Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rate Thread Display Modes
Old 12-31-2009, 05:27 PM   #1
ArtX
Senior Member
FlashFXP Beta Tester
ioFTPD Foundation User
 
Join Date: Jan 2004
Posts: 301
Default 426 error

When trying to fxp from a friends pc to my own i always get the error

426 Connection closed: Incorrect function.

He uses drftpd and of course i use ioFTPD, now if i use filezilla ftp server, it works fine.

I have gone through ioftpd.ini many times reading and re-reading to see if i had missed something.

we both use ssl and i am behind a router, he can transfer directly to me and from me, as i can from him but if i try to fxp it fails with the above error.

All ports have been forwarded, am i missing anything, filezilla seems to be set exactly the same way as ioftpd and works.
ArtX is offline   Reply With Quote
Old 01-01-2010, 09:05 PM   #2
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

Going to need a bunch more data... First, is ioFTPD giving that 426 error message or drFTPD? I have never seen a windows machine spit out that error before...

Pay particular attention to the IP being returned in PASV responses when dealing with a local machine. I often enable the "use local IP" option in clients when connecting via a 192.168 or 127.* style address because I only configured one device in ioFTPD and that uses the external IP/host so everyone else sees the external IP. I'm not sure what address your client may use when you try to FXP but it's possible it's giving out the non-routable 192.168 address or whatever.

Are you trying to SSL FXP? Was SSCP setup correctly? Tried setting the alternate up/down modes so it switches the port/pasv roles when transferring files to get things to work in the other direction?

Is this an older version of io? Pre v7 or whatever did that have annoying FXP SSL bug which some version of SSL (in particular the one used by java/drftpd) triggered more often but that came up as the annoying Overlapped issue not the error you mentioned, but it's worth a double check.
Yil is offline   Reply With Quote
Old 01-02-2010, 03:38 AM   #3
ArtX
Senior Member
FlashFXP Beta Tester
ioFTPD Foundation User
 
Join Date: Jan 2004
Posts: 301
Default

Quote:
Originally Posted by Yil View Post
Going to need a bunch more data... First, is ioFTPD giving that 426 error message or drFTPD? I have never seen a windows machine spit out that error before...
Yes it is ioFTPD giving that error

Quote:
Originally Posted by Yil View Post
Pay particular attention to the IP being returned in PASV responses when dealing with a local machine. I often enable the "use local IP" option in clients when connecting via a 192.168 or 127.* style address because I only configured one device in ioFTPD and that uses the external IP/host so everyone else sees the external IP. I'm not sure what address your client may use when you try to FXP but it's possible it's giving out the non-routable 192.168 address or whatever.
I have tried every combination i can think of to get pasv working as it should, none seem to work

Quote:
Originally Posted by Yil View Post
Are you trying to SSL FXP? Was SSCP setup correctly? Tried setting the alternate up/down modes so it switches the port/pasv roles when transferring files to get things to work in the other direction?
Yes i am trying to use SSL and i have already tried all you have suggested

Quote:
Originally Posted by Yil View Post
Is this an older version of io? Pre v7 or whatever did that have annoying FXP SSL bug which some version of SSL (in particular the one used by java/drftpd) triggered more often but that came up as the annoying Overlapped issue not the error you mentioned, but it's worth a double check.
No this is the latest ioFTPD

I will try with a fresh install, and double and triple check the settings again
ArtX is offline   Reply With Quote
Old 01-02-2010, 04:34 AM   #4
ArtX
Senior Member
FlashFXP Beta Tester
ioFTPD Foundation User
 
Join Date: Jan 2004
Posts: 301
Default

[R] 227 Entering Passive Mode (xxx,xxx,xxx,xxx,195,88) obscured for obvious reasons
[R] Opening data connection IP: 192.168.0.1 PORT: 50008

[R] 150 Opening BINARY mode data connection for test.txt
[R] 426 Connection closed: Incorrect function.

does the same if its the internal address for both, ports are forwarded in the router, because as i said filezilla ftp server works, i can send you ioFTPD.ini in pm if you like to see if i haven't overlooked anything
ArtX is offline   Reply With Quote
Old 01-03-2010, 01:36 PM   #5
Yil
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
 
Join Date: May 2005
Posts: 1,194
Default

I could be mistaken but I think you actually show the problem right there in the cut/pasted lines. You xxx'd out the external IP so I'm assuming it isn't the 192.168.0.1 shown just below it. Can you confirm that is the internal IP of the machine and not the router which often gets a .1 address?

If that is the case then you probably have a 'use site IP' or something option enabled in your FTP client. This may be required for things to work locally in your current configuration because not all routers forward internal packets using the external IP back to the internal one. Thus it appears you have no choice but to enable that option to get it to work.

