Community

tiresias · ‎04-12-2024

I have a new Smarty sim to replace my Three sim. The Three sim is still in its notice period, so I can do easy comparisons for the next couple of weeks.

All seems OK with Smarty so far, except for 1 thing which is driving me NUTS.

I update the pages on my web site via FTP (TLS) and it has worked flawlessly with the Three sim for many years.

But now using Smarty, my usual FTP program Filezilla (and WinSCP) keeps failing to list the files on my web server, and when I try to upload new files (e.g. new HTML files) I usually get error messages, and often the uploaded HTML file ends up being zero-length which is disasterous for a web page. Here are the error messages produced by Filezilla:

Command: PWD
Response: 257 "/public_html/cgi-bin" is your current location
Command: PASV
Response: 227 Entering Passive Mode (82,71,205,12,123,47)
Command: MLSD
Error: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
Status: Disconnected from server
Status: Resolving address of www.mysite.co.uk
Status: Connecting to 82.71.205.12:21...

also...

Command: STOR download.htm
Error: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Error: Connection timed out after 20 seconds of inactivity
Error: File transfer failed
Status: Disconnected from server

I have switched back to using the Three SIM for now which still works fine and does not produce any errors, so the problem is obviously being caused by Smarty.

A web search can't find anything definite, but it MIGHT be being caused by something monitoring the secure TLS traffic and messimg up the packets. So maybe Smarty are doing something to the packets on their servers that is breaking secure FTP. It's pretty much unusable at present. :(((

Has anyone else enountered this and knows what the remedy is?

tiresias · ‎31-12-2024

Just to conclude this thread - it may be helpful to others in the future...

Thanks for the suggestions. Unfortunately Zen.co.uk don't support sFTP, so I can't tell whether that would have worked better. I also wasn't keen to start using a VPN, so I don't know whether that would have helped either.

Smarty seems to be great if you just need general web and email traffic, but there is something about their network (perhaps just the constantly changing IP addresses) that messes up secure FTP and makes logging into cpanel accounts a non-starter.

Three always worked great with FTP and cpanel, so I have just started a new contract with Three again, and, as expected, it work great now. So regrettably I am terminating my Smarty account - it's a pity but its just unusable for me.

View solution in original post

SmartyTrousers · ‎04-12-2024

I don't know all the ins and outs of passive mode FTP, but I suspect the issues are somehow being caused by the fact that Smarty uses CG-NAT (Carrier Grade Network Address Translation), meaning you share an external IP address with numerous other users, and it's not possible to make a connection from the internet into your connection.

Three are in fact the only UK mobile network which don't use CG-NAT (and even then, only when you use the 3internet APN. Note that if you set your APN on Smarty to 3internet, you may get internet connectivity but it will still be CG-NAT-ed).

My suggestions would be to try FTP in active mode instead of passive, or try transferring the files via SFTP instead if you can.

tiresias · ‎04-12-2024

Thanks for the reply. I tried active and passive settings - no difference.

Changing to unencrypted/insecure FTP is definately not acceptable as all the traffic including the login password is sent in plain text.

I don't think it's to do with IP address translation.

The errors are intermittent. You may have 2 or 3 directory listings suceeding, then suddenly 1 or 2 fail with the errors mentioned above. If it was a problem with address translation I would expect it to always fail, but the fact that it succeeds maybe 50% of the time suggests something more buggy.

I initially contacted Zen (my web host company) and they said the problem "was at the TLS/SSL layer".

Looks like I'll have to contact Smarty. Really disappointed, as everthing else has gone so smoothly. If it isn't fixed I'll probably have to leave. 😞

SmartyTrousers · ‎04-12-2024

Are you under the impression that SFTP (which I suggested) is insecure? It isn't - it transfers files over SSH.

tiresias · ‎05-12-2024

Sorry, my misunderstanding.

I thought I'd try SFTP, so I tried to log into my web site's cpanel so that I could set up a SFTP login, only to find it displaying numerous error messages about invalid logins and "Your IP address has changed". I could do very little in cpanel before it bounced me straight back to the login screen with the error message. I checked with my web site provider and they checked their logs - it seems Smarty is changing my IP address every 1-30 minutes during the same internet session, and it is triggereing cpanel's security checks and throwing me out.

After a bit of a struggle I managed to get through to someone on smarty's chat facility who could only say that "Smarty uses dynamic IP addresses".

My (perhaps incorrect) understanding about dynamic IP addresses is that you are assigned an arbitrary IP address when you first connect to the ISP (presumably when the router is switched on) but that IP address stays with you the whole time until the connection is broken (the router is switched off).

What Smarty seems to be doing is changing the user's IP address every 1-30 minutes. Is that the way CG-NAT is supposed to work?

You mentioned that Three is the only UK mobile network which don't use CG-NAT - does that mean that cpanel is likely to reject connections from EVERY mobile network except Three?

SmartyTrousers · ‎05-12-2024

Your understanding of dynamic IP addresses is correct. While you could argue that CG-NAT uses a dynamic IP address (in the sense that it's certainly not a static one), there are obviously more pitfalls than you'd get with a normal dynamic IP address.

Whether you would get the same problems with CPanel on other mobile networks, I'm not sure.. I guess it would depend if they change your external IP as frequently as Smarty do.

One possible solution for you is to do your web dev stuff over a VPN, so that your external IP (as seen by the FTP server and CPanel) remains the same for the duration of your session.

tiresias · ‎31-12-2024

Just to conclude this thread - it may be helpful to others in the future...

Thanks for the suggestions. Unfortunately Zen.co.uk don't support sFTP, so I can't tell whether that would have worked better. I also wasn't keen to start using a VPN, so I don't know whether that would have helped either.

Smarty seems to be great if you just need general web and email traffic, but there is something about their network (perhaps just the constantly changing IP addresses) that messes up secure FTP and makes logging into cpanel accounts a non-starter.

Three always worked great with FTP and cpanel, so I have just started a new contract with Three again, and, as expected, it work great now. So regrettably I am terminating my Smarty account - it's a pity but its just unusable for me.

Community

FTP is broken