You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using Cyberduck to connect to a Freecom FSG-3 via FTP-SSL with TLS. The login works, but then there is an illegal port command. Cyberduck sends the IP-address from the private network my laptop is logged in. Here is the log file:
220 vsFTPd 2.0.5+ (ext.2) patched by Freecom - ready...
AUTH TLS
234 Proceed with negotiation.
PBSZ 0
200 PBSZ set to 0.
PROT P
200 PROT now Private.
USER *******
331 Please specify the password.
PASS ********
230 Login successful.
PWD
257 "/home"
NOOP
200 NOOP ok.
SYST
215 UNIX Type: L8
STAT /home/Medienserver
213-Status follows:
213 End of status
CWD /home/Medienserver
250 Directory successfully changed.
FEAT
211-Features:
AUTH SSL
AUTH TLS
EPRT
EPSV
MDTM
PASV
UTF8
PBSZ
PROT
REST STREAM
SIZE
TVFS
211 End
PASV
227 Entering Passive Mode (88,75,117,112,199,135)
PORT 192,168,0,239,229,141
500 Illegal PORT command.
PASV
227 Entering Passive Mode (88,75,117,112,228,19)
PORT 192,168,0,239,229,143
500 Illegal PORT command.
I'm pretty sure that this was working with an older version.
The text was updated successfully, but these errors were encountered:
I am still experiencing the same problem with version 3.2 (4648). Cyberduck sends a PORT command with the wrong local (behind a NAT router) ip adress when using SSL/TLS. Using unencrypted connections works fine, though.
This is the log file:
NOOP
200 NOOP command successful
TYPE I
200 Type set to I
PASV
227 Entering Passive Mode (78,47,115,23,172,113).
PORT 192,168,178,22,197,54
500 Illegal PORT command
The problems from my last comment seem to be at least partly related to a broken firewall config on my server. Or rather: FTPS being a completely borked protocol, from a security standpoint (Passive FTP + TLS and stateful firewalling based on conntrack_ftp don't really mix, you have to manually open a range of ports for that in the firewall).
But still: Why is/was Cyberduck sending my local (NATted) IP to the server?
This bug is still present in version 3.4.2 (5902). Passive mode is completely broken:
NOOP
200 Zzz...
TYPE I
200 TYPE is now 8-bit binary
PASV
227 Entering Passive Mode (174,132,19,132,241,78)
PORT 192,168,1,5,218,92
500 I won't open a connection to 192.168.1.5 (only to xxx.xxx.xxx.xxx)
Actually, I may have been mistaken. It looks like the passive connection failed and I'm guessing Cyberduck fell back to trying active instead. (Though if that's the case, then it would be a good idea for Cyberduck to tell the user that that's what happened.)
I'm using Cyberduck to connect to a Freecom FSG-3 via FTP-SSL with TLS. The login works, but then there is an illegal port command. Cyberduck sends the IP-address from the private network my laptop is logged in. Here is the log file:
I'm pretty sure that this was working with an older version.
The text was updated successfully, but these errors were encountered: