Availability for the Always-On Enterprise
Post Reply
einhirn
Enthusiast
Posts: 33
Liked: 3 times
Joined: Feb 02, 2015 1:51 pm
Contact:

Problem with supportftp server

Post by einhirn » Oct 10, 2017 7:27 am

Hello,
just because I already mentioned it to multiple support agents and even used "contact a manager" to try and tell you about a problem with the support ftp server's IP configuration for over a year, perhaps I'll be heard here. A current support case ID even though unrelated to this post, is 02339506...

When trying to upload something to the support ftp server with filezilla I see the following log output when it can't create a connection (I've shortened it a bit by cutting irrelevant stuff) :

Code: Select all

Status:Resolving address of supportftp5.veeam.com
Status:Connecting to 88.208.115.209:21...
Status:Connection established, waiting for welcome message...
Response:220 (vsFTPd 2.2.2)
[...]
Command:PASV
Response:227 Entering Passive Mode (172,24,32,6,8,80).
Status:Server sent passive reply with unroutable address. Using server address instead.
Command:LIST
Error:Connection timed out after 20 seconds of inactivity
Error:Failed to retrieve directory listing
Status:Disconnected from server
[...Retry forever...]
As you can see, "supportftp5" instructs me to connect to a private IP address "172.24.32.6" instead of it's public IP "88.208.115.209". Of course this can't work, and FileZillas workaround fails for me, because we have an outbound firewall that only allows connections to the IP and Port mentioned in the "PASV" answer...

Please fix this, because it forces me to jump through hoops every time I have to upload log files for a case. Thank you!

m_zolkin
Veeam Software
Posts: 23
Liked: 11 times
Joined: Aug 26, 2009 1:13 pm
Full Name: Mikhail Zolkin
Contact:

Re: Problem with supportftp server

Post by m_zolkin » Oct 10, 2017 11:30 am

Thank you for the heads up. We've informed our IT team and they will review this issue shortly.
VP, WW Customer Technical Support

m_zolkin
Veeam Software
Posts: 23
Liked: 11 times
Joined: Aug 26, 2009 1:13 pm
Full Name: Mikhail Zolkin
Contact:

Re: Problem with supportftp server

Post by m_zolkin » Oct 10, 2017 12:45 pm

As of now it should be fixed. Could you please check on your end?
VP, WW Customer Technical Support

flaren
Veeam Software
Posts: 22
Liked: 5 times
Joined: Mar 18, 2013 9:00 am
Full Name: Alexander Lupashku
Contact:

Re: Problem with supportftp server

Post by flaren » Oct 11, 2017 12:09 pm

Just to add some visibility, as I replied personally to the OP.
In order to use the passive mode with our FTP, in the FTP client, you need to enable option Use the server's external IP address instead which is under Settings->Connection->FTP->Passive mode in Filezilla.

Hope it helps ;)
VCSP Support | Veeam Software

einhirn
Enthusiast
Posts: 33
Liked: 3 times
Joined: Feb 02, 2015 1:51 pm
Contact:

Re: Problem with supportftp server

Post by einhirn » Oct 11, 2017 8:47 pm

m_zolkin wrote:As of now it should be fixed. Could you please check on your end?
Sorry, it still does the same thing.
flaren wrote:In order to use the passive mode with our FTP, in the FTP client, you need to enable option Use the server's external IP address instead which is under Settings->Connection->FTP->Passive mode in Filezilla.
And this option is already on by default (at least I've never changed it), as is shown in a log message. But this workaround fails when you're behind a firewall that blocks unknown outgoing traffic - why should it allow traffic to the server IP on Port 2128 or whatever Port the FTP server opens for the transfer? It's protocol agent sees a PASV response containing a different IP address. If I could reach that address (i.e. if it wasn't a private unroutable address) it would work, because a dynamically created rule would allow the traffic to pass...

Thanks for trying to help - my guess is that the support team needs to access the server via it's internal IP, and of course that won't work (right) when the PASV IP address is overridden. But perhaps there's some way to limit the need for workarounds to your team and let external users access the server according to FTP standard? I'll ask our firewall vendor if they could allow for the workaround (use server's IP instead of PASV IP adress) in their dynamically created rule - I could try to split hairs with RFC 959 or 1123, but I'm guessing they won't be eager to implement a change, because it is hard to read the suggested workaround into them.

flaren
Veeam Software
Posts: 22
Liked: 5 times
Joined: Mar 18, 2013 9:00 am
Full Name: Alexander Lupashku
Contact:

Re: Problem with supportftp server

Post by flaren » Oct 16, 2017 6:58 am

For everyone else watching this topic: we agreed that the current configuration of the support FTP cannot be changed due to internal features, but its external IP is solid fixed and can be added as an exclusion to a firewall as a long-term solution.
VCSP Support | Veeam Software

mcz
Expert
Posts: 211
Liked: 26 times
Joined: Jul 19, 2016 8:39 am
Full Name: Michael
Contact:

Re: Problem with supportftp server

Post by mcz » Oct 30, 2017 10:09 am 2 people like this post

..there is also a way to upload files via customer portal cp.veeam.com which works without any problems in my case. And of course, data transfer will be encrypted due to https...

einhirn
Enthusiast
Posts: 33
Liked: 3 times
Joined: Feb 02, 2015 1:51 pm
Contact:

Re: Problem with supportftp server

Post by einhirn » Nov 06, 2017 9:22 am

Does that also work for Log bundles with 6GB or more? If it does, it would be an alternative to FTP...

flaren
Veeam Software
Posts: 22
Liked: 5 times
Joined: Mar 18, 2013 9:00 am
Full Name: Alexander Lupashku
Contact:

Re: Problem with supportftp server

Post by flaren » Nov 13, 2017 10:12 am

Yes, it does.
VCSP Support | Veeam Software

Post Reply

Who is online

Users browsing this forum: Bing [Bot], JimmyO and 58 guests