On Sat, 2007-09-01 at 09:36 -0400, Teran McKinney wrote: > First off, I want to thank you for lftp. It's by far the best FTP > client I have used, and it's reverse mirror feature has been used to > publish Zenserver (Zenwalk server version) package updates for the > past 5-7 months or so. It has worked perfectly, and the autocompletion > is very fast and nice. Zenwalk has some of it's websites hosted on a > user-ran server, but the rest was on Servage.net shared hosting along > with Zenserver's site. Servage.net has been by far, the worst hosting > I've used, and after enough troubles with them we finally switched to > Bluehost :-). > > For some reason, I have not been able to use LFTP at all on the new > hosting. If I force active mode I get (in debug level 3): > > lftp [EMAIL PROTECTED]@ftp.axxium.us:/> ls > ---- Connecting to ftp.axxium.us (MailScanner has detected a possible > fraud attempt from "69.89.31.95" claiming to be MailScanner warning: > numerical links are often malicious: 69.89.31.95) port 21 > <--- 220---------- Welcome to Pure-FTPd [TLS] ---------- > <--- 220-You are user number 2 of 50 allowed. > <--- 220-Local time is now 07:18. Server port: 21. > <--- 220-IPv6 connections are also welcome on this server. > <--- 220 You will be disconnected after 15 minutes of inactivity. > WARNING: Certificate verification: Not trusted > WARNING: Certificate verification: The certificate's owner does not > match hostname 'ftp.axxium.us' > <--- 230-Your bandwidth usage is restricted > <--- 230-User [EMAIL PROTECTED] has group access to: axxiumus > <--- 230 OK. Current restricted directory is / > ---- Switching passive mode on > `ls' at 0 [Delaying before reconnect: 12] > > I guess the server tells lftp to switch to passive mode, even though > tech support explicitly told me to try forcing active mode.
Server doesn't tell the client to switch to passive mode. It's the default mode ( most ) modern clients operate with. > Perhaps there is a way that I can force it to stay in active mode and > see how it goes? Without forcing active mode I get: > > lftp [EMAIL PROTECTED]@ftp.axxium.us:/> ls > ---- Connecting to ftp.axxium.us (MailScanner has detected a possible > fraud attempt from "69.89.31.95" claiming to be MailScanner warning: > numerical links are often malicious: 69.89.31.95) port 21 > <--- 220---------- Welcome to Pure-FTPd [TLS] ---------- > <--- 220-You are user number 4 of 50 allowed. > <--- 220-Local time is now 07:22. Server port: 21. > <--- 220-IPv6 connections are also welcome on this server. > <--- 220 You will be disconnected after 15 minutes of inactivity. > WARNING: Certificate verification: Not trusted > WARNING: Certificate verification: The certificate's owner does not > match hostname 'ftp.axxium.us' > <--- 230-Your bandwidth usage is restricted > <--- 230-User [EMAIL PROTECTED] has group access to: axxiumus > <--- 230 OK. Current restricted directory is / > `ls' at 0 [Making data connection...] > > At that point it doesn't go any further. However, `ftp` (Arpanet ftp?) > can connect just fine. Ordinary ftp client doesn't know about encryption and connects using ordinary plain transmission. Your firewall ( i bet you forgot to tell us you're behind one ) can then look inside packets going out and and act accordingly ( use lftp's -d debug flag to see what's going on inside your session - try it with ftp server you were successfull so far; notice numbers beeing params to PORT commands - do they look familiar to you? ). Your lftp client is most probably compiled against TLS and can and WILL secure the connection as soon as it sees the server will announce TLS capability. Most probably your former hosting didn't offered ftp encryption while the new ones does ( "Pure-FTPd [TLS]" in welcome banner" ). You didn't had any problems with lftp earlier, because it used plain transmission and your firewall did its job. Now your lftp connects to the server with encryption capability and wants to use it. And here is what's going on: your client encrypts the control connection, you firewall cannot inspect the content of "ftp" packets and let the traffic flow. Solutions: - force unencrypted connection ( i would start from ftp:ssl-allow flag ) - reconfigure firewall rules Hope that helps. -- Miroslaw "Psyborg" Jaworski GCS/IT d- s+:+ a C++$ UBI++++$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y?
