Debug.pfftpproxy=1 to enable LAN to WAN FTP
-
I have the snapshot of Fri May 10 16:28:23 EDT 2013
I don't know what this tunable is doing but lately I had troubles connecting from LAN to an outside FTP server with passive FTP.I had all kinds of errors and slow connections. So searching for a solutions I tried to set "debug.pfftpproxy=1" in system tunable's and all worked again as before (a few snapshots ago).
I can't exactly say which was the latest snapshot it did work because I updated a few times.
Does someone has an explanation? -
that tunable will disable the FTP proxy.
There were some recent changes to the FTP proxy code, which may explain a change in the behavior.
Can you elaborate a bit on your setup? any multi-wan, policy routing, etc?
-
that tunable will disable the FTP proxy.
There were some recent changes to the FTP proxy code, which may explain a change in the behavior.
Can you elaborate a bit on your setup? any multi-wan, policy routing, etc?
I have a basic setup 1 WAN / 2 LAN of which I disabled 1 interface. Anti-lockout rule on LAN and the Default Allow ALL. And on WAN I have some ports forwarded. They have nothing to do with FTP.
I tested with the 2 interfaces enabled and the debug.pfftpproxy=0, but then again connection problems.
Is there a way I can test a different setting in the proxy?BTW: the server I am connecting to is a ProFTPd server.
-
The only knob for the proxy is on/off using that tunable.
Usually there isn't anything else keeping that down though, passive FTP typically just passes on through the proxy untouched, but the fixes Ermal did in the last week or so were supposed to help it deal with multiple WANs.
Does your firewall have a default gateway defined and in use? Check diagnostics > routes and System > Routing, make sure a gateway is shown for default on both screens.
-
The only knob for the proxy is on/off using that tunable.
Usually there isn't anything else keeping that down though, passive FTP typically just passes on through the proxy untouched, but the fixes Ermal did in the last week or so were supposed to help it deal with multiple WANs.
Does your firewall have a default gateway defined and in use? Check diagnostics > routes and System > Routing, make sure a gateway is shown for default on both screens.
I have set my WAN interface on DHCP and it has a gateway.
-
Same problem here with passive FTP, active works.
I have valid default gateway pointing to my DHCP WAN. One DHCP WAN (default), one PPPoE WAN, and a SIXXS Tunnel (default). Also default gateway switching is enabled.
When I switch a working FTP session to passive and try an ls, heres the tcpdump on DHCP WAN. Also dumped on PPPoE WAN, nothing there, though. As expected :)14:51:19.371874 IP (tos 0x0, ttl 63, id 56567, offset 0, flags [DF], proto TCP (6), length 60) x.x.x.x.56003 > 83.141.4.210.36242: Flags [s], cksum 0xe4a2 (correct), seq 3977608590, win 14600, options [mss 1460,sackOK,TS val 114807024 ecr 0,nop,wscale 7], length 0 14:51:19.383163 IP (tos 0x2,ECT(0), ttl 50, id 57244, offset 0, flags [none], proto ICMP (1), length 88) 83.141.4.210 > x.x.x.x: ICMP host 83.141.4.210 unreachable - admin prohibited, length 68 IP (tos 0x3,CE, ttl 48, id 56567, offset 0, flags [DF], proto TCP (6), length 60) Firewall Log: "Direction=OUT Symbol" LAN Default deny rule IPv4 (@4) 83.141.4.210:36242 192.168.x.100:36242 TCP:SA Let me know if you need anything more.[/s] -
Passive FTP is still broken on the latest Snaps, anything more I can do to help getting it fixed again?
-
I am running
2.1-RC0 (i386)
built on Sun Jun 9 18:28:57 EDT 2013
FreeBSD 8.3-RELEASE-p8And passive ftp seems to be working just fine.
06:22:27 Response: 227 Entering Passive Mode (173,236,128,149,162,253).
06:22:27 Command: MLSD
06:22:30 Response: 150 Opening ASCII mode data connection for MLSD
06:22:31 Response: 226 Transfer complete
06:22:31 Status: Directory listing successful
06:22:32 Status: Retrieving directory listing…
06:22:32 Command: CWD helpers
06:22:32 Response: 250 CWD command successful
06:22:32 Command: PWD
06:22:32 Response: 257 "/snipped" is the current directory
06:22:32 Command: PASV
06:22:32 Response: 227 Entering Passive Mode (173,236,128,149,162,177).
06:22:32 Command: MLSD
06:22:32 Response: 150 Opening ASCII mode data connection for MLSD
06:22:32 Response: 226 Transfer complete
06:22:32 Status: Directory listing successfulWhy would you think the ftp helper should do anything with a passive connection to server outside your pfsense? Are you behind a double nat?
You do understand in a passive connection the server sends you its IP.. You sure the server is not having an issue with passive and sending you wrong info?
In an active connection you would send your IP to the server and he would connect to you - this is where the ftp helper would come into play.
06:27:07 Response: 257 "/snipped" is the current directory
06:27:07 Command: PORT 192,168,1,100,248,224
06:27:07 Response: 200 PORT command successful
06:27:07 Command: MLSD
06:27:16 Response: 150 Opening ASCII mode data connection for MLSD
06:27:16 Response: 226 Transfer complete
06:27:16 Status: Directory listing successful
06:27:20 Status: Retrieving directory listing...
06:27:20 Command: CWD /snipped
06:27:20 Response: 250 CWD command successful
06:27:20 Command: PWD
06:27:20 Response: 257 "/snipped" is the current directory
06:27:20 Command: PORT 192,168,1,100,248,227
06:27:20 Response: 200 PORT command successful
06:27:20 Command: MLSD
06:27:24 Response: 150 Opening ASCII mode data connection for MLSD
06:27:24 Response: 226 Transfer complete
06:27:24 Status: Directory listing successfulSee where the client is sending my private IP "PORT 192,168,1,100,248,227" and port.. but the pfsense ftp helper would change that to my public IP.
Maybe the issue is you just don't really understand how ftp is suppose to work? ;)
Here is great link
http://slacksite.com/other/ftp.html -
Hi,
well the passive connection to this server used to work:ftp://dd-wrt.com/Using active FTP everything is fine, this goes through the helper module which writes the appropriate rules on the fly and let's the connection originating from the FTP server pass back into my LAN.
For passive FTP you do not need any helper module, the FTP server just opens a port greater 1024 and tells it to your client via the control channel. You just connect to that port form your LAN.
And I guess because of the latest changes to the FTP helper module it doesn't recognize the connection as passive and tries to modify it somehow. This is why passive FTP works when turning of the helper, I think.
I just have a two WAN setup, no double NAT. I did not change anything regarding NAT on my setup, but passive FTP broke for me at some point. I guess it's related to the changes made a month ago documented in Redmine Ticket Bug #2650. -
And no problem with that site in passive mode
08:26:53 Status: Resolving address of dd-wrt.com
08:26:53 Status: Connecting to 83.141.4.210:21…
08:26:54 Status: Connection established, waiting for welcome message...
08:26:54 Response: 220 Welcome to DD-WRT FTP service.
08:26:54 Command: USER anonymous
08:26:54 Response: 331 Please specify the password.
08:26:54 Command: PASS **************
08:26:54 Response: 230 Login successful.
08:26:54 Command: SYST
08:26:54 Response: 215 UNIX Type: L8
08:26:54 Command: FEAT
08:26:54 Response: 211-Features:
08:26:54 Response: EPRT
08:26:54 Response: EPSV
08:26:54 Response: MDTM
08:26:54 Response: PASV
08:26:54 Response: REST STREAM
08:26:54 Response: SIZE
08:26:54 Response: TVFS
08:26:54 Response: UTF8
08:26:54 Response: 211 End
08:26:54 Command: OPTS UTF8 ON
08:26:54 Response: 200 Always in UTF8 mode.
