I have used CrushFTP for years as a great alternative to native FTP/SFTP services in OsX and while perusing traffic about these services in my shift over to Lion Server it sure seems like it would still be the best solution to use for SFTP. Anyone using it and having any problems?
Mac mini, Mac OS X (10.7.2), Lion Server version of 10.7.2
I'm the author of CrushFTP.
I have reports of peoplem using CrushFTP without issue in Lion server. The things to be careful of are just port conflicts. Lion server by default is using port 8080 I believe for CalDAV...and port 443 for apache HTTPS, and port 80 for HTTP. OpenSSH is running on port 22 by default too.
So you can either use alternative ports in CrushFTP, or switch off, or change the ports that Lion server is using and put CrushFTP on those ports.
The HTTP based items can actually be reverse proxied behind apache allowing for what appears to a user as a single port and URL for your webserver with different services being provided. The CrushFTP wiki page has some help on configureing the reverse proxy.
From a product standpoint, CrushFTP will work fine on Lion server for all of its protocols. Its just up to you to choose the ports to use.
Thanks,
Ben - ben@crushftp.com
I am trying to use it - running into issue that I am trying to resolve.
Not sure if the issue is my router not forwarding ports correctly - or Mac OS X Lion Server intercepting those ports - or CrushFTP not cooperating.
I have used CrushFTP successfully on a Windows Server - and on Mac OS X Lion Client - so I *think* I have the port forwarding stuff under control.
I am seeing some odd behavior with Java - or at least JavaScript on OS X Lion Server - not sure if that is having an impact.
The ONLY server I currently have activated on the OS X Lion Server is File Sharing - EVERYTHING else is OFF.
I am not sure why Apple has launchd listeningon port 21 when they removed FTP service from the Admin interface.
Or maybe I still need to work on port forwarding - as I can get to ftp, http and https from another system inside my network - (sftp gives me an error) - but I cannot get to any off them from two other remote sites that I tried (tried two remote sites to rule out restrictions etc that might be on the other end blocking ports etc).
So I just rebooted my router and my server - and when I fired up CrushFTP is says ALL 4 of the ports I designated ftp:2121, http:8181, https:4443 and sftp:2222 are ALL in use by another process.
removing the deamon and restarting it seems to have solved that little issue - but also appears to mean I woudl need to do that every time the server has to be rebooted.
Write to Ben Spink. He is real helpful.
Yes I know - I used his help when I setup the Windows server - and even made some suggestions regarding bulk user import that he implemented a couple versions ago.
I am trying to figure this all out so that I know exactly where the issue is before I submit a report to him.
Also wanted to post for other users here that for someone (me) who has successfully used CrushFTP on both Windows Server and Mac client systems - that something seems not right when dealing with Mac OS X Lion Server. Maybe I HAVE to use the reverese proxy Ben mentioned in his post in this thread.
As far as CrushFTP goes, there is no difference between OS X client and server. It runs identically.
If you have enabled the firewall on OS X client, or on OS X server...theny ou have to deal with firewall configuration things to allow access to the server. I suggest disabling the firewall, and getting thigns configured before adding that in complicating things. In general I say disable the firewall entirely, and use an external firewall on a router, or just NAT.
The ports all being in use indicates you have a daemon copy of CrushFTP running, and also ran the GUI, but the GUI did not attach to the daemon. Remove the daemon and reinstall it again. If you have adjusted IPs and such int eh CrushFTP prefs, you will need to make sure you leave at least one port using the "lookup" ip, or 127.0.0.1 so that the remote admin daemon can isntall automatically and work.
Thanks,
Ben
Server firewall is OFF. I might need I look at firewall settings at the remote sites.
I deleted the admin loop back 127.0.0.1 without realizing it served a purpose.
Looks like ISP port blocking may be my biggest issue at the moment.
Alternatively something else is still interfering with the server's ability to respond on a given port - so it appears to be refused.
Or perhaps more complex than that.
Deleting the loopback interface in CrushFTP led me to believe the server software was using ports it wasn't using - and trying higher port numbers such as 8080 and 8181 are blocked by my ISP.
I now have the http interface working via port 81 on my server.
Something is using ports 21 and 443 - and even though canyouseeme.org says 2121 and 4443 are NOT blocked by my ISP - i haven't got those ports/services fully operational just yet. I am seeing timeout rather than connection refused on those ports.
