Re: [twsocket] SSL FTP problem?

2011-02-26 Thread Angus Robertson - Magenta Systems Ltd
> The server is the one that site5.com gives, with real IP. I don't
> know if they use any firewalls. 

It may still be behind NAT even if you see a public, I have another
public ICS FTP server that is behind NAT but still works fine with normal
FTP (the firewall router is intelligent) but which will be harder to make
work with SSL.  

If you are getting the same error as my server, almost certainly it's the
same firewall issue.  

> Anyway, I don't have any other FTPS servers to try...

Build the \sslinternet\OverbyteIcsSslFtpServ demo, although you will have
to create SSL certificates to make it work.  Or install FileZilla FTP
server.   

Angus




--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-26 Thread Antol
Hello Angus,

Saturday, February 26, 2011, 12:20:00 PM, you wrote:


ARMSL> Upload to what server, where?  Your own, on your own LAN?  Or behind
ARMSL> another firewall, like mine?  Are you using NAT on both client and 
server,
ARMSL> or do both have public IP addresses?  

No, this time I did not use the router, and I don't have firewall. The
computer  has  real  internet IP. The server is the one that site5.com
gives, with real IP. I don't know if they use any firewalls. Anyway, I
don't have any other FTPS servers to try...



-- 
Best regards,
 Antolmailto:spama...@mail.ru

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-26 Thread Angus Robertson - Magenta Systems Ltd
> I  unplugged the network cable from the router and plugged it 
> directly to   notebook.  The  notebook  doesn't  have  antivirus 
> and firewall software.
> 
> Now,  when  I  upload  the  file using FTP SSL, FileZilla has the 
> same problem with directory listing hangup.

Upload to what server, where?  Your own, on your own LAN?  Or behind
another firewall, like mine?  Are you using NAT on both client and server,
or do both have public IP addresses?  

FTP always has problems with firewalls and NAT routers, due to data
connections being opened on random ports, with the IP address and port
being listed on the control channel using the PORT and PASV commands.  

Firewalls and routers have to 'read' the control channel to either open
the data port specified, or for NAT to 'modify' the command to change the
IP address from internal or external, or vice versa.  

With SSL, the control channel is encrypted so the firewall can not read
the PORT or PASV commands and so can not automatically open the ports and
translate IP addresses.  Some FTP clients like FileZilla, and some FTP
servers try to get around this by using the external IPs instead of the
internal ones, but ICS does not do this automatically. 

I will look at getting SSL working on ics.ftptest.org, but I need to
change the FTP server to restrict the data ports used, and open those on
the firewall, and I'm too busy until later next week. 

> Unfortunately, I couldn't upload to ics.ftptest.org, it says
> Error 501 Permission denied.

I did say in the original email that anonymous is read only, uploading
needs an account.   Y

> The following servers don't seem to like anonymous users. At least I
> cannot log in.

They all need the same account, and some may not be running all the time,
for instance Microsoft FTP Server has no hacking protection so people
will attempt hundreds of thousands of passwords.  My servers are targets
for heavy hacking, hundreds of attempts to break by firewall last week.  

Angus

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-26 Thread Fastream Technologies
It timed out from here with FileZilla.

SZ

On Sat, Feb 26, 2011 at 10:53 AM, Antol  wrote:

>
> FTPS Server test:
>
> If  anyone  can  test  PureFTPd for ftps compatlbility, please use this
> info  and  let me know if you can upload files in FTPS mode. Maybe the
> problem  is that the FTP server software is not completely compatible
> with FTPS?
>
> ftp://174.132.5.68
> l: ftptest
> p: ftptest
>
>
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-26 Thread Antol

FTPS Server test:

If  anyone  can  test  PureFTPd for ftps compatlbility, please use this
info  and  let me know if you can upload files in FTPS mode. Maybe the
problem  is that the FTP server software is not completely compatible
with FTPS?

ftp://174.132.5.68
l: ftptest
p: ftptest


--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-26 Thread Antol
Hello Angus,


I  unplugged the network cable from the router and plugged it directly
to   notebook.  The  notebook  doesn't  have  antivirus  and  firewall
software.

Now,  when  I  upload  the  file using FTP SSL, FileZilla has the same
problem with directory listing hangup.

If  I  upload  a file to my server using ICS FTP SSL module, it waits
for some time and then says:

Disconnected with error 425 Could not open data connection to port 56353: 
Connection timed out [!]

