2015 15:46, Martin Wunderlich m...@censhare.de escribió: Hi David, There isn’t much in the log files, I am afraid. This is what I get with Filezilla on the client side: 15:44:30 Status:Resolving address of exmample.com 15:44:30 Status:Connecting to 123.123.123.123:4243... 15:44:30 Status:Connection attempt failed with ECONNREFUSED - Connection refused by server. 15:44:30 Error: Could not connect to server There is nothing logged on the server side. Sorry, not much help, I know. Cheers, Martin Am 09.06.2015 um 15:36 schrieb David Latorre dvl...@gmail.com: Martin, Can you include the log file (with the messages which have been received and sent) of the Ftp server? Also, the log file of the ftp client would be helpful El 09/06/2015 15:25, Martin Wunderlich m...@censhare.de escribió: No, in the client I set the external IP address, because the server is accessed from outside the firewall. This external IP address is also configured on the server-side, of course. Cheers, Martin Am 09.06.2015 um 15:18 schrieb Alessio Santacroce alessio.santacr...@gmail.com: Stupid question... when you set the ip to the ftp server, do you use the same ip on the ftp client as well? On Tuesday, June 9, 2015, Martin Wunderlich m...@censhare.de wrote: Hi all, We observed some strange behavior that I can’t quite explain: Our FTP server is running in passive mode and offering a listener for FTP over TLS. When the internal IP address is set in the configuration, I am not able to connect with the FTP client (tested with both Filezilla and Cyberbuck). The error „Connection refused“ is raised when trying to connect. However, when the internal IP address is set to „0.0.0.0“, the connection is fine. I have stepped through the code and the listener seems to be instantiated alright. So, what could be the problem? Cheers, Martin censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner
Re: Connection refused error when internal IP address is set on listener
No, in the client I set the external IP address, because the server is accessed from outside the firewall. This external IP address is also configured on the server-side, of course. Cheers, Martin Am 09.06.2015 um 15:18 schrieb Alessio Santacroce alessio.santacr...@gmail.com: Stupid question... when you set the ip to the ftp server, do you use the same ip on the ftp client as well? On Tuesday, June 9, 2015, Martin Wunderlich m...@censhare.de wrote: Hi all, We observed some strange behavior that I can’t quite explain: Our FTP server is running in passive mode and offering a listener for FTP over TLS. When the internal IP address is set in the configuration, I am not able to connect with the FTP client (tested with both Filezilla and Cyberbuck). The error „Connection refused“ is raised when trying to connect. However, when the internal IP address is set to „0.0.0.0“, the connection is fine. I have stepped through the code and the listener seems to be instantiated alright. So, what could be the problem? Cheers, Martin censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner
Re: Connection refused error when internal IP address is set on listener
Hi David, There isn’t much in the log files, I am afraid. This is what I get with Filezilla on the client side: 15:44:30 Status:Resolving address of exmample.com 15:44:30 Status:Connecting to 123.123.123.123:4243... 15:44:30 Status:Connection attempt failed with ECONNREFUSED - Connection refused by server. 15:44:30 Error: Could not connect to server There is nothing logged on the server side. Sorry, not much help, I know. Cheers, Martin Am 09.06.2015 um 15:36 schrieb David Latorre dvl...@gmail.com: Martin, Can you include the log file (with the messages which have been received and sent) of the Ftp server? Also, the log file of the ftp client would be helpful El 09/06/2015 15:25, Martin Wunderlich m...@censhare.de escribió: No, in the client I set the external IP address, because the server is accessed from outside the firewall. This external IP address is also configured on the server-side, of course. Cheers, Martin Am 09.06.2015 um 15:18 schrieb Alessio Santacroce alessio.santacr...@gmail.com: Stupid question... when you set the ip to the ftp server, do you use the same ip on the ftp client as well? On Tuesday, June 9, 2015, Martin Wunderlich m...@censhare.de wrote: Hi all, We observed some strange behavior that I can’t quite explain: Our FTP server is running in passive mode and offering a listener for FTP over TLS. When the internal IP address is set in the configuration, I am not able to connect with the FTP client (tested with both Filezilla and Cyberbuck). The error „Connection refused“ is raised when trying to connect. However, when the internal IP address is set to „0.0.0.0“, the connection is fine. I have stepped through the code and the listener seems to be instantiated alright. So, what could be the problem? Cheers, Martin censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner censhare featured as Cool Vendor for Content Management by Gartner
