terça-feira, 25 de maio de 2021

Apache FtpServer (Apache MINA) Exception with Passive Ports

The below error message in Apache FtpServer (Apache MINA) happens when you try to use Passive Ports below 1024, when the Ftp Client send the passive command "quote pasv" the FtpServer throws the Exception.

java.net.ConnectException: Connection timed out (Connection timed out)

    at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)

    at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)

    at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)

    at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)

    at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)

    at java.base/java.net.Socket.connect(Socket.java:609)

    at java.base/java.net.Socket.connect(Socket.java:558)

    at org.apache.ftpserver.impl.IODataConnectionFactory.createDataSocket(IODataConnectionFactory.java:311)

    at org.apache.ftpserver.impl.IODataConnectionFactory.openConnection(IODataConnectionFactory.java:257)

    at org.apache.ftpserver.command.impl.NLST.execute(NLST.java:101)

    at org.apache.ftpserver.impl.DefaultFtpHandler.messageReceived(DefaultFtpHandler.java:211)

    at org.apache.ftpserver.listener.nio.FtpHandlerAdapter.messageReceived(FtpHandlerAdapter.java:62)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:858)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:947)

    at org.apache.ftpserver.listener.nio.FtpLoggingFilter.messageReceived(FtpLoggingFilter.java:85)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:947)

    at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)

    at org.apache.mina.filter.logging.MdcInjectionFilter.filter(MdcInjectionFilter.java:135)

    at org.apache.mina.filter.util.CommonEventFilter.messageReceived(CommonEventFilter.java:70)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:947)

    at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:398)

    at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:234)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)

    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:947)

    at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)

    at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)

    at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTask(OrderedThreadPoolExecutor.java:770)

    at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTasks(OrderedThreadPoolExecutor.java:762)

    at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.run(OrderedThreadPoolExecutor.java:704)

    at java.base/java.lang.Thread.run(Thread.java:834)


To solve this problem use Passive Ports ABOVE 1024, so using 10000-10100 solved my problem:

Sample working configuration:

<server xmlns="http://mina.apache.org/ftpserver/spring/v1"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xsi:schemaLocation="

       http://mina.apache.org/ftpserver/spring/v1 http://mina.apache.org/ftpserver/ftpserver-1.0.xsd"

       id="myServer">

    <listeners>

        <nio-listener name="default" port="21">

            <ssl>

                <keystore file="./res/ftpserver.jks" password="password" />

            </ssl>

        <data-connection idle-timeout="60">

            <passive ports="10000-10100" external-address="200.1.2.3"/>

        </data-connection>

        </nio-listener>

    </listeners>

    <file-user-manager file="./res/conf/users.properties" encrypt-passwords="false"/>

</server>

Replace the IP ADDRESS 200.1.2.3 by the Real External IP of your server.

And allow the ports in iptables:

iptables -I INPUT -p tcp -m tcp --dport 20 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -I INPUT -p tcp  --match multiport --dports 10000:11000 -j ACCEPT


às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)

GOLPE LIGAÇÃO DE FALSO FUNCIONÁRIO DA CAIXA SOBRE DÍVIDA OU COMPRA NO MERCADO LIVRE

💥💥💥 ALERTA DE GOLPE DO FALSO FUNCIONÁRIO DE BANCO 💥💥💥 Se você receber uma ligação dizendo ser de algum banco como  CAIXA ECONÔMICA FED...