So,  there is a strange port involved... I have no idea what this port
means, I didn't specify it anywhere.


I  also  tried FileZilla on another computer connected directly to the
network  (without  router),  and  got  exactly the same result, so the
problem is not computer-specific.

The  question is: is there anyone who saw FTP SSL client in real work?
Am  I  the  only  one  who  has  problems with FTPS or this is a known
problem?



Unfortunately, I couldn't upload to ics.ftptest.org, it says
Error 501 Permission denied.

The following servers don't seem to like anonymous users. At least I
cannot log in.

ARMSL> filezilla.ftptest.org
ARMSL> wsftp.ftptest.org
ARMSL> servu.ftptest.org
ARMSL> gene6.ftptest.org
ARMSL> msftp7.ftptest.org





-- 
Best regards,
 Antolmailto:spama...@mail.ru

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Antol
Hello Arno,

Friday, February 25, 2011, 2:13:54 PM, you wrote:

AG> FileZilla client supports both SFTP (over SSH using putty) and FTPS.
AG> FileZilla server supports FTPS.

Filezilla:  Works with FTP, SFTP. Implicit FTPS doesn't work. Connects
and hangs on directory listing with FTPES (explicit FTPS):


Status: Resolving address of ***
Status: Connecting to ***...
Status: Connection established, waiting for welcome message...
Response:   220-- Welcome to Pure-FTPd [privsep] [TLS] --
Response:   220-You are user number 3 of 50 allowed.
Response:   220-Local time is now 05:38. Server port: 21.
Response:   220-This is a private system - No anonymous login
Response:   220-IPv6 connections are also welcome on this server.
Response:   220 You will be disconnected after 15 minutes of inactivity.
Command:AUTH TLS
Response:   234 AUTH TLS OK.
Status: Initializing TLS...
Status: Verifying certificate...
Command:USER ***
Status: TLS/SSL connection established.
Response:   331 User *** OK. Password required
Command:PASS *
Response:   230-User *** has group access to:  ***
Response:   230 OK. Current restricted directory is /
Command:PBSZ 0
Response:   200 PBSZ=0
Command:PROT P
Response:   200 Data protection level set to "private"
Status: Connected
Status: Retrieving directory listing...
Command:PWD
Response:   257 "/" is your current location
Command:TYPE I
Response:   200 TYPE is now 8-bit binary
Command:PASV
Response:   227 Entering Passive Mode (*,*,*,*,202,48)
Command:MLSD
Error:  Connection timed out
Error:  Failed to retrieve directory listing


PS: I replaced private data with "*".

-- 
Best regards,
 Antolmailto:spama...@mail.ru

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Fastream Technologies
Hmmm, maybe Gmail (that I use) is at fault.

SubZero
On Fri, Feb 25, 2011 at 1:09 PM, Francois PIETTE
wrote:

>  BTW, to Francois: The list has begun adding private email addresses of
>> the
>> senders to CC!!
>>
>
> This is probably you mail client which does that because I don't see it
> from other senders. Do you ?
>
> --
> francois.pie...@overbyte.be
> http://www.overbyte.be
>
>
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Arno Garrels
Antol wrote:
> Hello Francois,
> 
> Friday, February 25, 2011, 1:26:33 PM, you wrote:
> 
>> SFTP and FTPS are NOT the same thing !
>> SFTP use SSH  (Old system implemented above telnet)
>> FTPS use SSL  (New system implemented using SSL/TLS)
> 
>> ICS only implements FTPS.
> 
> 
> OK,  what free ftps software can you recommend to test with my server?

FileZilla client supports both SFTP (over SSH using putty) and FTPS.
FileZilla server supports FTPS.

> As  I  see,  the  demo application connects and authenticates with SSL
> fine,  so  it  surely supports FTPS as well as SFTP. The only thing to
> find out is will an alternative client execute PUT command or not.

SFTP also might be "Simple File Transport Protocol" which had nothing
to do with both SSL/TLS nor with SSH :)

-- 
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Francois PIETTE

BTW, to Francois: The list has begun adding private email addresses of the
senders to CC!!


This is probably you mail client which does that because I don't see it from 
other senders. Do you ?


--
francois.pie...@overbyte.be
http://www.overbyte.be

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Fastream Technologies
What about FileZilla?

BTW, to Francois: The list has begun adding private email addresses of the
senders to CC!!

