I have CoreFTP running on port 990 (which I presume is FTPS), the PASV port range is 6000-6030 (which are opened on the firewall), and SSH/SFTP running on port 22.
When I VPN in and access the server by the internal IP, the connection is to port 22, andthe client says sftp://internal_ip. I can also connection to port 990 no problems, but this connection also seems to be doing SFTP and not FTPS, and when I do a packet capture, the PASV command isn't used, and consequently the PASV port range is not used. Does this sound correct?
Accessing the server by the external IP, I have no problems connection to port 22. However, when I attempt a connection to port 990, I get a failure to retrieve directory listing because the TLS connection was non-properly terminated. I've done a packet capture on both my firewall and local workstation, and I never see any connection attempts on anything but 990. Does anyone have an idea of what's going on? I've attached a couple packet captures from the VPN and public access.
The reason I'm trying to do this is that one of our vendors continues to get a disconnect on port SCP port 22, so I thought I'd try to setup FTPS. Thanks
==== internal capture ====
1: 05:10:00.021513 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: S 174156732:174156732(0) win 8192 <mss 1380,nop,wscale 8,nop,nop,sackOK>
2: 05:10:00.021864 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: S 2420062241:2420062241(0) ack 174156733 win 16384 <mss 1460,nop,wscale 0,nop,nop,sackOK>
3: 05:10:00.035169 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: . ack 2420062242 win 258
4: 05:10:00.051068 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174156733:174156907(174) ack 2420062242 win 258
5: 05:10:00.181921 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420062242:2420062991(749) ack 174156907 win 65361
6: 05:10:00.197438 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174156907:174157046(139) ack 2420062991 win 255
7: 05:10:00.197469 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157046:174157052(6) ack 2420062991 win 255
8: 05:10:00.197499 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157052:174157093(41) ack 2420062991 win 255
9: 05:10:00.197819 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: . ack 174157093 win 65175
10: 05:10:00.200963 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420062991:2420063038(47) ack 174157093 win 65175
11: 05:10:00.417565 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: . ack 2420063038 win 255
12: 05:10:00.417779 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063038:2420063118(80) ack 174157093 win 65175
13: 05:10:00.434700 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157093:174157133(40) ack 2420063118 win 255
14: 05:10:00.435798 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063118:2420063179(61) ack 174157133 win 65135
15: 05:10:00.447089 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157133:174157173(40) ack 2420063179 win 255
16: 05:10:00.449287 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063179:2420063219(40) ack 174157173 win 65095
17: 05:10:00.675410 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: . ack 2420063219 win 254
18: 05:10:00.675563 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063219:2420063250(31) ack 174157173 win 65095
19: 05:10:00.687082 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157173:174157204(31) ack 2420063250 win 254
20: 05:10:00.687342 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063250:2420063294(44) ack 174157204 win 65064
21: 05:10:00.698984 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157204:174157235(31) ack 2420063294 win 254
22: 05:10:00.699213 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063294:2420063345(51) ack 174157235 win 65033
23: 05:10:00.916425 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: . ack 2420063345 win 254
24: 05:10:00.916593 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063345:2420063451(106) ack 174157235 win 65033
25: 05:10:00.929166 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157235:174157268(33) ack 2420063451 win 254
26: 05:10:00.929441 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063451:2420063500(49) ack 174157268 win 65000
27: 05:10:00.945660 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157268:174157301(33) ack 2420063500 win 253
28: 05:10:00.945889 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063500:2420063579(79) ack 174157301 win 64967
29: 05:10:00.963008 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157301:174157331(30) ack 2420063579 win 253