08:26:54 Status: Connected
08:26:54 Status: Retrieving directory listing...
08:26:54 Command: CWD /
08:26:55 Response: 250 Directory successfully changed.
08:26:55 Command: PWD
08:26:55 Response: 257 "/"
08:26:55 Command: TYPE I
08:26:55 Response: 200 Switching to Binary mode.
08:26:55 Command: PASV
08:26:55 Response: 227 Entering Passive Mode (83,141,4,210,91,138)
08:26:55 Command: LIST
08:26:55 Response: 150 Here comes the directory listing.
08:26:55 Response: 226 Directory send OK.
08:26:55 Status: Directory listing successfuledit: So it was asked before by jimp "any multi-wan" So I would give some details of this.. Since it seems some code was changed for multiwan setups. I am single wan - like the OP stated he was, and I have no issues with passive or active ftp connections outside of pfsense from lan client inside pfsense.
-
I tried with "ftp://dd-wrt.com/" and default settings and that worked in passive mode and with "debug.pfftpproxy=0".
The problem is with my web server located outside my domain. It is working just very slow and with errors and this happens not when I when I set "debug.pfftpproxy=1".
Cmd: PASV 227: Entering Passive Mode (xx,xx,xx,xx,173,56). connect failed: Operation timed out. Retrying PASV mode (2 tries left). Cmd: PASV 227: Entering Passive Mode (xx,xx,xx,xx,184,32). connect failed: Operation timed out. Retrying PASV mode (1 try left). Cmd: PASV 227: Entering Passive Mode (xx,xx,xx,xx,162,54). connect failed: Operation timed out. Falling back to PORT instead of PASV mode. Connection falling back to port (PORT) mode.2.1-RC0 (i386)
built on Thu Jun 6 18:55:37 EDT 2013.I don't do a lot of FTP and I have solved it for me, but didn't found the time to do further investigation yet.
-
Here's a fresh attempt with tcpdumps:
Filezilla log:
Status: Resolving address of dd-wrt.com Status: Connecting to 83.141.4.210:21... Status: Connection established, waiting for welcome message... Response: 220 Welcome to DD-WRT FTP service. Command: USER anonymous Response: 331 Please specify the password. Command: PASS ************** Response: 230 Login successful. Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: EPRT Response: EPSV Response: MDTM Response: PASV Response: REST STREAM Response: SIZE Response: TVFS Response: UTF8 Response: 211 End Command: OPTS UTF8 ON Response: 200 Always in UTF8 mode. Status: Connected Status: Retrieving directory listing... Command: CWD /others/eko/BrainSlayer-V24-preSP2/2013 Response: 250 Directory successfully changed. Command: PWD Response: 257 "/others/eko/BrainSlayer-V24-preSP2/2013" Command: TYPE I Response: 200 Switching to Binary mode. Command: PASV Response: 227 Entering Passive Mode (83,141,4,210,118,172) Command: LIST Error: Connection timed out Error: Failed to retrieve directory listingLAN interface:
[2.1-RC0][root@vpn]/root(1): tcpdump -s1600 -Xnvvi em0 host 83.141.4.210 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 1600 bytes 18:09:13.316741 IP (tos 0x0, ttl 128, id 3194, offset 0, flags [DF], proto TCP (6), length 52) 192.168.x.x.49309 > 83.141.4.210.21: Flags [s], cksum 0x9d80 (correct), seq 2354371710, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 0x0000: 4500 0034 0c7a 4000 8006 663a c0a8 6f08 E..4.z@...f:..o. 0x0010: 538d 04d2 c09d 0015 8c54 dc7e 0000 0000 S........T.~.... 0x0020: 8002 2000 9d80 0000 0204 05b4 0103 0302 ................ 0x0030: 0101 0402 .... 18:09:13.332630 IP (tos 0x0, ttl 51, id 49843, offset 0, flags [DF], proto TCP (6), length 52) 83.141.4.210.21 > 192.168.x.x.49309: Flags [S.], cksum 0xfee8 (correct), seq 4280526989, ack 2354371711, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 0x0000: 4500 0034 c2b3 4000 3306 fd00 538d 04d2 E..4..@.3...S... 0x0010: c0a8 6f08 0015 c09d ff23 a88d 8c54 dc7f ..o......#...T.. 0x0020: 8012 16d0 fee8 0000 0204 05b4 0101 0402 ................ 0x0030: 0103 0307 .... 18:09:13.340656 IP (tos 0x0, ttl 128, id 3195, offset 0, flags [DF], proto TCP (6), length 40) 192.168.x.x.49309 > 83.141.4.210.21: Flags [.], cksum 0x1662 (correct), seq 1, ack 1, win 16425, length 0 0x0000: 4500 0028 0c7b 4000 8006 6645 c0a8 6f08 E..(.{@...fE..o. 0x0010: 538d 04d2 c09d 0015 8c54 dc7f ff23 a88e S........T...#.. 0x0020: 5010 4029 1662 0000 0000 58a3 f582 P.@).b....X... 18:09:13.360483 IP (tos 0x0, ttl 51, id 61242, offset 0, flags [DF], proto TCP (6), length 76) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0x7f48 (correct), seq 1:37, ack 1, win 46, length 36 0x0000: 4500 004c ef3a 4000 3306 d061 538d 04d2 E..L.:@.3..aS... 0x0010: c0a8 6f08 0015 c09d ff23 a88e 8c54 dc7f ..o......#...T.. 0x0020: 5018 002e 7f48 0000 3232 3020 5765 6c63 P....H..220.Welc 0x0030: 6f6d 6520 746f 2044 442d 5752 5420 4654 ome.to.DD-WRT.FT 0x0040: 5020 7365 7276 6963 652e 0d0a P.service... 18:09:13.362491 IP (tos 0x0, ttl 128, id 3196, offset 0, flags [DF], proto TCP (6), length 56) 192.168.x.x.49309 > 83.141.4.210.21: Flags [P.], cksum 0x8e52 (correct), seq 1:17, ack 37, win 16416, length 16 0x0000: 4500 0038 0c7c 4000 8006 6634 c0a8 6f08 E..8.|@...f4..o. 0x0010: 538d 04d2 c09d 0015 8c54 dc7f ff23 a8b2 S........T...#.. 0x0020: 5018 4020 8e52 0000 5553 4552 2061 6e6f P.@..R..USER.ano 0x0030: 6e79 6d6f 7573 0d0a nymous.. 18:09:13.376290 IP (tos 0x0, ttl 51, id 594, offset 0, flags [DF], proto TCP (6), length 40) 83.141.4.210.21 > 192.168.x.x.49309: Flags [.], cksum 0x5629 (correct), seq 37, ack 17, win 46, length 0 0x0000: 4500 0028 0252 4000 3306 bd6e 538d 04d2 E..(.R@.3..nS... 0x0010: c0a8 6f08 0015 c09d ff23 a8b2 8c54 dc8f ..o......