Hey Claudio, Here is my session log. Connecting to 208.255.176.210:21 Connected to 208.255.176.210:21, Waiting for Server Response 220-CG2Direct.210 X2 WS_FTP Server 4.0.1 (191203526) 220-CG2 Direct FTP Server 220 CG2Direct.210 X2 WS_FTP Server 4.0.1 (191203526) Host type (1): FTP PC/TCP AUTH SSL 234 SSL enabled and waiting for negotiation XAUT 2
B3>[EMAIL PROTECTED]>45:74A;A=72<8=;>@;@87B>A68:;7C?=<7474=5=@;6 230-user logged in 230-Howdy!!! 230 user logged in Host type (I): FTP PC/TCP Host type (I): FTP PC/TCP PWD 257 "/" is current directory PORT 10,0,0,253,12,47 200 command successful LIST 425 Can't open data connection. PASV 227 Entering Passive Mode (192,168,168,210,4,32). connecting data channel to 192.168.168.210:1056 connection timed
out; the connection timed out while waiting for a response from the server. I tried it without the SSL and it connects
but the directory listing is screwed up. Meaning, it shows a bunch of binary
files titled “System”. Nothing more. Any thoughts? Troy D.
Hilton From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Claudio Robles Could you send the session logs
from the client. So, it does not work in SSL and it
does work without it. In those cases, the firewall automatically
opens and forward the ports that it see (interpreting the FTP protocol), that
the client and server are negotiating for transferring files and directory listings.
In SSL, the server can not see or interpret the FTP Protocol because the
conversation is encrypted. Claudio Robles WS_FTP Team Ipswitch, Inc From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Troy D. Hilton Hello
All, I
realize
my last email wasn’t quite clear in accurately describing my problem.
Let’s see if I can explain it better. This
firewall is protecting 1 server, which is running FTP with SSL enabled. This
server also has a couple test websites, but that's it. Changing
the firewall was actually relatively easy once I understood the User Interface.
I'm not as familiar with the SonicWall appliances. I first tried the
configuration using a test laptop to mimic the server. For the test,
FTP worked like a charm. The difference between the laptop config and
production server are these: 1.
The production server and regional firewall were configured in
transparent mode, instead of NAT. Why? The original owner wanted it that way. 2.
The production server is running WS_FTP Server ver. 4.0 with a private SSL
Cert. The laptop is running IIS 5 with FTP services and no SSL. So,
I decided to change the configuration from transparent mode
to NAT mode since the original owner is gone and I have greater liberty. I
configured the new firewall for One-to-One NAT and gave the server all new
private IP addresses and a private gateway which matched the private IP of
the
firewall.
The public side of the firewall has the original public IP from the previous
firewall. I made sure that all of my route tables are correct. I then
reconfigured WS_FTP Server to use the new private IP address.
And rebooted the server. The result? I am able to communicate from the server
to the internet and can access the test websites on the server from the
internet, which means inbound and permitted outbound traffic is fine. This
is where I have my problem. When I attempt an FTP connection it makes the
initial Helo and will authenticate my username and password. I'm then prompted
regarding the SSL Certificate and am able to accept it. After a long pause
(I have my WS_FTP Pro client set for a 2 minute wait) I get an error that the
connection timed out, but I also get the "horn" that means the
connection was successful. In fact I even have the active button to disconnect
from the session. From what I figure, I'm actually logged in but not retrieving
the directory listing. As
for the NIC, it has two ports but I'm not using both ports at the same time so
there is no conflict of subnets and routes. I did switch ports on the card
thinking that perhaps there was a potential failure of that port. I
hope this helps to clarify my situation. I My feeling is that's something
simple that's not set or that I'm overlooking. Darned if I know what it is
though. Serveon, Inc. 302-529-8640 |
Title: Connection timeout error when making SSL connection
- [WS_FTP Forum] Connection timeout error when making SSL co... Troy D. Hilton
- RE: [WS_FTP Forum] Connection timeout error when maki... Claudio Robles
- RE: [WS_FTP Forum] Connection timeout error when ... Troy D. Hilton
- RE: [WS_FTP Forum] Connection timeout error w... Claudio Robles
- RE: [WS_FTP Forum] Connection timeout err... Troy D. Hilton
- RE: [WS_FTP Forum] Connection timeou... Troy D. Hilton
- RE: [WS_FTP Forum] Connection ti... Troy D. Hilton
- RE: [WS_FTP Forum] Connectio... Claudio Robles
- RE: [WS_FTP Forum] Connection timeout error when maki... Casey
- Re: [WS_FTP Forum] Connection timeout error when ... Barry West
- RE: [WS_FTP Forum] Connection timeout error w... Michael Blakley
- RE: [WS_FTP Forum] Connection timeout error when maki... Terry LeBlanc
- RE: [WS_FTP Forum] Connection timeout error when ... Troy D. Hilton