If you disable the 'site IP' option and directory listings, etc break then setup a 2nd site for testing and using the same login/pass/etc but don't enable the 'use site IP' option and try to use 'STAT -l' for listings, and also disable PASV mode transfers. When using active mode you'll be giving the server your own local address and it won't have any trouble connecting back to you. That should allow you to list files over the command channel, FXP using the external IP, and transfer locally using active mode which is all you need

There are two reasons that setup might not work as you want. You aren't actually reporting your external IP correctly in the PASV replies which means HOST= needs updating, or the server doesn't have the ability to create outbound TCP connections because of a firewall. Both should be somewhat easy to verify aren't the case.

Which FTP client are you using if that doesn't work? I'll see if I can get the exact client settings for you. Feel free to PM/FTP me a cut of the logfile from login to an attempted file transfer and the .ini file and I'll see what I can make of it.
Yil is offline   Reply With Quote
Old 01-03-2010, 02:39 PM   #6
ArtX
Senior Member
FlashFXP Beta Tester
ioFTPD Foundation User
 
Join Date: Jan 2004
Posts: 301
Default

Quote:
Originally Posted by Yil View Post
I could be mistaken but I think you actually show the problem right there in the cut/pasted lines. You xxx'd out the external IP so I'm assuming it isn't the 192.168.0.1 shown just below it. Can you confirm that is the internal IP of the machine and not the router which often gets a .1 address?
The one i crossed out is my external ip address, 192.168.0.1 is internal, i can set it so that it shows external for both but then i cant connect

Quote:
Originally Posted by Yil View Post
If that is the case then you probably have a 'use site IP' or something option enabled in your FTP client. This may be required for things to work locally in your current configuration because not all routers forward internal packets using the external IP back to the internal one. Thus it appears you have no choice but to enable that option to get it to work.
]If you disable the 'site IP' option and directory listings, etc break then setup a 2nd site for testing and using the same login/pass/etc but don't enable the 'use site IP' option and try to use 'STAT -l' for listings, and also disable PASV mode transfers. When using active mode you'll be giving the server your own local address and it won't have any trouble connecting back to you. That should allow you to list files over the command channel, FXP using the external IP, and transfer locally using active mode which is all you need
I think i tried the setup you mention, but i will double check, might have to wait a day or so as im in bed with flu like symptoms - so the doctor says

Quote:
Originally Posted by Yil View Post
There are two reasons that setup might not work as you want. You aren't actually reporting your external IP correctly in the PASV replies which means HOST= needs updating, or the server doesn't have the ability to create outbound TCP connections because of a firewall. Both should be somewhat easy to verify aren't the case.
HOST = atm has my external ip address, is that correct ?

Quote:
Originally Posted by Yil View Post
Which FTP client are you using if that doesn't work? I'll see if I can get the exact client settings for you. Feel free to PM/FTP me a cut of the logfile from login to an attempted file transfer and the .ini file and I'll see what I can make of it.
FTP client is flashfxp, have tried it with 3.6 , 3.7x betas and the 4.x betas, i was wondering, because drftpd sends files from different machines, could this be the issuse? Either flash or ioFTPD is expecting a connection from the machine i originally connected to, but the information is comming from a different ftp ip?

As i say i will try what you suggested in a day or so, not feeling to good atm

edit: think i may have found something, i must be ill because i went looking at the system logs, everytime i get an error, i get these two alerts in the logs

Log Name: System
Source: Schannel
Date: 03/01/2010 20:28:18
Event ID: 36874
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: VashTheStampede
Description:
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

and

Log Name: System
Source: Schannel
Date: 03/01/2010 20:28:18
Event ID: 36888
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: VashTheStampede
Description:
The following fatal alert was generated: 40. The internal error state is 1204.

i have verified that this happens when transfering as i matched the times of the errors to when i did test transfers

Last edited by ArtX; 01-03-2010 at 03:32 PM.
ArtX is offline   Reply With Quote
Old 01-04-2010, 05:30 PM   #7
ArtX
Senior Member
FlashFXP Beta Tester
ioFTPD Foundation User
 
Join Date: Jan 2004
Posts: 301
Default

soredt now, seems it was an oversight on my part, don't put min cypher over 168bit if your using drftpd sites, it doesn't like it

Thanks to Yil for helping me find the very simple solution
ArtX is offline   Reply With Quote
Old 02-08-2010, 05:42 PM   #8
djb61
Junior Member
FlashFXP Registered User
 
Join Date: Jul 2005
Posts: 2
Default

As I am a drftpd developer I thought I'd comment on the problem with ciphers over a certain length. As you probably know drftpd is written in Java, the standard Java runtime/SDK downloads from Sun ship with limitations to the encryption strength they support (due to US government export controls if I remember correctly).

I expect the site(s) you were testing were running a standard Java runtime for the drftpd daemon, if the site installed the export cryptography addon into their Java runtime then I would expect to find that that the key length restriction disappears and higher strength ciphers are now permitted.
djb61 is offline   Reply With Quote
Reply

Tags
error, filezilla, ftp, fxp, works

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:15 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)