It does appear that Mac OS X Lion server - is listening on port 21 depsite there being no built in ftp service in Lion Server - might have to figure out how to turn that off - or go with the reverse proxy thing - if I can figure that out - as I will eventually be adding a web site - not sure if I will be doign vpn or email on that server - but it could happen.
You can always use a FTP client and connect to the existing port 21 and see in the log what server is greeting you.
The same for port 443...use a web browser and connect to it and see what server is greeting you.
Lion by default I believe uses port 8080 and prot 443 for its web server stuff. So fi you haven't changed those ports, you would ahve conflicts with your other servers running on the machine.
Only one app can use a port at a time...
Thanks,
Ben
According to the Server app the ONLY service I have running - at the moment - is File Sharing - EVERYTHING else - web, address book, wiki, vpn etc is OFF.
I have been looking for a terminal command or some other way to determine if services are running or ports are in use anyway.
when I hit the server from a local IP address I get this:
You don't have permission to access / on this server.
Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 Server at (local IP) Port 443so it woudl seem the Apache server is still listening - even though it is disabled.
From local network I can get to CrushFTP at :4443 but from outsidwe my network I just get an error message that the browser is unable to connect.
From my local network I can connect usign FIleZilla to pot :21 - but from outside my network using FielZilla I get Connection Established - waiting for weclome message - and then connection timed out - nothing showing in the CrushFTP log - not sure where to watch in the server console etc to see if something other than CrushFTP is responding on port 21. (I had PureFTP Manager installed but not running - I uninstalled that yesterday to remove it as potential conflict).
Can't go to port 2121 as that seems to be blocked by my ISP.
Yes. Apache is still using port 443.
As for port 21, what does your client log say for the server vendor that greets you? I suspect it's not crush, especially since you don't see anything in the log.
Thanks,
Ben
Using FileZilla
Status: Connecting to (external IP):21...
Status: Connection established, waiting for welcome message...
Error: Connection timed out
Error: Could not connect to server
Status: Waiting to retry...
Status: Connecting to (external IP):21...
Status: Connection established, waiting for welcome message...
Error: Connection timed out
Error: Could not connect to server
I get the same whether I use the public IP from inside my network (residential ISP service) - or from my parents house (also residential same ISP) or from a corporate office (different ISP) - although in the case of the corporate office we have a hardware firewall in place and I haven't messed with that (so far).
WhenI use FileZilla inside my network and point to (local IP):21 then I get:
Status: Connecting to local:21...
Status: Connection established, waiting for welcome message...
Response: 220-Hello
Response: 220 CrushFTP Server Ready!
Command: USER matt
Response: 331 Username OK. Need password.
Command: PASS ***
Response: 230 Password OK. Connected.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
etc
so I do have CrushFTP able to respond on port 21 on the server (no other servers running on my network).
from my server - canyouseeme.org shows Success - ISP is not blocking port 21.
on my router I have port 21 forwarded to the static local IP address of the server.
definitely an issue with port 21 though - when I switched CrushFTP to use port 81 for ftp and port 21 for http - I was able to connect using FileZilla:
Status: Connecting to (external IP):81...
Status: Connection established, waiting for welcome message...
Response: 220-Hello
Response: 220 CrushFTP Server Ready!
just not sure if the issue is with my ISP - or my router - or Mac OS X Lion Server.
Ok, then the os firewall is blocking port 21, or the router firewall, or your ISP.
But it's not crush blocking it. It's a firewall or router most likely that is blocking it.
Maybe the ISP since you say they block other higher ports (which I find very very odd for an ISP to do that).
Thanks,
Ben
I installed Little Snitch and found that many items are using port 443.
I thought CrashPlan was only using port 4242 - but it seems that CrashPlan is also using port 443 - so not sure if that is messing with the ability to have CrushFTP use 443.
Other items open on port 443 include PhotoStream and AppleIDAuthAgent and Apple File Sync Services. some of those may only be outbound.
I do not see ANYTHING on the server using port 21 - according to Little Snitch - even when I connect to CrushFTP via port 21 on the local network I don't get any sort of alert from Little Snitch.
Anyone using CrushFTP with Lion Server?
