FTPS (Explicit) ends in "Operation not permitted"

What is the problem you are having with rclone?

Hi! My problem seems to be very similar to this one, but no command is working. Every command ends in 425 Unable to build data connection: Operation not permitted.
I tried copy, touch and lsf.
With explicit_tls = true removed from the config, everything works fine.

I also tried with FileZilla and explicit TLS turned on. This also works fine.

Run the command 'rclone version' and share the full output of the command.

rclone v1.58.1

  • os/version: darwin 12.3.1 (64 bit)
  • os/kernel: 21.4.0 (x86_64)
  • os/type: darwin
  • os/arch: amd64
  • go/version: go1.17.9
  • go/linking: dynamic
  • go/tags: cmount

Which cloud storage system are you using? (eg Google Drive)

FTP

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone lsf Tyre24:

The rclone config contents with secrets removed.

[Tyre24]
type = ftp
host = ftps.alzura.com
user = [REMOVED]
pass = [REMOVED]
explicit_tls = true

A log from the command with the -vv flag

2022/06/03 08:49:12 DEBUG : rclone: Version "v1.58.1" starting with parameters ["rclone" "lsf" "Tyre24:" "-vv" "--dump" "bodies"]
2022/06/03 08:49:12 DEBUG : Creating backend with remote "Tyre24:"
2022/06/03 08:49:12 DEBUG : Using config file from "/Users/[REMOVED]/.config/rclone/rclone.conf"
2022/06/03 08:49:12 DEBUG : ftp://ftps.alzura.com:21: Connecting to FTP server
2022/06/03 08:49:13 DEBUG : FTP Rx: "220 T24 GmbH FTP Server"
2022/06/03 08:49:13 DEBUG : FTP Tx: "AUTH TLS"
2022/06/03 08:49:13 DEBUG : FTP Rx: "234 AUTH TLS successful"
2022/06/03 08:49:13 DEBUG : FTP Tx: "USER [REMOVED]"
2022/06/03 08:49:14 DEBUG : FTP Rx: "331 Password required for [REMOVED]"
2022/06/03 08:49:14 DEBUG : FTP Tx: PASS *****
2022/06/03 08:49:14 DEBUG : FTP Rx: "230 User [REMOVED] logged in"
2022/06/03 08:49:14 DEBUG : FTP Tx: "FEAT"
2022/06/03 08:49:14 DEBUG : FTP Rx: "211-Features:"
2022/06/03 08:49:14 DEBUG : FTP Rx: " UTF8"
2022/06/03 08:49:14 DEBUG : FTP Rx: " EPRT"
2022/06/03 08:49:14 DEBUG : FTP Rx: " EPSV"
2022/06/03 08:49:14 DEBUG : FTP Rx: " LANG es-ES;ja-JP;bg-BG;fr-FR;it-IT;zh-CN;ru-RU;ko-KR;en-US;zh-TW"
2022/06/03 08:49:14 DEBUG : FTP Rx: " MDTM"
2022/06/03 08:49:14 DEBUG : FTP Rx: " SSCN"
2022/06/03 08:49:14 DEBUG : FTP Rx: " TVFS"
2022/06/03 08:49:14 DEBUG : FTP Rx: " MFMT"
2022/06/03 08:49:14 DEBUG : FTP Rx: " SIZE"
2022/06/03 08:49:14 DEBUG : FTP Rx: " PROT"
2022/06/03 08:49:14 DEBUG : FTP Rx: " CCC"
2022/06/03 08:49:14 DEBUG : FTP Rx: " PBSZ"
2022/06/03 08:49:14 DEBUG : FTP Rx: " AUTH TLS"
2022/06/03 08:49:14 DEBUG : FTP Rx: " MFF modify;UNIX.group;UNIX.mode;"
2022/06/03 08:49:14 DEBUG : FTP Rx: " REST STREAM"
2022/06/03 08:49:14 DEBUG : FTP Rx: " MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;"
2022/06/03 08:49:14 DEBUG : FTP Rx: "211 End"
2022/06/03 08:49:14 DEBUG : FTP Tx: "TYPE I"
2022/06/03 08:49:14 DEBUG : FTP Rx: "200 Type set to I"
2022/06/03 08:49:14 DEBUG : FTP Tx: "OPTS UTF8 ON"
2022/06/03 08:49:14 DEBUG : FTP Rx: "200 UTF8 set to on"
2022/06/03 08:49:14 DEBUG : FTP Tx: "PBSZ 0"
2022/06/03 08:49:15 DEBUG : FTP Rx: "200 PBSZ 0 successful"
2022/06/03 08:49:15 DEBUG : FTP Tx: "PROT P"
2022/06/03 08:49:15 DEBUG : FTP Rx: "200 Protection set to Private"
2022/06/03 08:49:15 DEBUG : FTP Tx: "EPSV"
2022/06/03 08:49:15 DEBUG : FTP Rx: "229 Entering Extended Passive Mode (|||30089|)"
2022/06/03 08:49:15 DEBUG : FTP Tx: "MLSD"
2022/06/03 08:49:15 DEBUG : FTP Rx: "150 Opening BINARY mode data connection for MLSD"
2022/06/03 08:49:15 DEBUG : FTP Rx: "425 Unable to build data connection: Operation not permitted"
2022/06/03 08:49:15 ERROR : : error listing: 425 Unable to build data connection: Operation not permitted
2022/06/03 08:49:15 DEBUG : 4 go routines active
2022/06/03 08:49:15 Failed to lsf with 2 errors: last error was: error in ListJSON: 425 Unable to build data connection: Operation not permitted

Operation not permitted is an unusual error to get back for networking stuff. Could it be a firewalling problem?

I don't think so. I tried this on two laptops and one server in three different networks. Everywhere the same.
Another argument against a firewall problem is that it works with FileZilla (with TLS) and if I disable TLS in Rclone.

The error message is the same like here.

Did you check out this article which explains how to configure proftpd to avoid this problem?

Yes, I found this article. But the FTP server is not under my control. I can try to contact the support of this FTP server and ask them to fix this configuration.

Nevertheless, I think a client should conform to the server and not the other way around.
Rclone uses GitHub - jlaffaye/ftp: FTP client package for Go for FTP. Right? Should I open an issue there?

It would be worth a try.

Note that we are currently using a fork of that package as we had too many outstanding patches for it, however it looks like they've all been merged now so we should try to get back on the upstream @ivandeex ?