30: 05:10:00.963252 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063579:2420063634(55) ack 174157331 win 64937
31: 05:10:00.979014 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157331:174157364(33) ack 2420063634 win 258
32: 05:10:00.979212 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063634:2420063678(44) ack 174157364 win 64904
33: 05:10:00.996149 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157364:174157395(31) ack 2420063678 win 258
34: 05:10:00.998453 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063678:2420063758(80) ack 174157395 win 64873
35: 05:10:01.014510 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157395:174157447(52) ack 2420063758 win 258
36: 05:10:01.014739 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063758:2420063812(54) ack 174157447 win 64821
37: 05:10:01.029142 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: P 174157447:174157478(31) ack 2420063812 win 258
38: 05:10:01.029478 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063812:2420063877(65) ack 174157478 win 64790
39: 05:10:01.030271 802.1Q vlan#1 P0 192.168.100.50.4273 > 192.168.200.14.1388: S 2149675631:2149675631(0) win 65535 <mss 1460,nop,nop,sackOK>
40: 05:10:01.044370 802.1Q vlan#1 P0 192.168.200.14.1388 > 192.168.100.50.4273: S 913746756:913746756(0) ack 2149675632 win 8192 <mss 1460,nop,nop,sackOK>
41: 05:10:01.044522 802.1Q vlan#1 P0 192.168.100.50.4273 > 192.168.200.14.1388: . ack 913746757 win 65535
42: 05:10:01.061840 802.1Q vlan#1 P0 192.168.200.14.1388 > 192.168.100.50.4273: P 913746757:913746907(150) ack 2149675632 win 65535
43: 05:10:01.062206 802.1Q vlan#1 P0 192.168.100.50.4273 > 192.168.200.14.1388: P 2149675632:2149676381(749) ack 913746907 win 65385
44: 05:10:01.077571 802.1Q vlan#1 P0 192.168.200.14.1388 > 192.168.100.50.4273: P 913746907:913747046(139) ack 2149676381 win 64786
45: 05:10:01.254701 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: . ack 2420063877 win 257
46: 05:10:01.291000 802.1Q vlan#1 P0 192.168.100.50.4273 > 192.168.200.14.1388: . ack 913747046 win 65246
47: 05:10:01.315825 802.1Q vlan#1 P0 192.168.200.14.1388 > 192.168.100.50.4273: P 913747046:913747093(47) ack 2149676381 win 64786
48: 05:10:01.316206 802.1Q vlan#1 P0 192.168.100.50.4273 > 192.168.200.14.1388: P 2149676381:2149676428(47) ack 913747093 win 65199
49: 05:10:01.316756 802.1Q vlan#1 P0 192.168.100.50.4273 > 192.168.200.14.1388: FP 2149676428:2149676725(297) ack 913747093 win 65199
50: 05:10:01.317427 802.1Q vlan#1 P0 192.168.100.50.990 > 192.168.200.14.1387: P 2420063877:2420063925(48) ack 174157478 win 64790
51: 05:10:01.336866 802.1Q vlan#1 P0 192.168.200.14.1388 > 192.168.100.50.4273: . ack 2149676726 win 64442
52: 05:10:01.336896 802.1Q vlan#1 P0 192.168.200.14.1388 > 192.168.100.50.4273: P 913747093:913747120(27) ack 2149676726 win 64442
53: 05:10:01.337079 802.1Q vlan#1 P0 192.168.200.14.1388 > 192.168.100.50.4273: F 913747120:913747120(0) ack 2149676726 win 64442
54: 05:10:01.337384 802.1Q vlan#1 P0 192.168.100.50.4273 > 192.168.200.14.1388: R 2149676726:2149676726(0) ack 913747120 win 0
55: 05:10:01.337415 802.1Q vlan#1 P0 192.168.100.50.4273 > 192.168.200.14.1388: R 2149676726:2149676726(0) win 0
56: 05:10:01.538958 802.1Q vlan#1 P0 192.168.200.14.1387 > 192.168.100.50.990: . ack 2420063925 win 257
57: 05:10:02.370662 802.1Q vlan#1 P0 192.168.200.14.58393 > 192.168.100.60.53: udp 41
58: 05:10:02.379329 802.1Q vlan#1 P0 192.168.100.60.53 > 192.168.200.14.58393: udp 57
59: 05:10:02.715111 802.1Q vlan#1 P0 192.168.200.14.58714 > 192.168.100.60.53: udp 34
60: 05:10:02.715523 802.1Q vlan#1 P0 192.168.100.60.53 > 192.168.200.14.58714: udp 347
60 packets shown
==== /internal capture ====
==== public capture ====
1: 05:14:22.594787 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: S 379778296:379778296(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
2: 05:14:22.595214 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: S 1868458187:1868458187(0) ack 379778297 win 16384 <mss 1380,nop,wscale 0,nop,nop,sackOK>
3: 05:14:22.606291 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: . ack 1868458188 win 16560
4: 05:14:22.624128 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778297:379778471(174) ack 1868458188 win 16560
5: 05:14:22.726143 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868458188:1868458937(749) ack 379778471 win 65361
6: 05:14:22.742164 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778471:379778610(139) ack 1868458937 win 16372
7: 05:14:22.742210 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778610:379778616(6) ack 1868458937 win 16372
8: 05:14:22.742240 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778616:379778657(41) ack 1868458937 win 16372