Strange exception caught in DefaultFtpHandler: java.io.IOException: Connection reset by peer
Hi all, We have implemented an FTP service based on Apache FTPServer/MINA. Recently, there are some odd exceptions being logged (see below), the root cause of which isn’t clear at all. There are no uploads or connections attempts at the time of the exception. It seems the exceptions are thrown simply for the running FTP server as it is listening on its port. We are using: - ftpserver-core 1.0.6 - log4j 1.2.14 - mina-core 2.0.9 - ftplet-api 1.0.6 - jcl-over-slf4j 1.6.1 It seems others have had the same issue, but I haven’t been able to find out, if a fix exists. https://mail-archives.apache.org/mod_mbox/mina-ftpserver-users/201105.mbox/%3cbanlktinap_znvmacjy5bd2ju61nwb2j...@mail.gmail.com%3E https://mail-archives.apache.org/mod_mbox/mina-ftpserver-users/201105.mbox/%3cbanlktinap_znvmacjy5bd2ju61nwb2j...@mail.gmail.com%3E Does anyone know what this might be? Cheers, Martin PS: I hope you won’t mind the crossposting to both the MINA and the FTPServer lists. 2015.06.03-12:14:19.867 SEVERE : pool-45-thread-2: DefaultFtpHandler: Exception caught, closing session java.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcherImpl.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) at sun.nio.ch.IOUtil.read(IOUtil.java:197) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:311) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:45) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:694) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1121) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2015.06.03-12:14:22.133 SEVERE : pool-45-thread-1: DefaultFtpHandler: Exception caught, closing session java.io.IOException: Connection reset by peer at sun.nio.ch.FileDispatcherImpl.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39) at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223) at sun.nio.ch.IOUtil.read(IOUtil.java:197) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:311) at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:45) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:694) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1121) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) censhare featured as Cool Vendor for Content Management by Gartner
Re: How to suppress logging of SSLHandshakeException
Hi David, Thanks a lot for the suggestion. Modifying recompiling the FTP Server is something I’d rather avoid to make sure we don’t have to maintain our version of the project. I will try the other idea instead, i.e. supply a modified version of FTPLoggingFilter to the FilterChain. I’ll report back here how it works out. Cheers, Martin Am 15.12.2014 um 12:46 schrieb David Latorre dvl...@gmail.com: Hello Martin, If I understand you correctly, there are cases in which the session is closed due to a javax.net.ssl.SSLHandshakeException , but you do not want to show any of this in the logfile? Thus, you do not want the 2014.12.04-15:51:20.429 INFO : pool-3-thread-5: FtpLoggingFilter: CLOSED line either. Is that correct? If you only want to ignore the stacktrace, you might change the FtpLoggingFilter and recompile Mina FTP Server or maybe you can modify the FilterChain in a servlet when you get the AUTH TLS request and substitute FtpLoggingFilter for your own implementation. I do not know if there is a way to solve this using NDC or MDC... Kindest regards, David Latorre 2014-12-15 9:15 GMT+01:00 Martin Wunderlich m...@censhare.de: Hi all, we recently noticed that the Apache MINA FTPServer will log an javax.net.ssl.SSLHandshakeException when the server does not have a valid certificate. The complete stracktrace from the log files is listed below. Since it is logged on the MINA-side, it doesn’t even reach my section of the Java code. Is there a way to suppress the logging of this particular Exception while retaining the loggings of other WARNINGs? Cheers, Martin 2014.12.04-15:51:20.318 INFO : NioProcessor-9: FtpLoggingFilter: CREATED 2014.12.04-15:51:20.320 INFO : pool-3-thread-5: FtpLoggingFilter: OPENED 2014.12.04-15:51:20.321 INFO : pool-3-thread-6: FtpLoggingFilter: SENT: 220 Service ready for new user. 2014.12.04-15:51:20.333 INFO : pool-3-thread-5: FtpLoggingFilter: RECEIVED: AUTH TLS 2014.12.04-15:51:20.425 WARNING: pool-3-thread-6: FtpLoggingFilter: EXCEPTION : javax.net.ssl.SSLHandshakeException: SSL handshake failed. at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:507) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:535) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:714) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1121) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: Invalid Padding length: 140 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1683) at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:959) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:884) at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at org.apache.mina.filter.ssl.SslHandler.unwrap(SslHandler.java:748) at org.apache.mina.filter.ssl.SslHandler.unwrapHandshake(SslHandler.java:683) at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:569) at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:355) at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:488) ... 15 more Caused by: javax.crypto.BadPaddingException: Invalid Padding length: 140 at sun.security.ssl.CipherBox.removePadding(CipherBox.java:684) at sun.security.ssl.CipherBox.decrypt
Re: Error while connection to FTP server running implicit SSL
Thanks a lot for the explanation, John. Is there a specific method in Apache FTP that would allow me to check whether the connection is secured or not? Cheers, Martin Am 10.07.2014 um 15:27 schrieb John Hartnup john.hart...@gmail.com: Explicit means that the client requests SSL specifically (or Explicitly) As delivered the server let's the client use plain FTP if it doesn't request SSL. You can make it insist on SSL by writing an ftplet that rejects USER or PASS commands unless the session is secured. On 10 July 2014 12:12, Martin Wunderlich m...@censhare.de wrote: Hi all, I have found the solution: The key alias parameter was not specified in the FTP server configuration. Once this was set correctly, I was able to connect with the client in TLS mode. One question remains, though: In order for TLS to be active, the client needs to request it specifically (using the setting for explicit TLS). When using „Plain FTP“, the client can still connect through an insecure connection. Anyone know why that is? I was assuming that the server would reject insecure connections on its SSL port. Cheers, Martin Am 09.07.2014 um 19:21 schrieb Martin Wunderlich m...@censhare.de: Hi David, Thanks a lot for the reply. Here is the additional information below. The server configuration is set to implicit SSL = false. HTH. Cheers, Martin *Test 1) Connect with explicit SSL (set in the client) to the Server listening on secure port (4243)* *FileZilla Log: * 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Status: Connecting to 192.168.178.21:4243... 19:15:39 Status: Connection established, waiting for welcome message... 19:15:39 Trace: CFtpControlSocket::OnReceive() 19:15:39 Response: 220 Service ready for new user. 19:15:39 Trace: CFtpControlSocket::SendNextCommand() 19:15:39 Command: AUTH TLS 19:15:39 Trace: CFtpControlSocket::OnReceive() 19:15:39 Response: 234 Command AUTH okay; starting TLS connection. 19:15:39 Status: Initializing TLS... 19:15:39 Trace: CTlsSocket::Handshake() 19:15:39 Trace: CTlsSocket::ContinueHandshake() 19:15:39 Trace: CTlsSocket::OnSend() 19:15:39 Trace: CTlsSocket::OnRead() 19:15:39 Trace: CTlsSocket::ContinueHandshake() 19:15:39 Trace: CTlsSocket::Failure(-12, 53) 19:15:39 Trace: GnuTLS alert 40: Handshake failed 19:15:39 Error: GnuTLS error -12: A TLS fatal alert has been received. 19:15:39 Trace: CRealControlSocket::OnClose(53) 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Trace: CFtpControlSocket::ResetOperation(66) 19:15:39 Trace: CControlSocket::ResetOperation(66) 19:15:39 Error: Could not connect to server 19:15:39 Trace: CFileZillaEnginePrivate::ResetOperation(66) *FileZilla Config: * Bildschirmfoto 2014-07-09 um 19.17.19.png *Server log: * 2014.07.09-19:15:39.601 SEVERE : pool-3-thread-9: DefaultFtpHandler: Exception caught, closing session javax.net.ssl.SSLHandshakeException: SSL handshake failed. at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:495) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1290) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) at sun.security.ssl.SSLEngineImpl.writeAppRecord
Re: Error while connection to FTP server running implicit SSL