#...T.. 0x0020: 5010 002e 5629 0000 P...V).. 18:09:13.377730 IP (tos 0x0, ttl 51, id 61787, offset 0, flags [DF], proto TCP (6), length 74) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0x0ede (correct), seq 37:71, ack 17, win 46, length 34 0x0000: 4500 004a f15b 4000 3306 ce42 538d 04d2 E..J.[@.3..BS... 0x0010: c0a8 6f08 0015 c09d ff23 a8b2 8c54 dc8f ..o......#...T.. 0x0020: 5018 002e 0ede 0000 3333 3120 506c 6561 P.......331.Plea 0x0030: 7365 2073 7065 6369 6679 2074 6865 2070 se.specify.the.p 0x0040: 6173 7377 6f72 642e 0d0a assword... 18:09:13.380654 IP (tos 0x0, ttl 128, id 3197, offset 0, flags [DF], proto TCP (6), length 61) 192.168.x.x.49309 > 83.141.4.210.21: Flags [P.], cksum 0x4ba1 (correct), seq 17:38, ack 71, win 16407, length 21 0x0000: 4500 003d 0c7d 4000 8006 662e c0a8 6f08 E..=.}@...f...o. 0x0010: 538d 04d2 c09d 0015 8c54 dc8f ff23 a8d4 S........T...#.. 0x0020: 5018 4017 4ba1 0000 5041 5353 2061 6e6f P.@.K...PASS.ano 0x0030: 6e40 6c6f 6361 6c68 6f73 740d 0a n@localhost.. 18:09:13.395584 IP (tos 0x0, ttl 51, id 54626, offset 0, flags [DF], proto TCP (6), length 63) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0x745a (correct), seq 71:94, ack 38, win 46, length 23 0x0000: 4500 003f d562 4000 3306 ea46 538d 04d2 E..?.b@.3..FS... 0x0010: c0a8 6f08 0015 c09d ff23 a8d4 8c54 dca4 ..o......#...T.. 0x0020: 5018 002e 745a 0000 3233 3020 4c6f 6769 P...tZ..230.Logi 0x0030: 6e20 7375 6363 6573 7366 756c 2e0d 0a n.successful... 18:09:13.400636 IP (tos 0x0, ttl 128, id 3198, offset 0, flags [DF], proto TCP (6), length 46) 192.168.x.x.49309 > 83.141.4.210.21: Flags [P.], cksum 0x6232 (correct), seq 38:44, ack 94, win 16401, length 6 0x0000: 4500 002e 0c7e 4000 8006 663c c0a8 6f08 E....~@...f<..o. 0x0010: 538d 04d2 c09d 0015 8c54 dca4 ff23 a8eb S........T...#.. 0x0020: 5018 4011 6232 0000 5359 5354 0d0a P.@.b2..SYST.. 18:09:13.414419 IP (tos 0x0, ttl 51, id 59108, offset 0, flags [DF], proto TCP (6), length 59) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0xee69 (correct), seq 94:113, ack 44, win 46, length 19 0x0000: 4500 003b e6e4 4000 3306 d8c8 538d 04d2 E..;..@.3...S... 0x0010: c0a8 6f08 0015 c09d ff23 a8eb 8c54 dcaa ..o......#...T.. 0x0020: 5018 002e ee69 0000 3231 3520 554e 4958 P....i..215.UNIX 0x0030: 2054 7970 653a 204c 380d 0a .Type:.L8.. 18:09:13.420655 IP (tos 0x0, ttl 128, id 3199, offset 0, flags [DF], proto TCP (6), length 46) 192.168.x.x.49309 > 83.141.4.210.21: Flags [P.], cksum 0x8131 (correct), seq 44:50, ack 113, win 16397, length 6 0x0000: 4500 002e 0c7f 4000 8006 663b c0a8 6f08 E.....@...f;..o. 0x0010: 538d 04d2 c09d 0015 8c54 dcaa ff23 a8fe S........T...#.. 0x0020: 5018 400d 8131 0000 4645 4154 0d0a P.@..1..FEAT.. 18:09:13.434846 IP (tos 0x0, ttl 51, id 16449, offset 0, flags [DF], proto TCP (6), length 55) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0x2b7a (correct), seq 113:128, ack 50, win 46, length 15 0x0000: 4500 0037 4041 4000 3306 7f70 538d 04d2 E..7@A@.3..pS... 0x0010: c0a8 6f08 0015 c09d ff23 a8fe 8c54 dcb0 ..o......#...T.. 0x0020: 5018 002e 2b7a 0000 3231 312d 4665 6174 P...+z..211-Feat 0x0030: 7572 6573 3a0d 0a ures:.. 18:09:13.434986 IP (tos 0x0, ttl 51, id 48808, offset 0, flags [DF], proto TCP (6), length 47) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0x86f9 (correct), seq 128:135, ack 50, win 46, length 7 0x0000: 4500 002f bea8 4000 3306 0111 538d 04d2 E../..@.3...S... 0x0010: c0a8 6f08 0015 c09d ff23 a90d 8c54 dcb0 ..o......#...T.. 0x0020: 5018 002e 86f9 0000 2045 5052 540d 0a P........EPRT.. 18:09:13.440655 IP (tos 0x0, ttl 128, id 3200, offset 0, flags [DF], proto TCP (6), length 40) 192.168.x.x.49309 > 83.141.4.210.21: Flags [.], cksum 0x15cd (correct), seq 50, ack 135, win 16391, length 0 0x0000: 4500 0028 0c80 4000 8006 6640 c0a8 6f08 E..(..@...f@..o. 0x0010: 538d 04d2 c09d 0015 8c54 dcb0 ff23 a914 S........T...#.. 0x0020: 5010 4007 15cd 0000 0000 0797 06f8 P.@........... 18:09:13.454325 IP (tos 0x0, ttl 51, id 63089, offset 0, flags [DF], proto TCP (6), length 105) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0x0fb9 (correct), seq 135:200, ack 50, win 46, length 65 0x0000: 4500 0069 f671 4000 3306 c90d 538d 04d2 E..i.q@.3...S... 0x0010: c0a8 6f08 0015 c09d ff23 a914 8c54 dcb0 ..o......#...T.. 0x0020: 5018 002e 0fb9 0000 2045 5053 560d 0a20 P........EPSV... 0x0030: 4d44 544d 0d0a 2050 4153 560d 0a20 5245 MDTM...PASV...RE 0x0040: 5354 2053 5452 4541 4d0d 0a20 5349 5a45 ST.STREAM...SIZE 0x0050: 0d0a 2054 5646 530d 0a20 5554 4638 0d0a ...TVFS...UTF8.. 0x0060: 3231 3120 456e 640d 0a 211.End.. 18:09:13.460658 IP (tos 0x0, ttl 128, id 3201, offset 0, flags [DF], proto TCP (6), length 54) 192.168.x.x.49309 > 83.141.4.210.21: Flags [P.], cksum 0x68ce (correct), seq 50:64, ack 200, win 16375, length 14 0x0000: 4500 0036 0c81 4000 8006 6631 c0a8 6f08 E..6..@...f1..o. 0x0010: 538d 04d2 c09d 0015 8c54 dcb0 ff23 a955 S........T...#.U 0x0020: 5018 3ff7 68ce 0000 4f50 5453 2055 5446 P.?.h...OPTS.UTF 0x0030: 3820 4f4e 0d0a 8.ON.. 18:09:13.474446 IP (tos 0x0, ttl 51, id 32291, offset 0, flags [DF], proto TCP (6), length 66) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0x9483 (correct), seq 200:226, ack 64, win 46, length 26 0x0000: 4500 0042 7e23 4000 3306 4183 538d 04d2 E..B~#@.3.A.S... 0x0010: c0a8 6f08 0015 c09d ff23 a955 8c54 dcbe ..o......#.U.T.. 0x0020: 5018 002e 9483 0000 3230 3020 416c 7761 P.......200.Alwa 0x0030: 7973 2069 6e20 5554 4638 206d 6f64 652e ys.in.UTF8.mode. 0x0040: 0d0a .. 