Outgoing Active FTP Problem

althornin

Hey guys,
I'm having an issue with outgoing active FTP.
Outbound passive FTP works fine.
However, I've got an app that we have to use that makes ftp connections via the ftp.exe (in windows) which doesn't do passive connections.

I'm running a multi-wan setup here.
I've got the ftp-helper enabled on the LAN interface (i previously had the checkbox checked to disable it so that FTP transfers wouldn't all occur via the WAN interface, which is slower than our WAN2/OPT1 interface), but still no dice (I can connect, but when trying to get a directory listing, it fails).
Any ideas?

I'm totally stuck here…

Eugene

tcpdump on LAN and WAN interfaces simultaneously would help.

althornin

WAN
07:08:26.493737 IP WANIPADR.35686 > FTPIPADR.21: S 3438673907:3438673907(0) win 65228 <mss 0="" 6964439="" 1460,nop,wscale="" 4,sackok,timestamp="">07:08:26.569965 IP FTPIPADR.21 > WANIPADR.35686: S 2995781275:2995781275(0) ack 3438673908 win 16384 <mss 0="" 1460,nop,wscale="" 0,nop,nop,timestamp="" 0,nop,nop,sackok="">07:08:26.570090 IP WANIPADR.35686 > FTPIPADR.21: . ack 1 win 4163 <nop,nop,timestamp 0="" 6964447="">07:08:26.648454 IP FTPIPADR.21 > WANIPADR.35686: P 1:182(181) ack 1 win 65535 <nop,nop,timestamp 6964447="" 39242163="">07:08:26.648536 IP WANIPADR.35686 > FTPIPADR.21: . ack 182 win 4151 <nop,nop,timestamp 6964455="" 39242163="">07:08:28.463359 IP WANIPADR.35686 > FTPIPADR.21: P 1:14(13) ack 182 win 4163 <nop,nop,timestamp 6964636="" 39242163="">07:08:28.539459 IP FTPIPADR.21 > WANIPADR.35686: P 182:218(36) ack 14 win 65522 <nop,nop,timestamp 6964636="" 39242181="">07:08:28.539578 IP WANIPADR.35686 > FTPIPADR.21: . ack 218 win 4160 <nop,nop,timestamp 6964644="" 39242181="">07:08:29.615695 IP WANIPADR.35686 > FTPIPADR.21: P 14:27(13) ack 218 win 4163 <nop,nop,timestamp 6964751="" 39242181="">07:08:29.700682 IP FTPIPADR.21 > WANIPADR.35686: P 218:412(194) ack 27 win 65509 <nop,nop,timestamp 6964751="" 39242194="">07:08:29.700855 IP WANIPADR.35686 > FTPIPADR.21: . ack 412 win 4150 <nop,nop,timestamp 6964760="" 39242194="">07:08:30.703392 IP WANIPADR.35686 > FTPIPADR.21: P 27:55(28) ack 412 win 4163 <nop,nop,timestamp 6964860="" 39242194="">07:08:30.779434 IP FTPIPADR.21 > WANIPADR.35686: P 412:442(30) ack 55 win 65481 <nop,nop,timestamp 6964860="" 39242205="">07:08:30.779565 IP WANIPADR.35686 > FTPIPADR.21: . ack 442 win 4161 <nop,nop,timestamp 6964868="" 39242205="">07:08:30.784431 IP WANIPADR.35686 > FTPIPADR.21: P 55:61(6) ack 442 win 4163 <nop,nop,timestamp 6964868="" 39242205="">07:08:30.863724 IP FTPIPADR.21 > WANIPADR.35686: P 442:507(65) ack 61 win 65475 <nop,nop,timestamp 6964868="" 39242205="">07:08:30.863835 IP WANIPADR.35686 > FTPIPADR.21: . ack 507 win 4158 <nop,nop,timestamp 6964876="" 39242205="">07:08:30.864630 IP FTPIPADR.55552 > WANIPADR.64724: S 3443460665:3443460665(0) win 65535 <mss 1460,nop,nop,sackok="">07:08:33.785723 IP FTPIPADR.55552 > WANIPADR.64724: S 3443460665:3443460665(0) win 65535 <mss 1460,nop,nop,sackok="">LAN
07:08:26.492337 IP CLIENTIPADR.55172 > FTPIPADR.21: S 363713193:363713193(0) win 8192 <mss 1460,nop,wscale="" 2,nop,nop,sackok="">07:08:26.493090 IP FTPIPADR.21 > CLIENTIPADR.55172: S 3989763822:3989763822(0) ack 363713194 win 65228 <mss 1460,nop,wscale="" 4,sackok,eol="">07:08:26.493308 IP CLIENTIPADR.55172 > FTPIPADR.21: . ack 1 win 2048
07:08:26.648999 IP FTPIPADR.21 > CLIENTIPADR.55172: P 1:182(181) ack 1 win 4106
07:08:26.848149 IP CLIENTIPADR.55172 > FTPIPADR.21: . ack 182 win 2002
07:08:28.463004 IP CLIENTIPADR.55172 > FTPIPADR.21: P 1:14(13) ack 182 win 2002
07:08:28.463122 IP FTPIPADR.21 > CLIENTIPADR.55172: . ack 14 win 4105
07:08:28.540028 IP FTPIPADR.21 > CLIENTIPADR.55172: P 182:218(36) ack 14 win 4106
07:08:28.739063 IP CLIENTIPADR.55172 > FTPIPADR.21: . ack 218 win 1993
07:08:29.569156 IP CLIENTIPADR.61858 > 69.28.145.172.27017: UDP, length 100
07:08:29.615324 IP CLIENTIPADR.55172 > FTPIPADR.21: P 14:27(13) ack 218 win 1993
07:08:29.615450 IP FTPIPADR.21 > CLIENTIPADR.55172: . ack 27 win 4105
07:08:29.701319 IP FTPIPADR.21 > CLIENTIPADR.55172: P 218:412(194) ack 27 win 4106
07:08:29.901423 IP CLIENTIPADR.55172 > FTPIPADR.21: . ack 412 win 1945
07:08:30.702966 IP CLIENTIPADR.55172 > FTPIPADR.21: P 27:51(24) ack 412 win 1945
07:08:30.703084 IP FTPIPADR.21 > CLIENTIPADR.55172: . ack 51 win 4104
07:08:30.780427 IP FTPIPADR.21 > CLIENTIPADR.55172: P 412:442(30) ack 51 win 4106
07:08:30.784166 IP CLIENTIPADR.55172 > FTPIPADR.21: P 51:57(6) ack 442 win 1937
07:08:30.784260 IP FTPIPADR.21 > CLIENTIPADR.55172: . ack 57 win 4105
07:08:30.864292 IP FTPIPADR.21 > CLIENTIPADR.55172: P 442:507(65) ack 57 win 4106
07:08:30.864833 IP FTPIPADR.59304 > CLIENTIPADR.55174: S 3443460665:3443460665(0) win 65535 <mss 1460,nop,nop,sackok="">07:08:31.060065 IP CLIENTIPADR.55172 > FTPIPADR.21: . ack 507 win 1921
07:08:33.785804 IP FTPIPADR.59304 > CLIENTIPADR.55174: S 3443460665:3443460665(0) win 65535</mss></mss></mss></mss></mss></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></mss></mss>

althornin

You know what?
Thanks for making me do the TCPDUMP.

Seriously.
Because now I looked at its output, and I can see the problem:  The Userland FTP helper is working fine - but the connection on the client isn't being accepted.  Its the local client firewall blocking the active FTP incoming connection.

I HATE ACTIVE FTP.

But at least this problem is sorted.

Thanks again!