Hi all, I have found the solution: The key alias parameter was not specified in the FTP server configuration. Once this was set correctly, I was able to connect with the client in TLS mode. One question remains, though: In order for TLS to be active, the client needs to request it specifically (using the setting for explicit TLS). When using „Plain FTP“, the client can still connect through an insecure connection. Anyone know why that is? I was assuming that the server would reject insecure connections on its SSL port. Cheers, Martin Am 09.07.2014 um 19:21 schrieb Martin Wunderlich m...@censhare.de: Hi David, Thanks a lot for the reply. Here is the additional information below. The server configuration is set to implicit SSL = false. HTH. Cheers, Martin Test 1) Connect with explicit SSL (set in the client) to the Server listening on secure port (4243) FileZilla Log: 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Status: Connecting to 192.168.178.21:4243... 19:15:39 Status: Connection established, waiting for welcome message... 19:15:39 Trace: CFtpControlSocket::OnReceive() 19:15:39 Response:220 Service ready for new user. 19:15:39 Trace: CFtpControlSocket::SendNextCommand() 19:15:39 Command: AUTH TLS 19:15:39 Trace: CFtpControlSocket::OnReceive() 19:15:39 Response:234 Command AUTH okay; starting TLS connection. 19:15:39 Status: Initializing TLS... 19:15:39 Trace: CTlsSocket::Handshake() 19:15:39 Trace: CTlsSocket::ContinueHandshake() 19:15:39 Trace: CTlsSocket::OnSend() 19:15:39 Trace: CTlsSocket::OnRead() 19:15:39 Trace: CTlsSocket::ContinueHandshake() 19:15:39 Trace: CTlsSocket::Failure(-12, 53) 19:15:39 Trace: GnuTLS alert 40: Handshake failed 19:15:39 Error: GnuTLS error -12: A TLS fatal alert has been received. 19:15:39 Trace: CRealControlSocket::OnClose(53) 19:15:39 Trace: CControlSocket::DoClose(64) 19:15:39 Trace: CFtpControlSocket::ResetOperation(66) 19:15:39 Trace: CControlSocket::ResetOperation(66) 19:15:39 Error: Could not connect to server 19:15:39 Trace: CFileZillaEnginePrivate::ResetOperation(66) FileZilla Config: Bildschirmfoto 2014-07-09 um 19.17.19.png Server log: 2014.07.09-19:15:39.601 SEVERE : pool-3-thread-9: DefaultFtpHandler: Exception caught, closing session javax.net.ssl.SSLHandshakeException: SSL handshake failed. at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:495) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1290) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1177) at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1149) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:575) at org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:349) at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:476) ... 15
Error while connection to FTP server running implicit SSL
Hi all, I am expanding our MINA-based FTP server by adding a setting for implicit vs. explicit SSL. I have made all the necessary changes, but for some reason I can’t connect to the server anymore when implicit SSL is set to true. In explicit SSL mode it works fine. When trying to connect, I get the error message: Connection established, waiting for welcome message... And then the FileZilla client just hangs until it has timed out… Any ideas anyone? Thanks a lot. Cheers, Martin signature.asc Description: Message signed with OpenPGP using GPGMail
Unexpected high server load caused by MINA-threads
Hi all, We have caught some high CPU loads on a server that runs the FTP server feature which is based on MINA. The only running threads at the time were two MINA-related threads and I am wondering, if anyone might know what the cause could be. JStack gives the following thread details: NioProcessor-21 prio=3 tid=0x1a777800 nid=0x976c runnable [0x80ffaf2d4000] java.lang.Thread.State: RUNNABLE at sun.nio.ch.DevPollArrayWrapper.poll0(Native Method) at sun.nio.ch.DevPollArrayWrapper.poll(DevPollArrayWrapper.java:223) at sun.nio.ch.DevPollSelectorImpl.doSelect(DevPollSelectorImpl.java:84) at sun.nio.ch.SelectorImpl.lockAndDoSelect(SelectorImpl.java:87) - locked 0x0007013b2148 (a sun.nio.ch.Util$2) - locked 0x0007013b2138 (a java.util.Collections$UnmodifiableSet) - locked 0x000701381b20 (a sun.nio.ch.DevPollSelectorImpl) at sun.nio.ch.SelectorImpl.select(SelectorImpl.java:98) at org.apache.mina.transport.socket.nio.NioProcessor.select(NioProcessor.java:72) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1093) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) ... NioProcessor-20 prio=3 tid=0x0237f000 nid=0x9769 runnable [0x80ffb0ef] java.lang.Thread.State: RUNNABLE at sun.nio.ch.DevPollArrayWrapper.poll0(Native Method) at sun.nio.ch.DevPollArrayWrapper.poll(DevPollArrayWrapper.java:223) at sun.nio.ch.DevPollSelectorImpl.doSelect(DevPollSelectorImpl.java:84) at sun.nio.ch.SelectorImpl.lockAndDoSelect(SelectorImpl.java:87) - locked 0x0007013b1fd8 (a sun.nio.ch.Util$2) - locked 0x0007013b1fc8 (a java.util.Collections$UnmodifiableSet) - locked 0x000701381a08 (a sun.nio.ch.DevPollSelectorImpl) at sun.nio.ch.SelectorImpl.select(SelectorImpl.java:98) at org.apache.mina.transport.socket.nio.NioProcessor.select(NioProcessor.java:72) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1093) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) These are the only two running thread on the system. I am not sure what exactly the root cause is. Is it some kind of locking problem? Any ideas? Thanks a lot. Cheers, Martin