Regards,

SZ
On Fri, Feb 25, 2011 at 12:40 PM, Antol  wrote:

> Hello Francois,
>
> Friday, February 25, 2011, 1:26:33 PM, you wrote:
>
> FP> SFTP and FTPS are NOT the same thing !
> FP> SFTP use SSH  (Old system implemented above telnet)
> FP> FTPS use SSL  (New system implemented using SSL/TLS)
>
> FP> ICS only implements FTPS.
>
>
> OK,  what free ftps software can you recommend to test with my server?
> As  I  see,  the  demo application connects and authenticates with SSL
> fine,  so  it  surely supports FTPS as well as SFTP. The only thing to
> find out is will an alternative client execute PUT command or not.
>
> --
> Best regards,
>  Antolmailto:spama...@mail.ru
>
> --
>  To unsubscribe or change your settings for TWSocket mailing list
> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Antol
Hello Francois,

Friday, February 25, 2011, 1:26:33 PM, you wrote:

FP> SFTP and FTPS are NOT the same thing !
FP> SFTP use SSH  (Old system implemented above telnet)
FP> FTPS use SSL  (New system implemented using SSL/TLS)

FP> ICS only implements FTPS.


OK,  what free ftps software can you recommend to test with my server?
As  I  see,  the  demo application connects and authenticates with SSL
fine,  so  it  surely supports FTPS as well as SFTP. The only thing to
find out is will an alternative client execute PUT command or not.

-- 
Best regards,
 Antolmailto:spama...@mail.ru

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Arno Garrels
Antol wrote:
> Hello Francois,
> 
> Friday, February 25, 2011, 12:24:14 PM, you wrote:
> 
> 
>> Have you tried to connect the the same server from the same computer
>> using another FTPS client ?
> 
> I  tried  2 FTP servers  with  SFTP  compatibility. The first one is
> as I described, the other one shows "SSH-2.0-mod_sftp/0.9.7" and
> hangs.

SFTP (http://en.wikipedia.org/wiki/SFTP) is not supported by the TFtpCli
only FTPS (http://en.wikipedia.org/wiki/FTPS).

-- 
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Francois PIETTE
FP> Have you tried to connect the the same server from the same computer 
using

FP> another FTPS client ?



I  tried  2 FTP servers  with  SFTP  compatibility. The first one is as I
described, the other one shows "SSH-2.0-mod_sftp/0.9.7" and hangs.


That is the issue !
SFTP and FTPS are NOT the same thing !
SFTP use SSH  (Old system implemented above telnet)
FTPS use SSL  (New system implemented using SSL/TLS)

ICS only implements FTPS.

--
francois.pie...@overbyte.be
The author of the freeware multi-tier middleware MidWare
The author of the freeware Internet Component Suite (ICS)
http://www.overbyte.be

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Antol
Hello Francois,

Friday, February 25, 2011, 12:24:14 PM, you wrote:


FP> Have you tried to connect the the same server from the same computer using
FP> another FTPS client ?

I  tried  2 FTP servers  with  SFTP  compatibility. The first one is as I
described, the other one shows "SSH-2.0-mod_sftp/0.9.7" and hangs.

I tried another free SFTP client called WinSCP. It understandsh 3
protocols, FTP, SCP and SFTP. It works with both servers fine with all
3 protocols, so I can connect and upload files without any problems.



-- 
Best regards,
 Antolmailto:spama...@mail.ru

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Francois PIETTE

LastResponse was : 'Unable to establish data connection - Winsock -
Connection timed out (#10060)'


FP> Is your router blocking outgoing connections to all non standard ports ?


The  router  doesn't  block  anything  as  far  as  I  know.  All  FTP
connections  (active  and  passive) work when I disable ssl feature in
the demo application.


OK, but given the error message, the first basic thing to happen, 
independent of SSL doesn't occur: the connection.
Since your router let the connection pass, are you sure that the remote site 
let the connection request pass ?
Have you tried to connect the the same server from the same computer using 
another FTPS client ?


--
francois.pie...@overbyte.be
The author of the freeware multi-tier middleware MidWare
The author of the freeware Internet Component Suite (ICS)
http://www.overbyte.be

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Antol
Hello Francois,

The  router  doesn't  block  anything  as  far  as  I  know.  All  FTP
connections  (active  and  passive) work when I disable ssl feature in
the demo application.


