Proxy and FTP with authorization doesn't work

asa · April 15, 2015, 1:36pm

Hello

RB2011UAS-RM, RouterOS 6.27
I use proxy and found strange issue.
Proxy works well with anonymous ftp servers but when I try to connect to authorized-only FTP server browser always shows “Error 530 Login incorrect” page.
I’m sure with username/password and form URL ftp://username:password@server/ correctly.

Sob · April 15, 2015, 4:26pm

It’s probably a browser problem. When I put ftp://user:pass@server.tld in address bar, then this is the result in browsers I currently have here:

Internet Explorer: Works fine.

Pale Moon/Firefox: It first asks if I really want to use the username (no, I just typed it for fun… ). If I say yes, it shows directory listing. But when following any link from there, I get “530 Login incorrect”. Packet sniffer reveals, that the request sent to proxy looks like this (i.e. login is missing):

GET ftp://server.tld/file.txt HTTP/1.1

If I add username and password to link, I get the file just fine.

Some older Chromium: Completely ignores username and password and always sends wrong anonymous request, so it doesn’t work at all.

asa · April 16, 2015, 1:32pm

Sob:

It’s probably a browser problem. When I put ftp://user:pass@server.tld in address bar, then this is the result in browsers I currently have here:

Internet Explorer: Works fine.

Pale Moon/Firefox: It first asks if I really want to use the username (no, I just typed it for fun… ). If I say yes, it shows directory listing. But when following any link from there, I get “530 Login incorrect”. Packet sniffer reveals, that the request sent to proxy looks like this (i.e. login is missing):
GET ftp://server.tld/file.txt HTTP/1.1
If I add username and password to link, I get the file just fine.

Some older Chromium: Completely ignores username and password and always sends wrong anonymous request, so it doesn’t work at all.

Doesn’t work even in Internet Explorer. Check if you have accept NAT rule for your address - Internet Explorer may fall to direct connection after unsuccessful connect via proxy.
I see “Connection timed out” with Internet Explorer and full manual proxy settings.

Firefox asks confirmation if I really want to use username/password for site which doesn’t require authorization. After clicking “yes” it shows “530 Login incorrect” no any directory listing at all.

Sob · April 16, 2015, 2:25pm

You’re right, IE does not work either, I messed up something last time, not exactly sure what. I was more careful this time and it behaves the same way as Firefox, except for the question.

Firefox really does work here for initial listing (or direct links). Packet sniffer shows:

GET ftp://user:pass@server.tld/ HTTP/1.1

going to proxy and the listing has RouterOS proxy signature in footer:

Generated Thu, 16 Apr 2015 14:08:45 GMT by ::ffff:192.168.240.30 (Mikrotik HttpProxy)

so it clearly does not come from anywhere else.

But the point stays, proxy does not do anything wrong. Other programs (Total Commander for example) can use it for non-anonymous ftp just fine, even with the same non-CONNECT mode (again verified with packet sniffer).

asa · April 19, 2015, 11:22am

Sob:

You’re right, IE does not work either, I messed up something last time, not exactly sure what. I was more careful this time and it behaves the same way as Firefox, except for the question.

Firefox really does work here for initial listing (or direct links). Packet sniffer shows:
GET ftp://user:pass@server.tld/ HTTP/1.1
going to proxy and the listing has RouterOS proxy signature in footer:
Generated Thu, 16 Apr 2015 14:08:45 GMT by ::ffff:192.168.240.30 (Mikrotik HttpProxy)
so it clearly does not come from anywhere else.

But the point stays, proxy does not do anything wrong. Other programs (Total Commander for example) can use it for non-anonymous ftp just fine, even with the same non-CONNECT mode (again verified with packet sniffer).

Many thanks for your help, will try with FTP clients.