9: 05:14:22.742957 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: . ack 379778616 win 65216
10: 05:14:22.745521 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868458937:1868458984(47) ack 379778657 win 65175
11: 05:14:22.957866 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: . ack 1868458984 win 16361
12: 05:14:22.958019 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868458984:1868459064(80) ack 379778657 win 65175
13: 05:14:23.259874 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: . ack 1868459064 win 16341
14: 05:14:24.251924 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778657:379778697(40) ack 1868459064 win 16341
15: 05:14:24.252245 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459064:1868459125(61) ack 379778697 win 65135
16: 05:14:24.265855 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778697:379778737(40) ack 1868459125 win 16325
17: 05:14:24.268083 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459125:1868459165(40) ack 379778737 win 65095
18: 05:14:24.485906 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: . ack 1868459165 win 16315
19: 05:14:24.486379 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459165:1868459196(31) ack 379778737 win 65095
20: 05:14:24.498143 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778737:379778768(31) ack 1868459196 win 16308
21: 05:14:24.498494 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459196:1868459240(44) ack 379778768 win 65064
22: 05:14:24.511768 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778768:379778799(31) ack 1868459240 win 16297
23: 05:14:24.511982 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459240:1868459291(51) ack 379778799 win 65033
24: 05:14:24.725060 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: . ack 1868459291 win 16284
25: 05:14:24.725334 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459291:1868459397(106) ack 379778799 win 65033
26: 05:14:24.743934 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778799:379778832(33) ack 1868459397 win 16257
27: 05:14:24.744346 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459397:1868459446(49) ack 379778832 win 65000
28: 05:14:24.768682 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778832:379778865(33) ack 1868459446 win 16245
29: 05:14:24.769262 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459446:1868459525(79) ack 379778865 win 64967
30: 05:14:24.798680 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778865:379778895(30) ack 1868459525 win 16225
31: 05:14:24.799259 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459525:1868459580(55) ack 379778895 win 64937
32: 05:14:24.819842 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778895:379778928(33) ack 1868459580 win 16560
33: 05:14:24.820285 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459580:1868459624(44) ack 379778928 win 64904
34: 05:14:24.836489 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778928:379778959(31) ack 1868459624 win 16549
35: 05:14:24.838289 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459624:1868459704(80) ack 379778959 win 64873
36: 05:14:24.861039 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379778959:379779009(50) ack 1868459704 win 16529
37: 05:14:24.862244 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459704:1868459758(54) ack 379779009 win 64823
38: 05:14:24.884292 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: P 379779009:379779040(31) ack 1868459758 win 16515
39: 05:14:24.885345 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459758:1868459823(65) ack 379779040 win 64792
40: 05:14:25.113351 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: . ack 1868459823 win 16499
41: 05:14:45.055966 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: F 379779040:379779040(0) ack 1868459823 win 16499
42: 05:14:45.056225 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: . ack 379779041 win 64792
43: 05:14:46.096125 802.1Q vlan#2 P0 x.x.x.195.990 > y,y,y.167.1410: P 1868459823:1868459886(63) ack 379779041 win 64792
44: 05:14:46.107706 802.1Q vlan#2 P0 y,y,y.167.1410 > x.x.x.195.990: R 379779041:379779041(0) ack 1868459886 win 0
44 packets shown
==== /public capture ==== capture ====
Problem with SFTP - Failed to retrieve directory listing
Working
What you described was exactly how I had it configured. I believe the problem was with the IP/hostname for the PASV settings. Internally, the hostname resolves to a private IP, and I believe that is what was being handed out to the clients. When I put the public IP in field and restarted the service, we had instant connection. Take care.