We are trying to get Apache FTP Server to work behind a reverse proxy. The only thing not working is the data channels. We use an Ftplet to intercept and handle the PASV command and substitute our proxy's IP and port in the PASV response. That all seems to work fine. We are testing it with FileZilla client and our server works perfectly when connecting directly to the server but fails when going through the proxy.
We can see the data connections being established on both the server and the proxy. Our proxy logs every forwarded message and we can see that all client and server messages are being forwarded both ways. The problem is that after the PASV command happens the next comand is MLSD and we can see the server sending the correct response and the proxy is forwarding the listing. But the client interprets the response incorrectly and closes the session. After looking at this for many many hours we're stumped. Our Proxy is a very simple IO streams forwarder, with a control connection to tell the Proxy when to open data channels that forward back to the data channel opened by Apache on the Server. This is the client log when connecting direct: 14:10:44 Command: PASV 14:10:44 Response: 227 Entering Passive Mode (192,168,0,173,40,122) 14:10:44 Trace: Binding data connection source IP to control connection source IP 192.168.0.92 14:10:44 Command: MLSD 14:10:44 Response: 150 File status okay; about to open data connection. 14:10:44 Response: 226 Closing data connection. 14:10:44 Listing: Size=0;Modify=20190814174646.670;Type=dir; Monthly 14:10:44 Listing: Size=0;Modify=20190814180307.721;Type=dir; Weekly 14:10:44 Listing: Size=0;Modify=20190814174833.915;Type=dir; Daily 14:10:44 Listing: Size=0;Modify=20190814175140.777;Type=dir; Archive 14:10:44 Status: Directory listing of "/" successful This is the client log when connecting through the proxy: 14:37:16 Command: PASV 14:37:16 Response: 227 Entering Passive Mode (192,168,0,91,202,228) 14:37:16 Trace: Binding data connection source IP to control connection source IP 192.168.0.173 14:37:16 Command: MLSD 14:37:16 Response: 150 File status okay; about to open data connection. 14:37:16 Response: 226 Closing data connection. 14:37:16 Error: Disconnected from server: ECONNABORTED - Connection aborted 14:37:16 Error: Failed to retrieve directory listing One weird thing we see is that the "226 Closing data connection" shows up on the proxy after the MLSD listing is returned. When connecting direct it is before the listing in the client log, but in all cases these messages are coming from the same server so that may be a logging anomaly. Thanks for any help. Ken Disclaimer: This email from DMBGroup LLC, DMB Consulting Services LLC, or the personnel associated with either entity (collectively "DMB") and attachments, contain CONFIDENTIAL, PRIVILEGED AND PROPRIETARY information for exclusive use of the addressee individual(s) or entity. Unauthorized viewing, copying, disclosure, distribution or use of this e-mail or attachments may be subject to legal restriction or sanction. If received in error, notify sender immediately by return e-mail and delete original message and attachments. Nothing contained in this e-mail or attachments shall satisfy the requirements for a writing unless specifically stated. Nothing contained herein shall constitute a contract or electronic signature under the Electronic Signatures in Global and National Commerce Act, any version of the Uniform Electronic Transactions Act or any other statute governing electronic transactions. Opinions and statements expressed in this e-mail and any attachments are those of the individual sender and not necessarily of DMB. DMB does not guarantee this e-mail transmission is secured, error or virus-free. Neither DMB nor the sender of this e-mail accepts liability for errors or omissions in the contents of this e-mail, which arise as a result of e-mail transmission. .
