SecureFTP through firewall fails

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi friends,

I am trying for Secure FTP conneciton through firewall, but it is
failing before the SSL handshake.
FTP client starts the handshake & sends the client Hello message to
server, but before I receive server Hello, the conneciton is broken & I
get IOException.
I feel, it is because, server is trying to connect to connect to the
the client for Data Connection, but failing to get the connection due
to the firewall rules. We have tried to set different firewall rules by
referring the data on net, but still it fails.

Has anybody ever tried this ? is there any clue for setting the
firewall rules for this ?

Any help is appreciated.


Re: SecureFTP through firewall fails

Quoted text here. Click to load it

Dear Sachin,

just a single pointer, not a complete solution (you didn't give enough
data for that) - but do realize that FTP connection tracking
(ip_conntrack_ftp or whatever it is on your system) does not work with
encrypted traffic (very obvious if you think about it...), so your
firewall cannot automagically open a couple ports when you try to
request data. I've spend quite a few hours debugging this particular

However, you mention the server not even returning a greeting. This does
not require a data connection, really.

Before continuing, test and post the following using a simple FTP client
that will actually show what's happening (so that you know exactly what
commands were executed and which failed):
    - Can you connect using plain FTP? Login? Get a listing?
    - Idem for encrypted FTP
    - Are you using active or passive FTP? Whichever you use now,
      try the other as well.
    - What does the server show in the logfiles? What does the
      client say, other than IOException (which isn't terribly
    - Is your firewall stateful? Do you open up a range of ports, or
      do you use connection tracking? (If so, see above.) Does it
      work with plain FTP?


Re: SecureFTP through firewall fails

Quoted text here. Click to load it

I interpret this as FTP/SSL, and not an SSH question even though it
appears here in .

Quoted text here. Click to load it

Sensible remarks, but when you have the details I don't think this
is the place to post them.

Elvis Notargiacomo  master AT barefaced DOT cheek /
    7.031: OnACPower returned value( 0x1 ) which is Equal To 0x1

Re: SecureFTP through firewall fails

Quoted text here. Click to load it

Better yet, pitch the SSL based FTP, SSH based FTP, and the fifteen other
ways of doing secure FTP called SFTP by different authors and switch over to
WebDAV over HTTPS. It's more secure and more managable in a whole set of
ways. It certainly lacks the data/command port firewall issues of any
genuinely FTP based protocol.

Site Timeline