18:09:13.490654 IP (tos 0x0, ttl 128, id 3202, offset 0, flags [DF], proto TCP (6), length 85) 192.168.x.x.49309 > 83.141.4.210.21: Flags [P.], cksum 0x85ce (correct), seq 64:109, ack 226, win 16368, length 45 0x0000: 4500 0055 0c82 4000 8006 6611 c0a8 6f08 E..U..@...f...o. 0x0010: 538d 04d2 c09d 0015 8c54 dcbe ff23 a96f S........T...#.o 0x0020: 5018 3ff0 85ce 0000 4357 4420 2f6f 7468 P.?.....CWD./oth 0x0030: 6572 732f 656b 6f2f 4272 6169 6e53 6c61 ers/eko/BrainSla 0x0040: 7965 722d 5632 342d 7072 6553 5032 2f32 yer-V24-preSP2/2 0x0050: 3031 330d 0a 013.. 18:09:13.509162 IP (tos 0x0, ttl 51, id 9140, offset 0, flags [DF], proto TCP (6), length 77) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0xc981 (correct), seq 226:263, ack 109, win 46, length 37 0x0000: 4500 004d 23b4 4000 3306 9be7 538d 04d2 E..M#.@.3...S... 0x0010: c0a8 6f08 0015 c09d ff23 a96f 8c54 dceb ..o......#.o.T.. 0x0020: 5018 002e c981 0000 3235 3020 4469 7265 P.......250.Dire 0x0030: 6374 6f72 7920 7375 6363 6573 7366 756c ctory.successful 0x0040: 6c79 2063 6861 6e67 6564 2e0d 0a ly.changed... 18:09:13.516472 IP (tos 0x0, ttl 128, id 3203, offset 0, flags [DF], proto TCP (6), length 45) 192.168.x.x.49309 > 83.141.4.210.21: Flags [P.], cksum 0x76c0 (correct), seq 109:114, ack 263, win 16359, length 5 0x0000: 4500 002d 0c83 4000 8006 6638 c0a8 6f08 E..-..@...f8..o. 0x0010: 538d 04d2 c09d 0015 8c54 dceb ff23 a994 S........T...#.. 0x0020: 5018 3fe7 76c0 0000 5057 440d 0a63 P.?.v...PWD..c 18:09:13.530727 IP (tos 0x0, ttl 51, id 40894, offset 0, flags [DF], proto TCP (6), length 87) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0xaa4e (correct), seq 263:310, ack 114, win 46, length 47 0x0000: 4500 0057 9fbe 4000 3306 1fd3 538d 04d2 E..W..@.3...S... 0x0010: c0a8 6f08 0015 c09d ff23 a994 8c54 dcf0 ..o......#...T.. 0x0020: 5018 002e aa4e 0000 3235 3720 222f 6f74 P....N..257."/ot 0x0030: 6865 7273 2f65 6b6f 2f42 7261 696e 536c hers/eko/BrainSl 0x0040: 6179 6572 2d56 3234 2d70 7265 5350 322f ayer-V24-preSP2/ 0x0050: 3230 3133 220d 0a 2013".. 18:09:13.540656 IP (tos 0x0, ttl 128, id 3204, offset 0, flags [DF], proto TCP (6), length 48) 192.168.x.x.49309 > 83.141.4.210.21: Flags [P.], cksum 0x4308 (correct), seq 114:122, ack 310, win 16347, length 8 0x0000: 4500 0030 0c84 4000 8006 6634 c0a8 6f08 E..0..@...f4..o. 0x0010: 538d 04d2 c09d 0015 8c54 dcf0 ff23 a9c3 S........T...#.. 0x0020: 5018 3fdb 4308 0000 5459 5045 2049 0d0a P.?.C...TYPE.I.. 18:09:13.554655 IP (tos 0x0, ttl 51, id 31272, offset 0, flags [DF], proto TCP (6), length 71) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0x1ec0 (correct), seq 310:341, ack 122, win 46, length 31 0x0000: 4500 0047 7a28 4000 3306 4579 538d 04d2 E..Gz(@.3.EyS... 0x0010: c0a8 6f08 0015 c09d ff23 a9c3 8c54 dcf8 ..o......#...T.. 0x0020: 5018 002e 1ec0 0000 3230 3020 5377 6974 P.......200.Swit 0x0030: 6368 696e 6720 746f 2042 696e 6172 7920 ching.to.Binary. 0x0040: 6d6f 6465 2e0d 0a mode... 18:09:13.560717 IP (tos 0x0, ttl 128, id 3205, offset 0, flags [DF], proto TCP (6), length 46) 192.168.x.x.49309 > 83.141.4.210.21: Flags [P.], cksum 0x643a (correct), seq 122:128, ack 341, win 16340, length 6 0x0000: 4500 002e 0c85 4000 8006 6635 c0a8 6f08 E.....@...f5..o. 0x0010: 538d 04d2 c09d 0015 8c54 dcf8 ff23 a9e2 S........T...#.. 0x0020: 5018 3fd4 643a 0000 5041 5356 0d0a P.?.d:..PASV.. 18:09:13.578745 IP (tos 0x0, ttl 51, id 63826, offset 0, flags [DF], proto TCP (6), length 90) 83.141.4.210.21 > 192.168.x.x.49309: Flags [P.], cksum 0xc1de (correct), seq 341:391, ack 128, win 46, length 50 0x0000: 4500 005a f952 4000 3306 c63b 538d 04d2 E..Z.R@.3..;S... 0x0010: c0a8 6f08 0015 c09d ff23 a9e2 8c54 dcfe ..o......#...T.. 0x0020: 5018 002e c1de 0000 3232 3720 456e 7465 P.......227.Ente 0x0030: 7269 6e67 2050 6173 7369 7665 204d 6f64 ring.Passive.Mod 0x0040: 6520 2838 332c 3134 312c 342c 3231 302c e.(83,141,4,210, 0x0050: 3131 382c 3137 3229 0d0a 118,172).. 18:09:13.583201 IP (tos 0x0, ttl 128, id 3206, offset 0, flags [DF], proto TCP (6), length 46) 192.168.x.x.49309 > 83.141.4.210.21: Flags [P.], cksum 0x6809 (correct), seq 128:134, ack 391, win 16327, length 6 0x0000: 4500 002e 0c86 4000 8006 6634 c0a8 6f08 E.....@...f4..o. 0x0010: 538d 04d2 c09d 0015 8c54 dcfe ff23 aa14 S........T...#.. 0x0020: 5018 3fc7 6809 0000 4c49 5354 0d0a P.?.h...LIST.. 18:09:13.590678 IP (tos 0x0, ttl 128, id 3207, offset 0, flags [DF], proto TCP (6), length 52) 192.168.x.x.49310 > 83.141.4.210.30380: Flags [s], cksum 0x7f89 (correct), seq 955905848, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 0x0000: 4500 0034 0c87 4000 8006 662d c0a8 6f08 E..4..@...f-..o. 0x0010: 538d 04d2 c09e 76ac 38f9 f738 0000 0000 S.....v.8..8.... 0x0020: 8002 ffff 7f89 0000 0204 05b4 0103 0302 ................ 0x0030: 0101 0402 .... 18:09:13.635642 IP (tos 0x0, ttl 51, id 4247, offset 0, flags [DF], proto TCP (6), length 40) 83.141.4.210.21 > 192.168.x.x.49309: Flags [.], cksum 0x5452 (correct), seq 391, ack 134, win 46, length 0 0x0000: 4500 0028 1097 4000 3306 af29 538d 04d2 E..(..@.3..)S... 0x0010: c0a8 6f08 0015 c09d ff23 aa14 8c54 dd04 ..o......#...T.. 0x0020: 5010 002e 5452 0000 P...TR.. 18:09:16.590287 IP (tos 0x0, ttl 128, id 3314, offset 0, flags [DF], proto TCP (6), length 52) 192.168.x.x.49310 > 83.141.4.210.30380: Flags [s], cksum 0x7f89 (correct), seq 955905848, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 0x0000: 4500 0034 0cf2 4000 8006 65c2 c0a8 6f08 E..4..@...e...o. 0x0010: 538d 04d2 c09e 76ac 38f9 f738 0000 0000 S.....v.8..8.... 0x0020: 8002 ffff 7f89 0000 0204 05b4 0103 0302 ................ 0x0030: 0101 0402 .... 18:09:22.590703 IP (tos 0x0, ttl 128, id 3321, offset 0, flags [DF], proto TCP (6), length 48) 192.168.x.x.49310 > 83.141.4.210.30380: Flags [s], cksum 0x9392 (correct), seq 955905848, win 65535, options [mss 1460,nop,nop,sackOK], length 0 0x0000: 4500 0030 0cf9 4000 8006 65bf c0a8 6f08 E..0..@...e...o. 0x0010: 538d 04d2 c09e 76ac 38f9 f738 0000 0000 S.....v.8..8.... 0x0020: 7002 ffff 9392 0000 0204 05b4 0101 0402 p............... 18:09:33.760509 IP (tos 0x0, ttl 128, id 3331, offset 0, flags [DF], proto TCP (6), length 40) 192.168.x.x.49309 > 83.141.4.210.21: Flags [F.], cksum 0x14b8 (correct), seq 134, ack 391, win 16327, length 0 0x0000: 4500 0028 0d03 4000 8006 65bd c0a8 6f08 E..(..@...e...o. 0x0010: 538d 04d2 c09d 0015 8c54 dd04 ff23 aa14 S........T...#.. 0x0020: 5011 3fc7 14b8 0000 0000 fca2 bf7e P.?..........~ 18:09:33.813916 IP (tos 0x0, ttl 51, id 52118, offset 0, flags [DF], proto TCP (6), length 40) 83.141.4.210.21 > 192.168.x.x.49309: Flags [.], cksum 0x5451 (correct), seq 391, ack 135, win 46, length 0 0x0000: 4500 0028 cb96 4000 3306 f429 538d 04d2 E..(..@.3..)S... 0x0010: c0a8 6f08 0015 c09d ff23 aa14 8c54 dd05 ..o......#...T.. 0x0020: 5010 002e 5451 0000 P...TQ.. WAN1 interface: [code][2.1-RC0][root@vpn]/root(1): tcpdump -s1600 -Xnvvi em1 host 83.141.4.210 tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 1600 bytes 18:09:13.317540 IP (tos 0x0, ttl 127, id 64052, offset 0, flags [DF], proto TCP (6), length 52) 5.x.x.x.5576 > 83.141.4.210.21: Flags [s], cksum 0x50d3 (correct), seq 2354371710, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 0x0000: 4500 0034 fa34 4000 7f06 81fc 0592 21a2 E..4.4@.......!. 0x0010: 538d 04d2 15c8 0015 8c54 dc7e 0000 0000 S........T.~.... 0x0020: 8002 2000 50d3 0000 0204 05b4 0103 0302 ....P........... 0x0030: 0101 0402 .... 18:09:13.332449 IP (tos 0x0, ttl 52, id 0, offset 0, flags [DF], proto TCP (6), length 52) 83.141.4.210.21 > 5.x.x.x.5576: Flags [S.], cksum 0xb23b (correct), seq 4280526989, ack 2354371711, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 0x0000: 4500 0034 0000 4000 3406 c731 538d 04d2 E..4..@.4..1S... 0x0010: 0592 21a2 0015 15c8 ff23 a88d 8c54 dc7f ..!......#...T.. 0x0020: 8012 16d0 b23b 0000 0204 05b4 0101 0402 .....;.......... 0x0030: 0103 0307 .... 18:09:13.340828 IP (tos 0x0, ttl 127, id 54016, offset 0, flags [DF], proto TCP (6), length 40) 5.x.x.x.5576 > 83.141.4.210.21: Flags [.], cksum 0xc9b4 (correct), seq 1, ack 1, win 16425, length 0 0x0000: 4500 0028 d300 4000 7f06 a93c 0592 21a2 E..(..@....<..!. 0x0010: 538d 04d2 15c8 0015 8c54 dc7f ff23 a88e S........T...#.. 0x0020: 5010 4029 c9b4 0000 P.@).... 18:09:13.360359 IP (tos 0x0, ttl 52, id 10897, offset 0, flags [DF], proto TCP (6), length 76) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0x329b (correct), seq 1:37, ack 1, win 46, length 36 0x0000: 4500 004c 2a91 4000 3406 9c88 538d 04d2 E..L*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 a88e 8c54 dc7f ..!......#...T.. 0x0020: 5018 002e 329b 0000 3232 3020 5765 6c63 P...2...220.Welc 0x0030: 6f6d 6520 746f 2044 442d 5752 5420 4654 ome.to.DD-WRT.FT 0x0040: 5020 7365 7276 6963 652e 0d0a P.service... 18:09:13.362624 IP (tos 0x0, ttl 127, id 35639, offset 0, flags [DF], proto TCP (6), length 56) 5.x.x.x.5576 > 83.141.4.210.21: Flags [P.], cksum 0x41a5 (correct), seq 1:17, ack 37, win 16416, length 16 0x0000: 4500 0038 8b37 4000 7f06 f0f5 0592 21a2 E..8.7@.......!. 0x0010: 538d 04d2 15c8 0015 8c54 dc7f ff23 a8b2 S........T...#.. 0x0020: 5018 4020 41a5 0000 5553 4552 2061 6e6f P.@.A...USER.ano 0x0030: 6e79 6d6f 7573 0d0a nymous.. 18:09:13.376160 IP (tos 0x0, ttl 52, id 10898, offset 0, flags [DF], proto TCP (6), length 40) 83.141.4.210.21 > 5.x.x.x.5576: Flags [.], cksum 0x097c (correct), seq 37, ack 17, win 46, length 0 0x0000: 4500 0028 2a92 4000 3406 9cab 538d 04d2 E..(*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 a8b2 8c54 dc8f ..!......#...T.. 0x0020: 5010 002e 097c 0000 0000 0000 0000 P....|........ 18:09:13.377605 IP (tos 0x0, ttl 52, id 10899, offset 0, flags [DF], proto TCP (6), length 74) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0xc230 (correct), seq 37:71, ack 17, win 46, length 34 0x0000: 4500 004a 2a93 4000 3406 9c88 538d 04d2 E..J*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 a8b2 8c54 dc8f ..!......#...T.. 0x0020: 5018 002e c230 0000 3333 3120 506c 6561 P....0..331.Plea 0x0030: 7365 2073 7065 6369 6679 2074 6865 2070 se.specify.the.p 0x0040: 6173 7377 6f72 642e 0d0a assword... 18:09:13.380826 IP (tos 0x0, ttl 127, id 59258, offset 0, flags [DF], proto TCP (6), length 61) 5.x.x.x.5576 > 83.141.4.210.21: Flags [P.], cksum 0xfef3 (correct), seq 17:38, ack 71, win 16407, length 21 0x0000: 4500 003d e77a 4000 7f06 94ad 0592 21a2 E..=.z@.......!. 0x0010: 538d 04d2 15c8 0015 8c54 dc8f ff23 a8d4 S........T...#.. 0x0020: 5018 4017 fef3 0000 5041 5353 2061 6e6f P.@.....PASS.ano 0x0030: 6e40 6c6f 6361 6c68 6f73 740d 0a n@localhost.. 18:09:13.395466 IP (tos 0x0, ttl 52, id 10900, offset 0, flags [DF], proto TCP (6), length 63) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0x27ad (correct), seq 71:94, ack 38, win 46, length 23 0x0000: 4500 003f 2a94 4000 3406 9c92 538d 04d2 E..?*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 a8d4 8c54 dca4 ..!......#...T.. 0x0020: 5018 002e 27ad 0000 3233 3020 4c6f 6769 P...'