On Thu, Oct 10, 2024 at 8:44 PM Jeffrey Walton <noloader@xxxxxxxxx> wrote: > > On Thu, Oct 10, 2024 at 8:43 AM Tim via users > <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > > On Wed, 2024-10-09 at 15:03 +0100, Will McDonald wrote: > > > If it's definitely FTPS (as opposed to SSH-based SFTP) it looks like > > > that needs ports 990 and 989. > > > > > > https://en.wikipedia.org/wiki/FTPS > > > > The Filezilla configuration is FTP protocol, explicit FTP over TLS. > > > > > You've already mostly discounted tethering as a cause. So it's > > > probably either firewall or potential certificate-related. Does the > > > working system have anything additional configured in terms of > > > Certificate Authority? Compare / contrast /etc/pki/ca-trust/ between > > > the systems. > > > > I'm still highly suspicious of the tethering (perhaps there's some > > peculiar NAT in the phone), even if it does work on another PC. > > > > At the moment I'm playing with just one PC. Either plugging it's > > ethernet into a router (which does work), or disconnecting and using > > USB tethering (which only partially works). > > > > I'll have a look at the other PC on another email. > > > > > Compare the output of `firewall-cmd --list-all` between the hosts. > > > > > > You haven't said what error Filezilla gives when it fails to work. > > > > Ooops, forgot that... Bowdlerised connection addresses used below: > > > > Firstly, a working example of normal ethernet connection on the same PC > > to the remote FTP server: > > > > Upon starting a connection, I'm immediately shown a pop-up window about > > the SSL certificate, about it being unknown, to authorise it now (and > > optionally forever). Since I haven't clicked the remember for the > > future option, I always get prompted. > > > > Status: Resolving address of example.com > > Status: Connecting to 93.184.215.14:21... > > Status: Connection established, waiting for welcome message... > > Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- > > Response: 220-You are user number 2 of 100 allowed. > > Response: 220-Local time is now 22:08. Server port: 21. > > Response: 220-This is a private system - No anonymous login > > Response: 220-IPv6 connections are also welcome on this server. > > Response: 220 You will be disconnected after 15 minutes of inactivity. > > Command: AUTH TLS > > Response: 234 AUTH TLS OK. > > Status: Initializing TLS... > > Status: Verifying certificate... > > Command: USER example > > Status: TLS/SSL connection established. > > Response: 331 User example OK. Password required > > Command: PASS ************************************** > > Response: 230 OK. Current restricted directory is / > > Command: SYST > > Response: 215 UNIX Type: L8 > > Command: FEAT > > Response: 211-Extensions supported: > > Response: UTF8 > > Response: EPRT > > Response: IDLE > > Response: MDTM > > Response: SIZE > > Response: MFMT > > Response: REST STREAM > > Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; > > Response: MLSD > > Response: PRET > > Response: AUTH TLS > > Response: PBSZ > > Response: PROT > > Response: TVFS > > Response: ESTA > > Response: PASV > > Response: EPSV > > Response: ESTP > > Response: 211 End. > > Command: OPTS UTF8 ON > > Response: 504 Unknown command > > Command: PBSZ 0 > > Response: 200 PBSZ=0 > > Command: PROT P > > Response: 200 Data protection level set to "private" > > Status: Connected > > Status: Retrieving directory listing... > > Command: CWD /www > > Response: 250 OK. Current directory is /public_html > > Command: PWD > > Response: 257 "/public_html" is your current location > > Command: TYPE I > > Response: 200 TYPE is now 8-bit binary > > Command: PASV > > Response: 227 Entering Passive Mode (93,184,215,14,246,146) > > Command: MLSD > > Response: 150 Accepted data connection > > Response: 226 86 matches total > > Status: Directory listing successful > > > > > > =================================================================== > > > > > > Failed example of USB tethered connection. And I get the same if I > > allow ports 990 and 980 through the PC's firewall (which I suspect are > > really ports that the server, the far end, needs to use). Heck knows > > anything about the network configuration (beyond basic IP addresses) of > > the Android phone being used for the tethering. Though I have to say > > that can't think of anything else that's failed going through it > > > > No window pops up asking me to check the certificate when I try to > > connect, and this is all that Filezilla logs about it. > > > > > > Status: Resolving address of example.com > > Status: Connecting to 93.184.215.14:21... > > Status: Connection established, waiting for welcome message... > > Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- > > Response: 220-You are user number 2 of 100 allowed. > > Response: 220-Local time is now 22:06. Server port: 21. > > Response: 220-This is a private system - No anonymous login > > Response: 220-IPv6 connections are also welcome on this server. > > Response: 220 You will be disconnected after 15 minutes of > > inactivity. > > Command: AUTH TLS > > Response: 504 Command not implemented for that parameter > > Command: AUTH SSL > > Response: 504 Command not implemented for that parameter > > Error: Critical error > > Error: Could not connect to server > > > > > > That's the end of it, it's most odd that the AUTH TLS command is > > rejected. > > > > The server only allows secure connections, so I can't avoid it. > > I did not comment earlier, but I suspect there's a proxy in play for > your mobile connection. That's why things work as expected using your > PC, but fail over mobile. > > I suspect you are being intercepted somewhere along the mobile path. > It may be on the device using some sort of antivirus package, or by an > application server or caching proxy server. > > If possible, you should try on a mobile device using an OS like > LineageOS. LineageOS does not include all the extra crap bundled by > carriers. The first thing I do with my Pixel devices is get rid of > Android (and the carrier mods) and load LineageOS. See > <https://lineageos.org/>. Another test to perform: turn off your 4G/5G radio, and connect using Wifi. If the problem disappears, then suspect the carrier's network. If the problem persists, then suspect the device. Jeff -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
