FTP server via SOCKS5 Proxy can only be LISTed with firefox, no ftp clients

0

I try to retrieve a folder from a FTP server which I connect to through a SOCKS5 proxy (ssh -D). When configuring Firefox (v20, v22) to use the SOCKS5 proxy I can without problems explore the ftp server's content. However what I need to download is a folder with a lot of content and firefox user interface only provide single file downloading, which is painful in this situation. So I try to connect to this ftp server with filezilla using the passive mode and everything works fine until filezilla issues the MLSD command, at this point the ftp server does not answer.

Status: Connecting to XXX through proxy
Status: Connecting to 127.0.0.1:9999...
Status: Connection with proxy established, performing handshake...
Status: Connection established, waiting for welcome message...
Response:   220 ProFTPD 1.3.4a Server (TiNT) [::X]
Command:    USER anonymous
Response:   331 Authentification anonyme OK, envoyez votre adresse de courriel complète comme mot de passe
Command:    PASS **************
Response:   230 Accès anonyme autorisé, application des restrictions
Command:    SYST
Response:   215 UNIX Type: L8
Command:    FEAT
Response:   211-Features:
Response:    LANG fr-FR.UTF-8*;fr-FR
Response:    MDTM
Response:    MFMT
Response:    TVFS
Response:    UTF8
Response:    MFF modify;UNIX.group;UNIX.mode;
Response:    MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Response:    SITE MKDIR
Response:    SITE RMDIR
Response:    SITE UTIME
Response:    SITE SYMLINK
Response:    REST STREAM
Response:    SITE COPY
Response:    SIZE
Response:   211 Fin
Command:    OPTS UTF8 ON
Response:   200 UTF-8 activé
Status: Connected
Status: Retrieving directory listing...
Command:    CWD Y
Response:   250 Commande CWD exécutée avec succès
Command:    PWD
Response:   257 Y" est le répertoire courant
Command:    TYPE I
Response:   200 Type paramétré à I
Command:    PASV
Response:   227 Entering Passive Mode (X,224,74).
Command:    MLSD
Status: Connecting to 127.0.0.1:9999...
Status: Connection with proxy established, performing handshake...
Error:  Connection timed out
Error:  Failed to retrieve directory listing

Sniffing firefox with wireshark told me firefox uses LIST instead of MLSD as first command but I could not find a dedicated ftp client sniffer giving me a clean list of commands used by firefox and I don't know what to look at in wireshark.

Any ideas on how to make filezilla work? On what to look in wireshark to try to understand the difference of behavior of firefox and filezilla?

(I am not an administrator of the ftp server so I cannot see its logs/change its configuration. This ftp server is on the same sub-network than the machine I ssh -D into.

jolivier

Posted 2013-07-07T17:24:59.437

Reputation: 167

Answers

0

You should check if Firefox uses active mode (PORT) or passive mode (PASV). It should be PASV as well as if PORT is used, the data connection will likely be done outside the proxy connection.

In the given example, the server/proxy replied to PASV with X,224,74 which translates to X:57418 (224 * 256 + 74). You should check that the connection through the proxy is properly forwarded, so you should see a connection request to X, port 57418 from the other end of the proxy/tunnel - you can check with tcpdump on that end.

The only difference between LIST and MLSD is the directory list formatting. LIST basically is free-form text which is a pain to parse whereas MLSD is a well-defined format which is suited to machine parsing.

I did a local test, by running ssh -D 12345 localhost and configuring a generic proxy on localhost port 12345 in FileZilla 3.5.3 (pretty old version). Connecting to ftp.kernel.org just works.

Status: Connecting to 127.0.0.1:12345...
Status: Connection with proxy established, performing handshake...
Status: Connection established, waiting for welcome message...
Response:   220 Welcome to kernel.org
Command:    USER anonymous
Response:   331 Please specify the password.
Command:    PASS **************
Response:   230 Login successful.
Command:    SYST
Response:   215 UNIX Type: L8
Command:    FEAT
Response:   211-Features:
Response:    EPRT
Response:    EPSV
Response:    MDTM
Response:    PASV
Response:    REST STREAM
Response:    SIZE
Response:    TVFS
Response:    UTF8
Response:   211 End
Command:    OPTS UTF8 ON
Response:   200 Always in UTF8 mode.
Status: Connected
Status: Retrieving directory listing...
Command:    CWD /pub
Response:   250 Directory successfully changed.
Command:    PWD
Response:   257 "/pub"
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (198,145,20,140,120,140).
Command:    LIST
Status: Connecting to 127.0.0.1:12345...
Status: Connection with proxy established, performing handshake...
Response:   150 Here comes the directory listing.
Response:   226 Directory send OK.
Status: Directory listing successful

Shi

Posted 2013-07-07T17:24:59.437

Reputation: 659

Asked: 2013-07-07T17:24:59.437

Viewed: 2 755 times

Active: 2020-02-14T01:01:30.297