...230.Logi 0x0030: 6e20 7375 6363 6573 7366 756c 2e0d 0a n.successful... 18:09:13.400796 IP (tos 0x0, ttl 127, id 56163, offset 0, flags [DF], proto TCP (6), length 46) 5.x.x.x.5576 > 83.141.4.210.21: Flags [P.], cksum 0x1585 (correct), seq 38:44, ack 94, win 16401, length 6 0x0000: 4500 002e db63 4000 7f06 a0d3 0592 21a2 E....c@.......!. 0x0010: 538d 04d2 15c8 0015 8c54 dca4 ff23 a8eb S........T...#.. 0x0020: 5018 4011 1585 0000 5359 5354 0d0a P.@.....SYST.. 18:09:13.414289 IP (tos 0x0, ttl 52, id 10901, offset 0, flags [DF], proto TCP (6), length 59) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0xa1bc (correct), seq 94:113, ack 44, win 46, length 19 0x0000: 4500 003b 2a95 4000 3406 9c95 538d 04d2 E..;*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 a8eb 8c54 dcaa ..!......#...T.. 0x0020: 5018 002e a1bc 0000 3231 3520 554e 4958 P.......215.UNIX 0x0030: 2054 7970 653a 204c 380d 0a .Type:.L8.. 18:09:13.420820 IP (tos 0x0, ttl 127, id 51010, offset 0, flags [DF], proto TCP (6), length 46) 5.x.x.x.5576 > 83.141.4.210.21: Flags [P.], cksum 0x3484 (correct), seq 44:50, ack 113, win 16397, length 6 0x0000: 4500 002e c742 4000 7f06 b4f4 0592 21a2 E....B@.......!. 0x0010: 538d 04d2 15c8 0015 8c54 dcaa ff23 a8fe S........T...#.. 0x0020: 5018 400d 3484 0000 4645 4154 0d0a P.@.4...FEAT.. 18:09:13.434713 IP (tos 0x0, ttl 52, id 10902, offset 0, flags [DF], proto TCP (6), length 55) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0xdecc (correct), seq 113:128, ack 50, win 46, length 15 0x0000: 4500 0037 2a96 4000 3406 9c98 538d 04d2 E..7*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 a8fe 8c54 dcb0 ..!......#...T.. 0x0020: 5018 002e decc 0000 3231 312d 4665 6174 P.......211-Feat 0x0030: 7572 6573 3a0d 0a ures:.. 18:09:13.434877 IP (tos 0x0, ttl 52, id 10903, offset 0, flags [DF], proto TCP (6), length 47) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0x3a4c (correct), seq 128:135, ack 50, win 46, length 7 0x0000: 4500 002f 2a97 4000 3406 9c9f 538d 04d2 E../*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 a90d 8c54 dcb0 ..!......#...T.. 0x0020: 5018 002e 3a4c 0000 2045 5052 540d 0a P...:L...EPRT.. 18:09:13.440821 IP (tos 0x0, ttl 127, id 63388, offset 0, flags [DF], proto TCP (6), length 40) 5.x.x.x.5576 > 83.141.4.210.21: Flags [.], cksum 0xc91f (correct), seq 50, ack 135, win 16391, length 0 0x0000: 4500 0028 f79c 4000 7f06 84a0 0592 21a2 E..(..@.......!. 0x0010: 538d 04d2 15c8 0015 8c54 dcb0 ff23 a914 S........T...#.. 0x0020: 5010 4007 c91f 0000 P.@..... 18:09:13.454206 IP (tos 0x0, ttl 52, id 10904, offset 0, flags [DF], proto TCP (6), length 105) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0xc30b (correct), seq 135:200, ack 50, win 46, length 65 0x0000: 4500 0069 2a98 4000 3406 9c64 538d 04d2 E..i*.@.4..dS... 0x0010: 0592 21a2 0015 15c8 ff23 a914 8c54 dcb0 ..!......#...T.. 0x0020: 5018 002e c30b 0000 2045 5053 560d 0a20 P........EPSV... 0x0030: 4d44 544d 0d0a 2050 4153 560d 0a20 5245 MDTM...PASV...RE 0x0040: 5354 2053 5452 4541 4d0d 0a20 5349 5a45 ST.STREAM...SIZE 0x0050: 0d0a 2054 5646 530d 0a20 5554 4638 0d0a ...TVFS...UTF8.. 0x0060: 3231 3120 456e 640d 0a 211.End.. 18:09:13.460824 IP (tos 0x0, ttl 127, id 51327, offset 0, flags [DF], proto TCP (6), length 54) 5.x.x.x.5576 > 83.141.4.210.21: Flags [P.], cksum 0x1c21 (correct), seq 50:64, ack 200, win 16375, length 14 0x0000: 4500 0036 c87f 4000 7f06 b3af 0592 21a2 E..6..@.......!. 0x0010: 538d 04d2 15c8 0015 8c54 dcb0 ff23 a955 S........T...#.U 0x0020: 5018 3ff7 1c21 0000 4f50 5453 2055 5446 P.?..!..OPTS.UTF 0x0030: 3820 4f4e 0d0a 8.ON.. 18:09:13.474328 IP (tos 0x0, ttl 52, id 10905, offset 0, flags [DF], proto TCP (6), length 66) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0x47d6 (correct), seq 200:226, ack 64, win 46, length 26 0x0000: 4500 0042 2a99 4000 3406 9c8a 538d 04d2 E..B*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 a955 8c54 dcbe ..!......#.U.T.. 0x0020: 5018 002e 47d6 0000 3230 3020 416c 7761 P...G...200.Alwa 0x0030: 7973 2069 6e20 5554 4638 206d 6f64 652e ys.in.UTF8.mode. 0x0040: 0d0a .. 18:09:13.490827 IP (tos 0x0, ttl 127, id 3790, offset 0, flags [DF], proto TCP (6), length 85) 5.x.x.x.5576 > 83.141.4.210.21: Flags [P.], cksum 0x3921 (correct), seq 64:109, ack 226, win 16368, length 45 0x0000: 4500 0055 0ece 4000 7f06 6d42 0592 21a2 E..U..@...mB..!. 0x0010: 538d 04d2 15c8 0015 8c54 dcbe ff23 a96f S........T...#.o 0x0020: 5018 3ff0 3921 0000 4357 4420 2f6f 7468 P.?.9!..CWD./oth 0x0030: 6572 732f 656b 6f2f 4272 6169 6e53 6c61 ers/eko/BrainSla 0x0040: 7965 722d 5632 342d 7072 6553 5032 2f32 yer-V24-preSP2/2 0x0050: 3031 330d 0a 013.. 18:09:13.509037 IP (tos 0x0, ttl 52, id 10906, offset 0, flags [DF], proto TCP (6), length 77) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0x7cd4 (correct), seq 226:263, ack 109, win 46, length 37 0x0000: 4500 004d 2a9a 4000 3406 9c7e 538d 04d2 E..M*.@.4..~S... 0x0010: 0592 21a2 0015 15c8 ff23 a96f 8c54 dceb ..!......#.o.T.. 0x0020: 5018 002e 7cd4 0000 3235 3020 4469 7265 P...|...250.Dire 0x0030: 6374 6f72 7920 7375 6363 6573 7366 756c ctory.successful 0x0040: 6c79 2063 6861 6e67 6564 2e0d 0a ly.changed... 18:09:13.516605 IP (tos 0x0, ttl 127, id 20305, offset 0, flags [DF], proto TCP (6), length 45) 5.x.x.x.5576 > 83.141.4.210.21: Flags [P.], cksum 0x2a13 (correct), seq 109:114, ack 263, win 16359, length 5 0x0000: 4500 002d 4f51 4000 7f06 2ce7 0592 21a2 E..-OQ@...,...!. 0x0010: 538d 04d2 15c8 0015 8c54 dceb ff23 a994 S........T...#.. 0x0020: 5018 3fe7 2a13 0000 5057 440d 0a P.?.