FTP error over explicit TLS/SSL

imacurious

Member
Mar 9, 2005
12
0
151
Was doing some testing with FTP via TL/SSL and came across an error.

Using
cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9
CENTOS 5.5 x86_64 standard

and

Filezilla v3.3.2.1 linked against GnuTLS 2.8.3

-----------------
FileZilla connection defined as:
FTPES - FTP over explict TLS/SSL
all other connection parameters are default

The domain the user is attempting to make the secure ftp connection to does NOT have shell access. I don't want to enable shell access for this account for security reasons, hence the testing with TLS/SSL.

--------------------------

FileZilla posts the following during the connection attempt:

Status: Resolving address of ftp.abcdef.com
Status: Connecting to 207.xxx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 50 allowed.
Response: 220-Local time is now 15:17. Server port: 21.
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Command: AUTH TLS
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER [email protected]
Status: TLS/SSL connection established.
Response: 331 User [email protected] OK. Password required
Command: PASS ****
Response: 230-User [email protected] has group access to: [redacted]
Response: 230 OK. Current restricted directory is /
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Extensions supported:
Response: EPRT
Response: IDLE
Response: MDTM
Response: SIZE
Response: REST STREAM
Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response: MLSD
Response: AUTH TLS
Response: PBSZ
Response: PROT
Response: ESTA
Response: PASV
Response: EPSV
Response: SPSV
Response: ESTP
Response: 211 End.
Command: PBSZ 0
Response: 200 PBSZ=0
Command: PROT P
Response: 200 Data protection level set to "private"
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (207,210,81,133,26,77)
Command: MLSD
Error: GnuTLS error -53: Error in the push function.
Error: Connection timed out
Error: Failed to retrieve directory listing

Looking for some clue as to where (Filezilla? Cpanel?) and why the above error is occurring.

Thanks
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Do you have a firewall running? If so, try taking the firewall down to see the results. If it works when the firewall is down, then the firewall doesn't have the ports opened properly for TLS.

If you can post your same FileZilla version, FileZilla settings (ensure you are using FTPES for the TLS type in FileZilla), and the FTP log for the connection where it is having the error.
 

luigidelgado

Well-Known Member
Nov 6, 2010
119
5
68
Mexico
cPanel Access Level
Root Administrator
Twitter
Hi.
Well we are running this ono a secured server, so anything out of port 80 and for DNS is closed to the world, We are trying to find out the best way to give some users access to some ftp folders.

Would it be better to have Active FTP mode? would it be easyer to configure in WHM?
 

luigidelgado

Well-Known Member
Nov 6, 2010
119
5
68
Mexico
cPanel Access Level
Root Administrator
Twitter
Sorry my filezilla is 3.3.5.1, the error us the same, after TLS auth it wont find the port... Yes it is the ports situation but how may I configure or reduce the ports to be used or how may I use only one port (active). What I dont understand of Active mode is if the port will always be the same in the server?