FtpWebRequest working with Explicit TLS/SSL

Question

Hi, I am trying to transfer file over explicit TLS/SSL.

Looks like the FtpWebRequest in .NET upto 3.5 wouldn't working either I enabled UsePassive or not. If it is disabled, I think there are firewall/router configure to deal with (for Active mode), which once the application deployed on client's machine I don't have any control and most likely wouldn't working straight away.

But if I disabled UserPassive, it will throw a "The server returned an address in response to the PASV command that is different than the address to which the FTP connection was made." and according to this thread:

http://stackoverflow.com/questions/2709498/the-server-returned-an-address-in-response-to-the-pasv-command-that-is-different and

https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=97409&wa=wsignin1.0 still doesn't work.

By the way ,if I know exactly the public IP and internal IP, is there a way for me to accept the new internal IP address, so it will at least working? The first link get it working, but I don't understand why and how he managed did that? what is myProxyServerIP? Do I have to have a proxy server?

The strange thing is even though my application couldn't downloadfile or listdirectory though ftp, but it will successfully delete file in the server and give success code? My guess it that my application can only pass/sent control/command code to the ftp server but have trouble get data though other ports from server?

Answer 1

Hello, there are multiple questions, let's try to address them one by one:

Why delete works but upload, download and list doesn't?

FTP protocol uses two separate connections. First (called control connection) is used for commands with simple response - such as login, delete, make directory etc. Usually it runs on port 21.

When FTP client requests data transfer operation another connection (called data connection) is established. In active mode the FTP server connects to the client, and in passive mode the client connects to the server. If this connection is blocked by a firewall the data transfer operation fails. Data transfer operations are upload, download and also directory listing. This is why delete works while list does not.

The server returned an address in response to the PASV command that is different than the address to which the FTP connection was made

In passive mode FTP conversation goes as follows:

client: PASV
(i would like to transfer files. Tell me which port and ip address should I use)

server: 227 Entering Passive Mode (172,16,3,4,204,173)
(ok, use port 52397 on IP address 172.16.3.4.)

client: connects to this IP address/port and starts data transfer.

It can cause problem on FTP servers with multiple IP addresses. I've encountered some FTP servers which have public IP address (let's say 1.2.3.4) and a private one (192.168.2.3).

When FTP client connected to public IP address (1.2.3.4) and requested data transfer operation server instructed him to use the private IP address (192.168.2.3). It is impossible because it was NATed.

Solution

Switching to Active mode.

In active mode FTP server connects to FTP client for data transfers. It would solve this issue, but is not firewall friendly. It will not work when incomming commections are blocked (very common).

Ignoring IP address send as response to PASV command

If the public ftp server IP address is a public one, and IP address returned as a response for PASV command is from private range (such as 10., 192.168.). In such case the FTP client should use the public IP address.

This is exactly what does our Rebex FTP do in such situation. It works well (this behavior can be switched off). I don't know whether similar workaround is possible with FtpWebRequest.

You can download trial and check whether it solves your problem.