*...PWD.. 18:09:13.530608 IP (tos 0x0, ttl 52, id 10907, offset 0, flags [DF], proto TCP (6), length 87) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0x5da1 (correct), seq 263:310, ack 114, win 46, length 47 0x0000: 4500 0057 2a9b 4000 3406 9c73 538d 04d2 E..W*.@.4..sS... 0x0010: 0592 21a2 0015 15c8 ff23 a994 8c54 dcf0 ..!......#...T.. 0x0020: 5018 002e 5da1 0000 3235 3720 222f 6f74 P...]...257."/ot 0x0030: 6865 7273 2f65 6b6f 2f42 7261 696e 536c hers/eko/BrainSl 0x0040: 6179 6572 2d56 3234 2d70 7265 5350 322f ayer-V24-preSP2/ 0x0050: 3230 3133 220d 0a 2013".. 18:09:13.540816 IP (tos 0x0, ttl 127, id 15475, offset 0, flags [DF], proto TCP (6), length 48) 5.x.x.x.5576 > 83.141.4.210.21: Flags [P.], cksum 0xf65a (correct), seq 114:122, ack 310, win 16347, length 8 0x0000: 4500 0030 3c73 4000 7f06 3fc2 0592 21a2 E..0 <s@...?...!.<br>0x0010: 538d 04d2 15c8 0015 8c54 dcf0 ff23 a9c3 S........T...#.. 0x0020: 5018 3fdb f65a 0000 5459 5045 2049 0d0a P.?..Z..TYPE.I.. 18:09:13.554529 IP (tos 0x0, ttl 52, id 10908, offset 0, flags [DF], proto TCP (6), length 71) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0xd212 (correct), seq 310:341, ack 122, win 46, length 31 0x0000: 4500 0047 2a9c 4000 3406 9c82 538d 04d2 E..G*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 a9c3 8c54 dcf8 ..!......#...T.. 0x0020: 5018 002e d212 0000 3230 3020 5377 6974 P.......200.Swit 0x0030: 6368 696e 6720 746f 2042 696e 6172 7920 ching.to.Binary. 0x0040: 6d6f 6465 2e0d 0a mode... 18:09:13.560896 IP (tos 0x0, ttl 127, id 62161, offset 0, flags [DF], proto TCP (6), length 46) 5.x.x.x.5576 > 83.141.4.210.21: Flags [P.], cksum 0x178d (correct), seq 122:128, ack 341, win 16340, length 6 0x0000: 4500 002e f2d1 4000 7f06 8965 0592 21a2 E.....@....e..!. 0x0010: 538d 04d2 15c8 0015 8c54 dcf8 ff23 a9e2 S........T...#.. 0x0020: 5018 3fd4 178d 0000 5041 5356 0d0a P.?.....PASV.. 18:09:13.578505 IP (tos 0x0, ttl 52, id 10909, offset 0, flags [DF], proto TCP (6), length 90) 83.141.4.210.21 > 5.x.x.x.5576: Flags [P.], cksum 0x7531 (correct), seq 341:391, ack 128, win 46, length 50 0x0000: 4500 005a 2a9d 4000 3406 9c6e 538d 04d2 E..Z*.@.4..nS... 0x0010: 0592 21a2 0015 15c8 ff23 a9e2 8c54 dcfe ..!......#...T.. 0x0020: 5018 002e 7531 0000 3232 3720 456e 7465 P...u1..227.Ente 0x0030: 7269 6e67 2050 6173 7369 7665 204d 6f64 ring.Passive.Mod 0x0040: 6520 2838 332c 3134 312c 342c 3231 302c e.(83,141,4,210, 0x0050: 3131 382c 3137 3229 0d0a 118,172).. 18:09:13.583360 IP (tos 0x0, ttl 127, id 56551, offset 0, flags [DF], proto TCP (6), length 46) 5.x.x.x.5576 > 83.141.4.210.21: Flags [P.], cksum 0x1b5c (correct), seq 128:134, ack 391, win 16327, length 6 0x0000: 4500 002e dce7 4000 7f06 9f4f 0592 21a2 E.....@....O..!. 0x0010: 538d 04d2 15c8 0015 8c54 dcfe ff23 aa14 S........T...#.. 0x0020: 5018 3fc7 1b5c 0000 4c49 5354 0d0a P.?..\..LIST.. 18:09:13.591033 IP (tos 0x0, ttl 127, id 24294, offset 0, flags [DF], proto TCP (6), length 52) 5.x.x.x.30380 > 83.141.4.210.30380: Flags [s], cksum 0xd1f8 (correct), seq 955905848, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 0x0000: 4500 0034 5ee6 4000 7f06 1d4b 0592 21a2 E..4^.@....K..!. 0x0010: 538d 04d2 76ac 76ac 38f9 f738 0000 0000 S...v.v.8..8.... 0x0020: 8002 ffff d1f8 0000 0204 05b4 0103 0302 ................ 0x0030: 0101 0402 .... 18:09:13.604260 IP (tos 0x0, ttl 52, id 0, offset 0, flags [DF], proto TCP (6), length 52) 83.141.4.210.30380 > 5.x.x.x.30380: Flags [S.], cksum 0xd31b (correct), seq 1495371477, ack 955905849, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 0x0000: 4500 0034 0000 4000 3406 c731 538d 04d2 E..4..@.4..1S... 0x0010: 0592 21a2 76ac 76ac 5921 8ed5 38f9 f739 ..!.v.v.Y!..8..9 0x0020: 8012 16d0 d31b 0000 0204 05b4 0101 0402 ................ 0x0030: 0103 0307 .... 18:09:13.604660 IP (tos 0x0, ttl 64, id 59593, offset 0, flags [DF], proto ICMP (1), length 80) 5.x.x.x > 83.141.4.210: ICMP host 5.x.x.x unreachable, length 60 IP (tos 0x0, ttl 52, id 35537, offset 0, flags [DF], proto TCP (6), length 52) 83.141.4.210.30380 > 5.x.x.x.30380: Flags [S.], cksum 0xca9e (incorrect -> 0xd31b), seq 1495371477, ack 955905849, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 0x0000: 4500 0050 e8c9 4000 4001 d250 0592 21a2 E..P..@.@..P..!. 0x0010: 538d 04d2 0301 8535 0000 0000 4500 0034 S......5....E..4 0x0020: 8ad1 4000 3406 3c60 538d 04d2 0592 21a2 ..@.4.<`S.....!. 0x0030: 76ac 76ac 5921 8ed5 38f9 f739 8012 16d0 v.v.Y!..8..9.... 0x0040: ca9e 0000 0204 05b4 0101 0402 0103 0307 ................ 18:09:13.635502 IP (tos 0x0, ttl 52, id 10910, offset 0, flags [DF], proto TCP (6), length 40) 83.141.4.210.21 > 5.x.x.x.5576: Flags [.], cksum 0x07a5 (correct), seq 391, ack 134, win 46, length 0 0x0000: 4500 0028 2a9e 4000 3406 9c9f 538d 04d2 E..(*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 aa14 8c54 dd04 ..!......#...T.. 0x0020: 5010 002e 07a5 0000 0000 0000 0000 P............. 18:09:16.590578 IP (tos 0x0, ttl 127, id 13396, offset 0, flags [DF], proto TCP (6), length 52) 5.x.x.x.45189 > 83.141.4.210.30380: Flags [s], cksum 0x981f (correct), seq 955905848, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 0x0000: 4500 0034 3454 4000 7f06 47dd 0592 21a2 E..44T@...G...!. 0x0010: 538d 04d2 b085 76ac 38f9 f738 0000 0000 S.....v.8..8.... 0x0020: 8002 ffff 981f 0000 0204 05b4 0103 0302 ................ 0x0030: 0101 0402 .... 