Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
15.2k views
in Java FTP by (420 points)
hello experts,

i am trying out the edtftp/ssl package and experiencing some problems...

first, here is a logextract from a connection with smartftp (client):
(changed name and ip's for private reasons)

Resolving host name ftp1.XXXXX.com...
Connecting to (ftp1.XXXXX.com) -> IP: 1.1.1.1 PORT: 21
Connected to (ftp1.XXXXX.com) -> Time = 31ms
Socket connected waiting for login sequence.
220 ftp1.XXXX.com X2 WS_FTP Server 4.0.0 (2024413583)
AUTH SSL
234 SSL enabled and waiting for negotiation
Connected. Exchanging encryption keys...
Session Cipher: 128 bit RC4
SSL encrypted session established.
PBSZ 0
200 PBSZ=0
USER test
331 Password required
PASS (hidden)
230 user logged in
SYST
215 UNIX
FEAT
211-Extensions supported
SIZE
MDTM
MLST size*;type*;perm*;create*;modify*;
LANG EN*
REST STREAM
TVFS
UTF8
AUTH SSL;TLS-P;
PBSZ
PROT C;P;
211 end
Detected Server Software: WS_FTP Server 3.x
SITE UTF8
200 UTF8 encoding forced.
PWD
257 "/demo" is current directory
TYPE A
200 Type set to ASCII.
PROT P
200 PRIVATE data channel protection level set
PORT 214,24,123,9,8,176
200 command successful
Opening data connection IP: 214.24.123.9 PORT: 2224.
MLSD
150 Opening ASCII data connection for directory listing
Connected. Exchanging encryption keys...
Session Cipher: 128 bit RC4
SSL encrypted session established.
883 bytes received successfully. (883 B/s) (00:00:01).
226 transfer complete


and now the debug-output of my java-attempt..:

INFO [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 9 Nov 2004 16:46:32.905 : Licence expiry date: 01 Dez 2004
INFO [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 9 Nov 2004 16:46:32.905 : Trial licence
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 9 Nov 2004 16:46:33.93 : Created explicit FTPS client.
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 9 Nov 2004 16:46:33.93 : Turned server validation off
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 9 Nov 2004 16:46:33.93 : Connecting to ftp1.XXXXX.com/1.1.1.1:21
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:33.218 : 220 ftp1.XXXXX.com X2 WS_FTP Server 4.0.0 (2025040286)
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:33.218 : ---> AUTH SSL
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:33.749 : 234 SSL enabled and waiting for negotiation
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:33.749 : Starting SSL handshake on control socket
INFO [puretls] 9 Nov 2004 16:46:33.937 : PureTLS debug level=0
INFO [cryptix] 9 Nov 2004 16:46:34.77 : GLOBAL_TRACE=false
INFO [cryptix] 9 Nov 2004 16:46:34.77 : GLOBAL_DEBUG=false
INFO [cryptix] 9 Nov 2004 16:46:34.77 : GLOBAL_DEBUG_SLOW=false
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.280 : SSL handshake on control socket complete
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.280 : ---> PBSZ 0
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.312 : 200 PBSZ=0
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.312 : ---> PROT P
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.343 : 200 PRIVATE data channel protection level set
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.343 : ---> USER test
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.390 : 331 Password required
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.390 : ---> PASS ********
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.437 : 230 user logged in
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.437 : ---> PROT P
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.468 : 200 PRIVATE data channel protection level set
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.483 : Creating SSLFTPActiveDataSocket
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.483 : ---> PORT 192,168,100,90,13,176
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 9 Nov 2004 16:46:34.530 : 504 Invalid PORT address
exc.:Invalid PORT address
com.enterprisedt.net.ftp.FTPException: Invalid PORT address
at com.enterprisedt.net.ftp.FTPControlSocket.validateReply(Unknown Source)
at com.enterprisedt.net.ftp.FTPControlSocket.A(Unknown Source)
at com.enterprisedt.net.ftp.FTPControlSocket.A(Unknown Source)
at com.enterprisedt.net.ftp.FTPControlSocket.A(Unknown Source)
at com.enterprisedt.net.ftp.FTPClient.dir(Unknown Source)
at com.enterprisedt.net.ftp.FTPClient.dir(Unknown Source)
at com.adm.aegon.test.FTPTest.main(FTPTest.java:43)




and finally my source:

public static void main(String[] args) {
String Server = "ftp1.XXXXX.com";

Logger.setLevel(Level.ALL);

try {
SSLFTPClient ftp =
new SSLFTPClient(Server,0);
ftp.setValidateServer(false);
ftp.setConnectMode(FTPConnectMode.ACTIVE);
ftp.connect();
ftp.auth(SSLFTPClient.AUTH_SSL);
ftp.user("test");
ftp.password("*****");

ftp.prot(SSLFTPClient.PROT_PRIVATE);