How to set the log level for the FtpLoggingFilter
Hi, I am wondering, how I can adjust the log levels for some message types in the FtpLoggingFilter when using the FTP Server. In particular, I would like the follow to have log level DEBUG: sessionCreatedLevel sessionOpenedLevel sessionIdleLevel sessionClosedLevel I had a look around the code, but didn't find out how I can directly access the FtpLoggingFilter instance via some of the FTP classes I am using (Listener, ListenerFactory, FtpServer, FtpServerFactory…). It seems to me that the logging config is hidden deeply inside the class structure and can't be modified. Is this assumption correct or how can I modify the log levels? Thanks a lot. Cheers, Martin
Question on DataConnectionConfiguration.requestPassivePort()
Hi all, We have implemented an FTP server service based on this excellent Apache project. There is one detail, though, that isn't clear to me in relation to the passive mode: What value should be returned by the method requestPassivePort() in cases where all available (i.e. configured) passive ports are in use? The return value of the method is a primitive int, so I can't return NULL. Also, is there a way to get a list of all passive ports that are available (in use or not)? Background is that a customer is having issues using the FTP server in passive mode when connecting through a firewall. Thanks a lot. Kind regards, Martin
How explicitly free ports on server close?
Hi all, We have noticed that the FTP server doesn't seem to release it's used ports when the close() method is called. The result is that the server can't be restarted, because its ports are already in use. Is this the normal behavior and, if yes, how can I tell the FTP server to release the ports? Should one set server == null after closing the server? Kind regards, Martin
Re: Error during file transfer: 550 - Permission denied
Hi again, After some digging through the source code, I found the actual root cause. In my UserManager I hadn't implemented the list of so-called authorities. It is also not clear from the documentation how this should be implemented or what the purpose of an authority is. Perhaps someone could shed some light on this. Thanks a lot. Kind regards, Martin Am 26.09.2013 um 18:23 schrieb Martin Wunderlich m...@censhare.de: I think I figured out what you meant. In my UserManager the methods save and getUserByName were not implemented, yet. So, in essence, it seems that the UserManager implementation needs to maintain a list of users internally, right? I have done this now using a HashMap, which maps usernames to User objects and users are added using the save() method after login. However, I am getting a new error now when trying to log in: Status: Resolving address of localhost Status: Connecting to [::1]:4242... Status: Connection attempt failed with ECONNREFUSED - Connection refused by server, trying next address. Status: Connecting to 127.0.0.1:4242... Status: Connection established, waiting for welcome message... Response: 220 Service ready for new user. Command: USER ftpuser Response: 421 Maximum login limit has been reached. Error:Could not connect to server Status: Waiting to retry... Status: Resolving address of localhost Status: Connecting to [::1]:4242... Status: Connection attempt failed with ECONNREFUSED - Connection refused by server, trying next address. Status: Connecting to 127.0.0.1:4242... Status: Connection established, waiting for welcome message... Response: 220 Service ready for new user. Command: USER ftpuser Response: 421 Maximum login limit has been reached. Error:Could not connect to server I don't understand this, because the Configuration has 10 as the maximum number of logins: public class FTPServerConnectionConfig implements ConnectionConfig { public int getMaxLogins() { return 10; } The Config object is attached to the ServerFactory. Cheers, Martin Am 26.09.2013 um 17:32 schrieb Goodwin, Matthew matthew.good...@railinc.com: Did you create create users via UserManagerFactory? -Original Message- From: Martin Wunderlich [mailto:m...