AnsweredAssumed Answered

FTP: passive ports and logging

Question asked by nadaoneal on Feb 12, 2009
I have the FTP server enabled and working from most clients, but we can't ftp from web browsers like Firefox - the connection is dropped right after authentication. Alfresco's log will indicate that authentication was successful; the client will either see a blank page and "done" or "Cannot contact server…".

I'm about 98% sure that this is because of the way Firefox wants to only negotiate over passive ftp, which can happen in port ranges that the firewall is blocking - I've seen similar issues with other ftp server software, and it's usually fixed by specifying which ports passive ftp can use, and then opening those ports in the firewall. Easy, works all the time.

With Alfresco, I'm having two issues. Two summarize:
1. The configuration to set the passive ports is not included in the documentation, and the one reference I can find seems to point to a config that doesn't work. I'd like to figure out exactly what the configuration should be.
2. The troubleshooting process is made more difficult because I'm not getting very much FTP information in the logs, despite setting and server=debug in the file.

More info on each…

1. "dataPorts" option doesn't seem to work:
In $alf_home/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/file-servers.xml I have:
   <config evaluator="string-compare" condition="FTP Server">
          <serverEnable enabled="true"/>
          <dataPorts rangeFrom="62000" rangeTo="62010" />
          <authenticator type="alfresco"/>
          <debug flags="File,Search,Error,Directory,Info,DataPort"/>
I got the "<dataPorts rangeFrom="62000" rangeTo="62010" />" thing from this forum post, and checking the source code, it looks like those are the right terms. I don't get any errors during server startup reading the config file. So, I think everything here is right, and the only question is - has rangeFrom/rangeTo ever worked for anyone? Is it really supported?

When I use a command-line FTP client, I see connection strings like this:
227 Entering Passive Mode (128,59,153,231,188,18)
Doesn't this mean that the port in use is 188x256+18=48146? Why is it talking on a port that's not between 62000 and 62010?

2. Logging is not quite meeting my expectations.
I have
in $ALF_HOME/tomcat/webapps/alfresco/WEB-INF/classes/ , but I get very very little in the log. When the server's s starting up, I see
15:23:04,855 User:System INFO  [alfresco.smb.protocol] FTP server started
15:23:04,855 User:System INFO  [alfresco.smb.protocol] NFS server NOT started
15:23:04,913 User:System INFO  [alfresco.ftp.server] Starting server FTP …
But beyond that, I just see authentication error and authentication success…
15:08:16,106  INFO  [ftp.protocol.auth] Logged on user preservationguest ( address /
15:08:16,228 User:preservationguest DEBUG [ftp.protocol.auth] Authenticated user preservationguest sts=true via MD4
15:09:40,699  DEBUG [ftp.protocol.auth] Authenticated user anonymous sts=false via MD4
15:10:13,197  INFO  [ftp.protocol.auth] Logged on user preservationguest ( address /
15:10:13,204 User:preservationguest DEBUG [ftp.protocol.auth] Authenticated user preservationguest sts=true via MD4
There's nothing in the log about what ports are being used. There's nothing in the log about uploads, downloads, changing directories. I have these set to debug, and I have the debug flags set to "File,Search,Error,Directory,Info,DataPort" (see server.xml snippet quoted above). Why am I not getting more in the log? Is there another place I need to adjust settings?

(And yes, I've restarted the server many, many times after making changes to these config files, heh heh.)