System.out.println("Directory:"+
ftp.dir()
); // get directory listing, just a debug output...


ftp.quit();
System.out.println("finish!");
}
catch (Exception e) {
System.out.println("exc.:"+e.getMessage());
e.printStackTrace(System.out);
}
}


the problem is, that the connecting client is behind a firewall and the server accepts only connections from one specific ip (214.24.123.9).
as you can see, if i connect via smartftp, the port command issued sets this ip, while connecting via my java-tries the port command sets my
local ip.... how do i fix this?

thanx,
yves

11 Answers

0 votes
by (162k points)
So is the client machine's IP address both 192.xx.xx.xx and 214.24.123.9, i.e. does it have two interface cards?

the problem is, that the connecting client is behind a firewall and the server accepts only connections from one specific ip (214.24.123.9).
as you can see, if i connect via smartftp, the port command issued sets this ip, while connecting via my java-tries the port command sets my
local ip.... how do i fix this?

thanx,
yves
0 votes
by (420 points)
yes....and no... its some kind of NAT or masquerading...
behind the firewall, the client has the ip 214.24.123.9 and this is the
only ip that is allowed to connect to the server (set by a destination
firewall)
the client machine has only one network card with a local ip 192.168....
but we only managed to get a connection to the server with smartftp
when we set this already mentioned option... my admin tried to
explain why, but i didn
0 votes
by (162k points)
Thanks for the email.

We are adding a feature that will permit users to set the PORT IP address for this situation.
0 votes
by (420 points)
fine... do you already have a schedule for that?
0 votes
by (162k points)
For forum readers:

We have added this feature and it will be available in edtFTPj/SSL 1.1.5, due out in a week or so.

fine... do you already have a schedule for that?
0 votes
by (420 points)
hi experts..

i added the setport() command as described and it seems to me, that i am a little step ahead, but
still getting exceptions...:

INFO [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 10 Nov 2004 10:28:36.889 : Licence expiry date: 01 Dez 2004
INFO [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 10 Nov 2004 10:28:36.889 : Trial licence
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 10 Nov 2004 10:28:37.76 : Created explicit FTPS client.
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 10 Nov 2004 10:28:37.76 : Turned server validation off
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPClient] 10 Nov 2004 10:28:37.76 : Connecting to ftp1.XXXXX.com/1.1.1.1:21
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:37.154 : 220 ftp1.XXXXX.com X2 WS_FTP Server 4.0.0 (2088763724)
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:37.170 : ---> AUTH TLS
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:37.700 : 234 SSL enabled and waiting for negotiation
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:37.700 : Starting SSL handshake on control socket
INFO [puretls] 10 Nov 2004 10:28:37.872 : PureTLS debug level=0
INFO [cryptix] 10 Nov 2004 10:28:37.997 : GLOBAL_TRACE=false
INFO [cryptix] 10 Nov 2004 10:28:37.997 : GLOBAL_DEBUG=false
INFO [cryptix] 10 Nov 2004 10:28:37.997 : GLOBAL_DEBUG_SLOW=false
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.184 : SSL handshake on control socket complete
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.184 : ---> PBSZ 0
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.231 : 200 PBSZ=0
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.231 : ---> PROT P
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.293 : 200 PRIVATE data channel protection level set
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.293 : ---> USER test
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.324 : 331 Password required
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.324 : ---> PASS ********
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.371 : 230 user logged in
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.371 : ---> PROT P
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.402 : 200 PRIVATE data channel protection level set
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.402 : Creating SSLFTPActiveDataSocket
INFO [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.418 : Forcing use of fixed IP for PORT command
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.418 : ---> PORT 214,24,123,9,4,120
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.449 : 200 command successful
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.449 : ---> NLST
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.527 : 150 Opening ASCII data connection for directory listing
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPActiveDataSocket] 10 Nov 2004 10:28:38.527 : Starting SSL handshake on active data socket
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPActiveDataSocket] 10 Nov 2004 10:28:38.636 : SSL handshake on active data socket complete
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPActiveDataSocket] 10 Nov 2004 10:28:38.668 : Sending SSL closure alert on control socket
DEBUG [com.enterprisedt.net.ftp.ssl.SSLFTPActiveDataSocket] 10 Nov 2004 10:28:38.683 : Waiting for SSL closure response on control socket
WARN [com.enterprisedt.net.ftp.FTPClient] 10 Nov 2004 10:28:38.683 : Caught exception closing data socket
com.enterprisedt.net.puretls.SSLPrematureCloseException: Short read
at com.enterprisedt.net.puretls.SSLuintX.decode(SSLuintX.java:115)
at com.enterprisedt.net.puretls.SSLRecord.decode(SSLRecord.java:156)
at com.enterprisedt.net.puretls.SSLRecordReader.readRecord(SSLRecordReader.java:71)
at com.enterprisedt.net.puretls.SSLInputStream.read(SSLInputStream.java:106)
at java.io.InputStream.read(Unknown Source)
at com.enterprisedt.net.puretls.SSLConn.recvClose(SSLConn.java:321)
at com.enterprisedt.net.puretls.SSLSocket.waitForClose(SSLSocket.java:487)
at com.enterprisedt.net.ftp.ssl.C.close(Unknown Source)
at com.enterprisedt.net.ftp.FTPClient.B(Unknown Source)
at com.enterprisedt.net.ftp.FTPClient.dir(Unknown Source)
at com.enterprisedt.net.ftp.FTPClient.dir(Unknown Source)
at com.adm.aegon.test.FTPTest.main(FTPTest.java:44)
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.792 : 226 transfer complete
Directory:[Ljava.lang.String;@15b0afd
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.792 : ---> QUIT
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.839 : 221 Good-Bye
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.839 : Sending SSL closure alert on control socket
DEBUG [com.enterprisedt.net.ftp.FTPControlSocket] 10 Nov 2004 10:28:38.839 : Waiting for SSL closure response on control socket
exc.:Short read
com.enterprisedt.net.puretls.SSLPrematureCloseException: Short read
at com.enterprisedt.net.puretls.SSLuintX.decode(SSLuintX.java:115)
at com.enterprisedt.net.puretls.SSLRecord.decode(SSLRecord.java:156)
at com.enterprisedt.net.puretls.SSLRecordReader.readRecord(SSLRecordReader.java:71)
at com.enterprisedt.net.puretls.SSLInputStream.read(SSLInputStream.java:106)
at java.io.InputStream.read(Unknown Source)
at com.enterprisedt.net.puretls.SSLConn.recvClose(SSLConn.java:321)
at com.enterprisedt.net.puretls.SSLSocket.waitForClose(SSLSocket.java:487)
at com.enterprisedt.net.ftp.ssl.B.logout(Unknown Source)
at com.enterprisedt.net.ftp.FTPClient.quit(Unknown Source)
at com.adm.aegon.test.FTPTest.main(FTPTest.java:48)


