On Wed, 2024-10-09 at 15:03 +0100, Will McDonald wrote: > If it's definitely FTPS (as opposed to SSH-based SFTP) it looks like > that needs ports 990 and 989. > > https://en.wikipedia.org/wiki/FTPS The Filezilla configuration is FTP protocol, explicit FTP over TLS. > You've already mostly discounted tethering as a cause. So it's > probably either firewall or potential certificate-related. Does the > working system have anything additional configured in terms of > Certificate Authority? Compare / contrast /etc/pki/ca-trust/ between > the systems. I'm still highly suspicious of the tethering (perhaps there's some peculiar NAT in the phone), even if it does work on another PC. At the moment I'm playing with just one PC. Either plugging it's ethernet into a router (which does work), or disconnecting and using USB tethering (which only partially works). I'll have a look at the other PC on another email. > Compare the output of `firewall-cmd --list-all` between the hosts. > > You haven't said what error Filezilla gives when it fails to work. Ooops, forgot that... Bowdlerised connection addresses used below: Firstly, a working example of normal ethernet connection on the same PC to the remote FTP server: Upon starting a connection, I'm immediately shown a pop-up window about the SSL certificate, about it being unknown, to authorise it now (and optionally forever). Since I haven't clicked the remember for the future option, I always get prompted. Status: Resolving address of example.com Status: Connecting to 93.184.215.14:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 2 of 100 allowed. Response: 220-Local time is now 22:08. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Response: 234 AUTH TLS OK. Status: Initializing TLS... Status: Verifying certificate... Command: USER example Status: TLS/SSL connection established. Response: 331 User example OK. Password required Command: PASS ************************************** Response: 230 OK. Current restricted directory is / Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Extensions supported: Response: UTF8 Response: EPRT Response: IDLE Response: MDTM Response: SIZE Response: MFMT Response: REST STREAM Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; Response: MLSD Response: PRET Response: AUTH TLS Response: PBSZ Response: PROT Response: TVFS Response: ESTA Response: PASV Response: EPSV Response: ESTP Response: 211 End. Command: OPTS UTF8 ON Response: 504 Unknown command Command: PBSZ 0 Response: 200 PBSZ=0 Command: PROT P Response: 200 Data protection level set to "private" Status: Connected Status: Retrieving directory listing... Command: CWD /www Response: 250 OK. Current directory is /public_html Command: PWD Response: 257 "/public_html" is your current location Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (93,184,215,14,246,146) Command: MLSD Response: 150 Accepted data connection Response: 226 86 matches total Status: Directory listing successful =================================================================== Failed example of USB tethered connection. And I get the same if I allow ports 990 and 980 through the PC's firewall (which I suspect are really ports that the server, the far end, needs to use). Heck knows anything about the network configuration (beyond basic IP addresses) of the Android phone being used for the tethering. Though I have to say that can't think of anything else that's failed going through it No window pops up asking me to check the certificate when I try to connect, and this is all that Filezilla logs about it. Status: Resolving address of example.com Status: Connecting to 93.184.215.14:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 2 of 100 allowed. Response: 220-Local time is now 22:06. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Response: 504 Command not implemented for that parameter Command: AUTH SSL Response: 504 Command not implemented for that parameter Error: Critical error Error: Could not connect to server That's the end of it, it's most odd that the AUTH TLS command is rejected. The server only allows secure connections, so I can't avoid it. -- uname -rsvp Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