Friday, February 25, 2011, 11:38:53 AM, you wrote:

>> Actually,  this  is  the first thing I tried, but the demo application
>> hangs in passive mode when SSL is enabled. It shows the following:
>>
>> < 227 Entering Passive Mode (174,132,5,68,209,134)
>> ! Upload Size 34.5K
>>
>> then it waits for a certain period of time and shows:
>>
>>> PASV
>>
>> Request 18 Done.
>> StatusCode = 550
>> LastResponse was : 'Unable to establish data connection - Winsock - 
>> Connection timed out (#10060)'
>> Error = 550 (Unable to establish data connection - Winsock - Connection 
>> timed out (#10060))
>>
>> I don't use antiviruses and firewalls, so the result is even worse than in 
>> active mode.

FP> Is your router blocking outgoing connections to all non standard ports ?

FP> --
FP> francois.pie...@overbyte.be
FP> The author of the freeware multi-tier middleware MidWare
FP> The author of the freeware Internet Component Suite (ICS)
FP> http://www.overbyte.be

FP> --
FP> To unsubscribe or change your settings for TWSocket mailing list
FP> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
FP> Visit our website at http://www.overbyte.be




-- 
Best regards,
 Antolmailto:spama...@mail.ru

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Francois PIETTE

Actually,  this  is  the first thing I tried, but the demo application
hangs in passive mode when SSL is enabled. It shows the following:

< 227 Entering Passive Mode (174,132,5,68,209,134)
! Upload Size 34.5K

then it waits for a certain period of time and shows:


PASV


Request 18 Done.
StatusCode = 550
LastResponse was : 'Unable to establish data connection - Winsock - 
Connection timed out (#10060)'
Error = 550 (Unable to establish data connection - Winsock - Connection 
timed out (#10060))


I don't use antiviruses and firewalls, so the result is even worse than in 
active mode.


Is your router blocking outgoing connections to all non standard ports ?

--
francois.pie...@overbyte.be
The author of the freeware multi-tier middleware MidWare
The author of the freeware Internet Component Suite (ICS)
http://www.overbyte.be

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Antol
Hello Francois,

>>> PORT 192,168,10,170,233,24
>> < 500 I won't open a connection to 192.168.10.170 (only to 95.27.199.164)
>>
>> How to solve this problem?

FP> Use passive mode.
FP> You router is probably smart enough to handle active connections but it
FP> can't be smart with SSL because it can't understand the commands sent by the
FP> client: they are encrypted. No problem with passive mode as all connections
FP> are outgoing (Active mode has an incomming connection for data).


Actually,  this  is  the first thing I tried, but the demo application
hangs in passive mode when SSL is enabled. It shows the following:

< 227 Entering Passive Mode (174,132,5,68,209,134)
! Upload Size 34.5K

then it waits for a certain period of time and shows:

> PASV

Request 18 Done.
StatusCode = 550
LastResponse was : 'Unable to establish data connection - Winsock - Connection 
timed out (#10060)'
Error = 550 (Unable to establish data connection - Winsock - Connection timed 
out (#10060))

I don't use antiviruses and firewalls, so the result is even worse than in 
active mode.




-- 
Best regards,
 Antolmailto:spama...@mail.ru

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-25 Thread Francois PIETTE

I  use a router, so 192.168.10.170 is my local IP and 95.27.199.164 is
my external IP.

When  I connect to my ftp server using NO SSL, everything is fine, but
if I enable  SslTypeAuthTls, it connects fine, but when I use PUT,  I 
always get the following error:




PORT 192,168,10,170,233,24

< 500 I won't open a connection to 192.168.10.170 (only to 95.27.199.164)

How to solve this problem?


Use passive mode.
You router is probably smart enough to handle active connections but it 
can't be smart with SSL because it can't understand the commands sent by the 
client: they are encrypted. No problem with passive mode as all connections 
are outgoing (Active mode has an incomming connection for data).


--
francois.pie...@overbyte.be
The author of the freeware multi-tier middleware MidWare
The author of the freeware Internet Component Suite (ICS)
http://www.overbyte.be

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be


Re: [twsocket] SSL FTP problem?

2011-02-24 Thread Antol
Hello,

I  use a router, so 192.168.10.170 is my local IP and 95.27.199.164 is
my external IP.

When  I connect to my ftp server using NO SSL, everything is fine, but
if I enable  SslTypeAuthTls, it connects fine, but when I use PUT,  I always 
get the following error:


> PORT 192,168,10,170,233,24
< 500 I won't open a connection to 192.168.10.170 (only to 95.27.199.164)


How to solve this problem?


-- 
Best regards,
 Antolmailto:spama...@mail.ru

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be