Page 1 of 1

FTPS not working. Server IP is private. FW doing NAT

Posted: Fri Oct 28, 2011 8:22 pm
by smunzani
Hi,

My connectivity is like below.
Internet ----- FW------ Wing-FTP.

Since wing-ftp is using private IP, I am doing the NAT on the firewall. HTTPS and SFTP both works with NAT but the FTPS doesn't seem to work. During the session establishment, it tries to send its real IP which is non routable over the internet. How can I get around this issue? Below is session log from a filezilla client. Below is scrubbed output.

Status: Resolving address of sftp.xxxx.com
Status: Connecting to x.x.x.x:990...
Status: Connection established, initializing TLS...
Status: Verifying certificate...
Status: TLS/SSL connection established, waiting for welcome message...
Response: 220 Welcome to Wing FTP
Command: USER xxxxx
Response: 331 Password required for xxxxx
Command: PASS ********
Response: 230 User xxxxx logged in.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Extension supported
Response: PBSZ
Response: PROT
Response: MDTM
Response: MDTM YYYYMMDDHHMMSS;filename
Response: SIZE
Response: MLSD
Response: CLNT
Response: UTF8
Response: AUTH SSL
Response: AUTH TLS
Response: OPTS
Response: STAT
Response: EPRT
Response: HELP
Response: XCRC "filename" SP EP
Response: SITE MSG messagetext
Response: SITE PSWD oldpass newpass
Response: SITE UZIP filename.zip
Response: SITE ZIP filename.zip sourcefile1||sourcefile2||sourcefile3||...
Response: 211 End
Command: CLNT FileZilla
Response: 200 Noted.
Command: OPTS UTF8 ON
Response: 200 UTF8 OPTS ON
Command: PBSZ 0
Response: 200 Command okay. PBSZ=0.
Command: PROT P
Response: 200 Encrypting Data Channel.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (172,22,22,22,4,0)
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: MLSD
Error: GnuTLS error -53: Error in the push function.
Error: Connection timed out
Error: Failed to retrieve directory listing

Re: FTPS not working. Server IP is private. FW doing NAT

Posted: Sat Oct 29, 2011 1:38 am
by FTP
Please refer to this topic:
http://wftpserver.com/bbs/viewtopic.php?f=5&t=5" rel="nofollow

Re: FTPS not working. Server IP is private. FW doing NAT

Posted: Tue Mar 12, 2019 7:00 pm
by tarmour57
I am having this same issue
I have completed the entries as suggested by viewtopic.php?f=5&t=5
The entry for the FTP Pasv Mode is the IP for my firewall, not the Nat address

But I am still getting the "Server sent passive reply" error message
My server is behind a firewall with a static address
I have done the port forward NAT with the various FTP, FTPS, SFTP, HTTP, HTTPS

Everything about the FTP server is working but I am getting error message

Here is the session log with a few operations
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA-2.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: File transfer successful, transferred 207,812 bytes in 1 second
Status: File transfer successful, transferred 186,229 bytes in 1 second
Status: Retrieving directory listing of "/"...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful
Status: Disconnected from server
Status: Disconnected from server
Status: Disconnected from server: ECONNABORTED - Connection aborted
Status: Disconnected from server
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Deleting 2 files from "/"
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA-2.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: File transfer successful, transferred 207,812 bytes in 1 second
Status: File transfer successful, transferred 186,229 bytes in 1 second
Status: Retrieving directory listing of "/"...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful
Status: Disconnected from server
Status: Disconnected from server
Status: Disconnected from server: ECONNABORTED - Connection aborted
Status: Disconnected from server
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Deleting 2 files from "/"
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA-2.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: File transfer successful, transferred 207,812 bytes in 1 second
Status: File transfer successful, transferred 186,229 bytes in 1 second
Status: Retrieving directory listing of "/"...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful
Status: Disconnected from server
Status: Disconnected from server
Status: Disconnected from server: ECONNABORTED - Connection aborted
Status: Disconnected from server
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Deleting 2 files from "/"
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA-2.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: File transfer successful, transferred 207,812 bytes in 1 second
Status: File transfer successful, transferred 186,229 bytes in 1 second
Status: Retrieving directory listing of "/"...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful
Status: Disconnected from server
Status: Disconnected from server
Status: Disconnected from server: ECONNABORTED - Connection aborted
Status: Disconnected from server
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Deleting 2 files from "/"
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA-2.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: File transfer successful, transferred 207,812 bytes in 1 second
Status: File transfer successful, transferred 186,229 bytes in 1 second
Status: Retrieving directory listing of "/"...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful
Status: Disconnected from server
Status: Disconnected from server
Status: Deleting 2 files from "/"
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA-2.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: File transfer successful, transferred 207,812 bytes in 1 second
Status: File transfer successful, transferred 186,229 bytes in 1 second
Status: Retrieving directory listing of "/"...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful
Status: Disconnected from server
Status: Disconnected from server
Status: Disconnected from server: ECONNABORTED - Connection aborted
Status: Disconnected from server
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Deleting 2 files from "/"
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Connecting to XX.XXX.X.99:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA-2.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Logged in
Status: Starting upload of C:\Users\Sundance\Pictures\Robbie HOA.jpg
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: File transfer successful, transferred 186,229 bytes in 1 second
Status: File transfer successful, transferred 207,812 bytes in 1 second
Status: Retrieving directory listing of "/"...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful
Status: Disconnected from server
Status: Disconnected from server

Re: FTPS not working. Server IP is private. FW doing NAT

Posted: Wed Mar 13, 2019 12:19 am
by FTP
You had better paste the related server logs, from your FTP client logs "Server sent passive reply with unroutable address. Using server address instead.", it seems you did not configure the FTP passive mode correctly, you need to use the server IP address for the passive mode reply address, and also need to forward the passive mode ports correctly in the firewall/router.