the source now looks like :

public static void main(String[] args) {
String Server = "ftp1.XXXXX.com";

Logger.setLevel(Level.ALL);

try {
SSLFTPClient ftp =
new SSLFTPClient(Server,0);
ftp.setValidateServer(false);
ftp.setConnectMode(FTPConnectMode.ACTIVE);
ftp.connect();
ftp.setPORTIP("214.24.123.9");
ftp.auth(SSLFTPClient.AUTH_SSL);
ftp.user("test");
ftp.password("*****");

ftp.prot(SSLFTPClient.PROT_PRIVATE);


System.out.println("Directory:"+
ftp.dir()
); // get directory listing


ftp.quit();
System.out.println("finish!");
}
catch (Exception e) {
System.out.println("exc.:"+e.getMessage());
e.printStackTrace(System.out);
}
}
0 votes
by (420 points)
by the way...

it makes no difference, if i use ftp.auth(SSLFTPClient.AUTH_TLS)
or ftp.auth(SSLFTPClient.AUTH_SSL)

:-(
0 votes
by (162k points)
It wouldn't. Have you tried setPORTIP() in the 1.1.5 pre-release?

by the way...

it makes no difference, if i use ftp.auth(SSLFTPClient.AUTH_TLS)
or ftp.auth(SSLFTPClient.AUTH_SSL)

:-(
0 votes
by (420 points)
hi experts...

me again....
i read the hints in the api concerning the flags in the constructor and played around a little bit
and found a solution:

new SSLFTPClient(Server,SSLFTPClient.ConfigFlags.DISABLE_SSL_CLOSURE
| SSLFTPClient.ConfigFlags.DISABLE_WAIT_ON_CLOSE);

finally made it work!
you guys made an excellent job and i thank you again for your efforts and very very fast help!!
now, as promised, we
0 votes
by (162k points)
Good news that it is working for you. What FTP server are you testing against?

If you wish to purchase now use the 1.1.5 pre-release with the production license.jar we will send you on purchase - we will let you know when the official release is out.

hi experts...

me again....
i read the hints in the api concerning the flags in the constructor and played around a little bit
and found a solution:

new SSLFTPClient(Server,SSLFTPClient.ConfigFlags.DISABLE_SSL_CLOSURE
| SSLFTPClient.ConfigFlags.DISABLE_WAIT_ON_CLOSE);

finally made it work!
you guys made an excellent job and i thank you again for your efforts and very very fast help!!
now, as promised, we

Categories

...