+1 vote

I have a test application that is testing FTP with TLS12. The server OS is Redhat, the server is vsftpd version 3.0.1 which supports TLS12 and SSLv3.

The code is developed in C# on VS2017, .Net 4.7.2.

When I start debugging there is a long pause and nothing shows up in the debug window but this error shows up in the source window associated with the GetList request. Please note the port number on the IP address: I am connected to port 21, what is that port?

System.Net.Sockets.SocketException: 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond :30766'

The server is up and "pingable".

The server supports port 21 and not 990.

I need to get this and other FTP functions (download file, delete file) to work before I can purchase your product.

I am willing to test any changes to my code or yours.

My code is:

Limilabs.FTP.Log.Enabled = true;

using(Ftp ftp = new Ftp()) {

    ftp.ServerCertificateValidate +=
       (sender, e) => { e.IsValid = true; };

    ftp.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;
    ftp.Connect("ftp host", 21);

    ftp.AuthTLS();

    ftp.Login("user", "pass");


    List<FtpItem> items = ftp.GetList();

    foreach(FtpItem item in items) {   
        Console.WriteLine("Name:        {0}", item.Name);
        Console.WriteLine("Size:        {0}", item.Size);
        Console.WriteLine("Modify date: {0}", item.ModifyDate);
        Console.WriteLine("Is folder:   {0}", item.IsFolder);
        Console.WriteLine("Is file:     {0}", item.IsFile);
        Console.WriteLine("Is symlink:  {0}", item.IsSymlink);
        Console.WriteLine();

    }

    ftp.Close();
}

The log is:

00:33:17 2.0.19002.942
00:33:17 Checking if license file is present.
00:33:17 Connecting to 'ftp-diabesity.dfnetresearch.com:21', SSL: False.
00:33:17 Control connection uses port: 55727 (217,175)
00:33:17 S: 220 (vsFTPd 3.0.2)
00:33:17 C: AUTH TLS
00:33:17 S: 234 Proceed with negotiation.
00:33:17 C: USER jobrien
00:33:17 S: 331 Please specify the password.
00:33:17 C: PASS XXXXXXX
00:33:17 S: 230 Login successful.
00:33:17 C: FEAT
00:33:17 S: 211-Features:
00:33:17 S:  AUTH TLS
00:33:17 S:  EPRT
00:33:17 S:  EPSV
00:33:17 S:  MDTM
00:33:17 S:  PASV
00:33:17 S:  PBSZ
00:33:17 S:  PROT
00:33:17 S:  REST STREAM
00:33:17 S:  SIZE
00:33:17 S:  TVFS
00:33:17 S:  UTF8
00:33:17 S: 211 End
00:33:17 C: OPTS UTF8 ON
00:33:17 S: 200 Always in UTF8 mode.
00:33:17 C: TYPE A
00:33:17 S: 200 Switching to ASCII mode.
00:33:17 C: PBSZ 0
00:33:17 S: 200 PBSZ set to 0.
00:33:17 C: PROT P
00:33:17 S: 200 PROT now Private.
00:33:17 C: PASV
00:33:17 S: 227 Entering Passive Mode (192,168,6,90,120,177).
Exception thrown: 'System.Net.Sockets.SocketException' in System.dll

An unhandled exception of type 'System.Net.Sockets.SocketException' occurred in System.dll "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"

Windows Defender Firewall is off as is Windows Defender Virus protection.

by
edited by
Can you please turn on logging:
https://www.limilabs.com/blog/logging-in-ftp-dll

1 Answer

0 votes

Port 21 is FTP's control connection port - it is used to send FTP comands.

From your description I understand that: you have no problems connecting, establishing TLS and logging in.

Problems start when you use GetList.

GetList downloads a list of files from FTP server. It creates a data connection. In FTP it basically does the same thing as downloading an actual file. It creates new connection for this.

It seems that this connection can not be created for some reason.

Can you please disable firewall, AV software and check.

Logs would help a lot.


[Edit]

The problem is most likely here:

S: 227 Entering Passive Mode (192,168,6,90,120,177)

Your FTP server is incorrectly advertising local network address (192.168.6.90) for data connection.

By default Ftp.dll is ignoring such unroutable local address and uses server address instead.

Just to be sure please set IgnorePassiveModeAddress property to true (to ignore address sent in response to PASV command):

ftp.IgnorePassiveModeAddress = true;
ftp.Connect(....);

Server seem to be misconfigured.

by (301k points)
edited by
I have updated the original question with the log and for that test I disabled Windows Defender Firewall and virus protection.  Please note that in production I can not run without them.
Answer updated
New answer added by obrienj yesterday.

I have no idea where to go from here, either with my code or what to the the owners of the server.

Can you help?
You should provide the log to the server administrator and point out the server is returning invalid response to the PASV command.

Additionally you can show a screenshot from FileZilla FTP client.

One more thing: you ignore certificate errors - why is that? - are you sure you are using correct server address?
Question: on the second log I sent after addin the IgnorePASV, why is the client sending a PASV commend right before trying the GetList?  (I assume the C: in the log means the client activity.)  Is this your code sending this because I don't.

Where do I find a FileZilla client?

I am using the correct server address and I ignore certificate errors becauseI could not connect with out that code.  Why would that be?
Name of the property is IgnorePassiveModeAddress, PASV command is still required.

Ignoring certificate errors is usually not ok for production code. You might be using incorrect server address, if you are getting them.

I checked and this certificate is self-signed (which is also bad), so this is not a server name issue.

FileZilla is a free FTP client you can download on the Internet and use for testing purposes.

Please contact FTP administrator - this server is not working properly.
I have been informed by the FTP server administrator that they are having the same problem in-house if they access from an "outside" network but not if they access from the same network as the server.  They acknowledge that they have a problem with some issues with their DNS server, remote routers, and some other things and are working to remedy the issue.  I will comment on their work when they are done.  I thank all of your for your efforts.
...