18:09:16.606513 IP (tos 0x22,ECT(0), ttl 52, id 57244, offset 0, flags [none], proto ICMP (1), length 80) 83.141.4.210 > 5.x.x.x: ICMP host 83.141.4.210 unreachable - admin prohibited, length 60 IP (tos 0x3,CE, ttl 114, id 13396, offset 0, flags [DF], proto TCP (6), length 52) 5.x.x.x.45189 > 83.141.4.210.30380: Flags [s], cksum 0x981f (correct), seq 955905848, win 65535, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 0x0000: 4522 0050 df9c 0000 3401 275c 538d 04d2 E".P....4.'\S... 0x0010: 0592 21a2 030a 7caf 0000 0000 4503 0034 ..!...|.....E..4 0x0020: 3454 4000 7206 54da 0592 21a2 538d 04d2 4T@.r.T...!.S... 0x0030: b085 76ac 38f9 f738 0000 0000 8002 ffff ..v.8..8........ 0x0040: 981f 0000 0204 05b4 0103 0302 0101 0402 ................ 18:09:22.590960 IP (tos 0x0, ttl 127, id 5468, offset 0, flags [DF], proto TCP (6), length 48) 5.x.x.x.45189 > 83.141.4.210.30380: Flags [s], cksum 0xac28 (correct), seq 955905848, win 65535, options [mss 1460,nop,nop,sackOK], length 0 0x0000: 4500 0030 155c 4000 7f06 66d9 0592 21a2 E..0.\@...f...!. 0x0010: 538d 04d2 b085 76ac 38f9 f738 0000 0000 S.....v.8..8.... 0x0020: 7002 ffff ac28 0000 0204 05b4 0101 0402 p....(.......... 18:09:22.603970 IP (tos 0x22,ECT(0), ttl 52, id 57245, offset 0, flags [none], proto ICMP (1), length 76) 83.141.4.210 > 5.x.x.x: ICMP host 83.141.4.210 unreachable - admin prohibited, length 56 IP (tos 0x3,CE, ttl 114, id 5468, offset 0, flags [DF], proto TCP (6), length 48) 5.x.x.x.45189 > 83.141.4.210.30380: Flags [s], cksum 0xac28 (correct), seq 955905848, win 65535, options [mss 1460,nop,nop,sackOK], length 0 0x0000: 4522 004c df9d 0000 3401 275f 538d 04d2 E".L....4.'_S... 0x0010: 0592 21a2 030a 7cab 0000 0000 4503 0030 ..!...|.....E..0 0x0020: 155c 4000 7206 73d6 0592 21a2 538d 04d2 .\@.r.s...!.S... 0x0030: b085 76ac 38f9 f738 0000 0000 7002 ffff ..v.8..8....p... 0x0040: ac28 0000 0204 05b4 0101 0402 .(.......... 18:09:33.760635 IP (tos 0x0, ttl 127, id 53565, offset 0, flags [DF], proto TCP (6), length 40) 5.x.x.x.5576 > 83.141.4.210.21: Flags [F.], cksum 0xc80a (correct), seq 134, ack 391, win 16327, length 0 0x0000: 4500 0028 d13d 4000 7f06 aaff 0592 21a2 E..(.=@.......!. 0x0010: 538d 04d2 15c8 0015 8c54 dd04 ff23 aa14 S........T...#.. 0x0020: 5011 3fc7 c80a 0000 P.?..... 18:09:33.813855 IP (tos 0x0, ttl 52, id 10911, offset 0, flags [DF], proto TCP (6), length 40) 83.141.4.210.21 > 5.x.x.x.5576: Flags [.], cksum 0x07a4 (correct), seq 391, ack 135, win 46, length 0 0x0000: 4500 0028 2a9f 4000 3406 9c9e 538d 04d2 E..(*.@.4...S... 0x0010: 0592 21a2 0015 15c8 ff23 aa14 8c54 dd05 ..!......#...T.. 0x0020: 5010 002e 07a4 0000 0000 0000 0000 P............. FW log: [code]Jun 10 18:09:14 vpn pf: 00:01:23.795007 rule 4/0(match): block out on em0: (tos 0x0, ttl 51, id 9319, offset 0, flags [DF], proto TCP (6), length 52) Jun 10 18:09:14 vpn pf: 83.141.4.210.30380 > 192.168.x.x.30380: Flags [S.], cksum 0xca9e (correct), seq 1495371477, ack 955905849, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 [/code] There's some weird source port changing going on on the external interface when trying the data connection. [/s][/s][/s][/s][/s][/s][/code][/s][/s][/s][/s]</s@...?...!.<br> -
I confirm the same with:
2.1-RC0 (amd64) built on Sun Jun 9 21:31:32 EDT 2013 FreeBSD 8.3-RELEASE-p8
Some FTP sites are fine (although seemingly slower to list directories than the March 18th build I was running yesterday) - the DD-WRT is definitely broken though. Setting debug.pfftpproxy=1 seems to fix it.
-
I think Ermal's change a month ago makes the FTP connection change the source port on the outside interface. But as you can see in my firewall log, the changed source port is not added to the state table. Thus the firewall code blocks it and passive FTP does not work.
When turning off the FTP proxy, the source port is known by the state table and the connection works. -
Some FTP sites are fine (although seemingly slower to list directories than the March 18th build I was running yesterday)
Same here. Superslow FTP browsing while debug.pfftpproxy=0
-
I have the same problem on 2.0.2, impossible to handle big files through ftp with default debug.pfftpproxy value.
-
So has anyone entered a bug for this or had acknowledgement from any devs (apart from jimp here)? It's a fairly big deal-breaker. I have a fairly simple setup here and see it on some sites.
-
gogol.. why did you delete your reply - I was fortunate enough to catch it and it solved all my problems (including slow to connect issues I've had for 18 months!!)
-
gogol.. why did you delete your reply - I was fortunate enough to catch it and it solved all my problems (including slow to connect issues I've had for 18 months!!)
I wasn't sure!
I am still encountering some problems (slow now and then), but it goes better. Disabling it works better for me.
For anyone who wants to try this is what I did:Under System>Advanced>Firewall/Nat check under TFTP proxy you LAN interface and click Save
Under System>Advanced>System Tunables set debug.pfftp.proxy to "default" valueMore on this in this article
-
I just noticed I haven't had any connections from a few people on my local FTP server in a while, so I started looking into it. Passive connections were working fine but I haven't had an active connection work since 6/2/13 when I must have done a firmware upgrade (2.1 RC0 x64). I changed debug.pfftpproxy to 1 and applied it and instantly active connections began working again for these people. Something changed with the ftp proxy (I'd say in May) which kept active connections from working. Sorry I don't have much more info at this time.