@censhare.de] Sent: Thursday, September 26, 2013 10:52 AM To: ftpserver-users@mina.apache.org Subject: Error during file transfer: 550 - Permission denied Dear all, I have just joined this list, because I started working on an integration of the Apache FtpServer into an existing project. So far, things have gone well and I can connect to the FTP server. However, when trying to upload a file, I get an 550 - Permission denied error. I have checked that the target directory has readwrite access enabled for all users. The server is running in active mode without SSL encryption. Here is the full log (copied from FileZilla): Status: Resolving address of localhost Status: Connecting to [::1]:4242... Status: Connection attempt failed with ECONNREFUSED - Connection refused by server, trying next address. Status: Connecting to 127.0.0.1:4242... Status: Connection established, waiting for welcome message... Response: 220 Service ready for new user. Command:USER ftpuser Response: 331 User name okay, need password for ftpuser. Command:PASS *** Response: 230 User logged in, proceed. Command:OPTS UTF8 ON Response: 200 Command OPTS okay. Command:OPTS MLST size;modify;type; Response: 200 Command OPTS okay. Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 / is current directory. Status: Directory listing successful Status: Starting upload of /Users/marw/Desktop/TestFile.png Command:PORT 127,0,0,1,210,173 Response: 200 Command PORT okay. Command:STOR TestFile.png Response: 550 /Users/ftpuser/Public/TestFile.png: Permission denied. Error: Critical file transfer error Does anyone know what the problem might be? Is it related to the way I have set up the Apache FTP server or is it something else? Thanks a lot in advance. Kind regards, Martin This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Error during file transfer: 550 - Permission denied
Dear all, I have just joined this list, because I started working on an integration of the Apache FtpServer into an existing project. So far, things have gone well and I can connect to the FTP server. However, when trying to upload a file, I get an 550 - Permission denied error. I have checked that the target directory has readwrite access enabled for all users. The server is running in active mode without SSL encryption. Here is the full log (copied from FileZilla): Status: Resolving address of localhost Status: Connecting to [::1]:4242... Status: Connection attempt failed with ECONNREFUSED - Connection refused by server, trying next address. Status: Connecting to 127.0.0.1:4242... Status: Connection established, waiting for welcome message... Response: 220 Service ready for new user. Command:USER ftpuser Response: 331 User name okay, need password for ftpuser. Command:PASS *** Response: 230 User logged in, proceed. Command:OPTS UTF8 ON Response: 200 Command OPTS okay. Command:OPTS MLST size;modify;type; Response: 200 Command OPTS okay. Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 / is current directory. Status: Directory listing successful Status: Starting upload of /Users/marw/Desktop/TestFile.png Command:PORT 127,0,0,1,210,173 Response: 200 Command PORT okay. Command:STOR TestFile.png Response: 550 /Users/ftpuser/Public/TestFile.png: Permission denied. Error: Critical file transfer error Does anyone know what the problem might be? Is it related to the way I have set up the Apache FTP server or is it something else? Thanks a lot in advance. Kind regards, Martin
Re: Error during file transfer: 550 - Permission denied
Thanks a lot for the quick reply, Matthew. No, I did not create users via a UserManagerFactory. I have implemented my own UserManager class, because I would like to authenticate against our own authentication system. This UserManager implements the required interface and is attached to the ServerFactory. The authentication takes places in the authenticate method, which returns the user object when successful. This bit seems to work fine, since I can log in alright from an FTP client. But maybe I misunderstand the background for your question? Kind regards, Martin Am 26.09.2013 um 17:32 schrieb Goodwin, Matthew matthew.good...@railinc.com: Did you create create users via UserManagerFactory? -Original Message- From: Martin Wunderlich [mailto:m...@censhare.de] Sent: Thursday, September 26, 2013 10:52 AM To: ftpserver-users@mina.apache.org Subject: Error during file transfer: 550 - Permission denied Dear all, I have just joined this list, because I started working on an integration of the Apache FtpServer into an existing project. So far, things have gone well and I can connect to the FTP server. However, when trying to upload a file, I get an 550 - Permission denied error. I have checked that the target directory has readwrite access enabled for all users. The server is running in active mode without SSL encryption. Here is the full log (copied from FileZilla): Status: Resolving address of localhost Status: Connecting to [::1]:4242... Status: Connection attempt failed with ECONNREFUSED - Connection refused by server, trying next address. Status: Connecting to 127.0.0.1:4242... Status: Connection established, waiting for welcome message... Response: 220 Service ready for new user. Command:USER ftpuser Response: 331 User name okay, need password for ftpuser. Command:PASS *** Response: 230 User logged in, proceed. Command:OPTS UTF8 ON Response: 200 Command OPTS okay. Command:OPTS MLST size;modify;type; Response: 200 Command OPTS okay. Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 / is current directory. Status: Directory listing successful Status: Starting upload of /Users/marw/Desktop/TestFile.png Command:PORT 127,0,0,1,210,173 Response: 200 Command PORT okay. Command:STOR TestFile.png Response: 550 /Users/ftpuser/Public/TestFile.png: Permission denied. Error: Critical file transfer error Does anyone know what the problem might be? Is it related to the way I have set up the Apache FTP server or is it something else? Thanks a lot in advance. Kind regards, Martin This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Re: Error during file transfer: 550 - Permission denied
I think I figured out what you meant. In my UserManager the methods save and getUserByName were not implemented, yet. So, in essence, it seems that the UserManager implementation needs to maintain a list of users internally, right? I have done this now using a HashMap, which maps usernames to User objects and users are added using the save() method after login. However, I am getting a new error now when trying to log in: Status: Resolving address of localhost Status: Connecting to [::1]:4242... Status: Connection attempt failed with ECONNREFUSED - Connection refused by server, trying next address. Status: Connecting to 127.0.0.1:4242... Status: Connection established, waiting for welcome message... Response: 220 Service ready for new user. Command:USER ftpuser Response: 421 Maximum login limit has been reached. Error: Could not connect to server Status: Waiting to retry... Status: Resolving address of localhost Status: Connecting to [::1]:4242... Status: Connection attempt failed with ECONNREFUSED - Connection refused by server, trying next address. Status: Connecting to 127.0.0.1:4242... Status: Connection established, waiting for welcome message... Response: 220 Service ready for new user. Command:USER ftpuser Response: 421 Maximum login limit has been reached. Error: Could not connect to server I don't understand this, because the Configuration has 10 as the maximum number of logins: public class FTPServerConnectionConfig implements ConnectionConfig { public int getMaxLogins() { return 10; } The Config object is attached to the ServerFactory. Cheers, Martin Am 26.09.2013 um 17:32 schrieb Goodwin, Matthew matthew.good...@railinc.com: Did you create create users via UserManagerFactory? -Original Message- From: Martin Wunderlich [mailto:m...@censhare.de] Sent: Thursday, September 26, 2013 10:52 AM To: ftpserver-users@mina.apache.org Subject: Error during file transfer: 550 - Permission denied Dear all, I have just joined this list, because I started working on an integration of the Apache FtpServer into an existing project. So far, things have gone well and I can connect to the FTP server. However, when trying to upload a file, I get an 550 - Permission denied error. I have checked that the target directory has readwrite access enabled for all users. The server is running in active mode without SSL encryption. Here is the full log (copied from FileZilla): Status: Resolving address of localhost Status: Connecting to [::1]:4242... Status: Connection attempt failed with ECONNREFUSED - Connection refused by server, trying next address. Status: Connecting to 127.0.0.1:4242... Status: Connection established, waiting for welcome message... Response: 220 Service ready for new user. Command:USER ftpuser Response: 331 User name okay, need password for ftpuser. Command:PASS *** Response: 230 User logged in, proceed. Command:OPTS UTF8 ON Response: 200 Command OPTS okay. Command:OPTS MLST size;modify;type; Response: 200 Command OPTS okay. Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 / is current directory. Status: Directory listing successful Status: Starting upload of /Users/marw/Desktop/TestFile.png Command:PORT 127,0,0,1,210,173 Response: 200 Command PORT okay. Command:STOR TestFile.png Response: 550 /Users/ftpuser/Public/TestFile.png: Permission denied. Error: Critical file transfer error Does anyone know what the problem might be? Is it related to the way I have set up the Apache FTP server or is it something else? Thanks a lot in advance. Kind regards, Martin This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.