Outgoing Active FTP Problem



  • Hey guys,
    I'm having an issue with outgoing active FTP.
    Outbound passive FTP works fine.
    However, I've got an app that we have to use that makes ftp connections via the ftp.exe (in windows) which doesn't do passive connections.

    I'm running a multi-wan setup here.
    I've got the ftp-helper enabled on the LAN interface (i previously had the checkbox checked to disable it so that FTP transfers wouldn't all occur via the WAN interface, which is slower than our WAN2/OPT1 interface), but still no dice (I can connect, but when trying to get a directory listing, it fails).
    Any ideas?

    I'm totally stuck here…



  • tcpdump on LAN and WAN interfaces simultaneously would help.



  • WAN
    07:08:26.493737 IP WANIPADR.35686 > FTPIPADR.21: S 3438673907:3438673907(0) win 65228 <mss 0="" 6964439="" 1460,nop,wscale="" 4,sackok,timestamp="">07:08:26.569965 IP FTPIPADR.21 > WANIPADR.35686: S 2995781275:2995781275(0) ack 3438673908 win 16384 <mss 0="" 1460,nop,wscale="" 0,nop,nop,timestamp="" 0,nop,nop,sackok="">07:08:26.570090 IP WANIPADR.35686 > FTPIPADR.21: . ack 1 win 4163 <nop,nop,timestamp 0="" 6964447="">07:08:26.648454 IP FTPIPADR.21 > WANIPADR.35686: P 1:182(181) ack 1 win 65535 <nop,nop,timestamp 6964447="" 39242163="">07:08:26.648536 IP WANIPADR.35686 > FTPIPADR.21: . ack 182 win 4151 <nop,nop,timestamp 6964455="" 39242163="">07:08:28.463359 IP WANIPADR.35686 > FTPIPADR.21: P 1:14(13) ack 182 win 4163 <nop,nop,timestamp 6964636="" 39242163="">07:08:28.539459 IP FTPIPADR.21 > WANIPADR.35686: P 182:218(36) ack 14 win 65522 <nop,nop,timestamp 6964636="" 39242181="">07:08:28.539578 IP WANIPADR.35686 > FTPIPADR.21: . ack 218 win 4160 <nop,nop,timestamp 6964644="" 39242181="">07:08:29.615695 IP WANIPADR.35686 > FTPIPADR.21: P 14:27(13) ack 218 win 4163 <nop,nop,timestamp 6964751="" 39242181="">07:08:29.700682 IP FTPIPADR.21 > WANIPADR.35686: P 218:412(194) ack 27 win 65509 <nop,nop,timestamp 6964751="" 39242194="">07:08:29.700855 IP WANIPADR.35686 > FTPIPADR.21: . ack 412 win 4150 <nop,nop,timestamp 6964760="" 39242194="">07:08:30.703392 IP WANIPADR.35686 > FTPIPADR.21: P 27:55(28) ack 412 win 4163 <nop,nop,timestamp 6964860="" 39242194="">07:08:30.779434 IP FTPIPADR.21 > WANIPADR.35686: P 412:442(30) ack 55 win 65481 <nop,nop,timestamp 6964860="" 39242205="">07:08:30.779565 IP WANIPADR.35686 > FTPIPADR.21: . ack 442 win 4161 <nop,nop,timestamp 6964868="" 39242205="">07:08:30.784431 IP WANIPADR.35686 > FTPIPADR.21: P 55:61(6) ack 442 win 4163 <nop,nop,timestamp 6964868="" 39242205="">07:08:30.863724 IP FTPIPADR.21 > WANIPADR.35686: P 442:507(65) ack 61 win 65475 <nop,nop,timestamp 6964868="" 39242205="">07:08:30.863835 IP WANIPADR.35686 > FTPIPADR.21: . ack 507 win 4158 <nop,nop,timestamp 6964876="" 39242205="">07:08:30.864630 IP FTPIPADR.55552 > WANIPADR.64724: S 3443460665:3443460665(0) win 65535 <mss 1460,nop,nop,sackok="">07:08:33.785723 IP FTPIPADR.55552 > WANIPADR.64724: S 3443460665:3443460665(0) win 65535 <mss 1460,nop,nop,sackok="">LAN
    07:08:26.492337 IP CLIENTIPADR.55172 > FTPIPADR.21: S 363713193:363713193(0) win 8192 <mss 1460,nop,wscale="" 2,nop,nop,sackok="">07:08:26.493090 IP FTPIPADR.21 > CLIENTIPADR.55172: S 3989763822:3989763822(0) ack 363713194 win 65228 <mss 1460,nop,wscale="" 4,sackok,eol="">07:08:26.493308 IP CLIENTIPADR.55172 > FTPIPADR.21: . ack 1 win 2048
    07:08:26.648999 IP FTPIPADR.21 > CLIENTIPADR.55172: P 1:182(181) ack 1 win 4106
    07:08:26.848149 IP CLIENTIPADR.55172 > FTPIPADR.21: . ack 182 win 2002
    07:08:28.463004 IP CLIENTIPADR.55172 > FTPIPADR.21: P 1:14(13) ack 182 win 2002
    07:08:28.463122 IP FTPIPADR.21 > CLIENTIPADR.55172: . ack 14 win 4105
    07:08:28.540028 IP FTPIPADR.21 > CLIENTIPADR.55172: P 182:218(36) ack 14 win 4106
    07:08:28.739063 IP CLIENTIPADR.55172 > FTPIPADR.21: . ack 218 win 1993
    07:08:29.569156 IP CLIENTIPADR.61858 > 69.28.145.172.27017: UDP, length 100
    07:08:29.615324 IP CLIENTIPADR.55172 > FTPIPADR.21: P 14:27(13) ack 218 win 1993
    07:08:29.615450 IP FTPIPADR.21 > CLIENTIPADR.55172: . ack 27 win 4105
    07:08:29.701319 IP FTPIPADR.21 > CLIENTIPADR.55172: P 218:412(194) ack 27 win 4106
    07:08:29.901423 IP CLIENTIPADR.55172 > FTPIPADR.21: . ack 412 win 1945
    07:08:30.702966 IP CLIENTIPADR.55172 > FTPIPADR.21: P 27:51(24) ack 412 win 1945
    07:08:30.703084 IP FTPIPADR.21 > CLIENTIPADR.55172: . ack 51 win 4104
    07:08:30.780427 IP FTPIPADR.21 > CLIENTIPADR.55172: P 412:442(30) ack 51 win 4106
    07:08:30.784166 IP CLIENTIPADR.55172 > FTPIPADR.21: P 51:57(6) ack 442 win 1937
    07:08:30.784260 IP FTPIPADR.21 > CLIENTIPADR.55172: . ack 57 win 4105
    07:08:30.864292 IP FTPIPADR.21 > CLIENTIPADR.55172: P 442:507(65) ack 57 win 4106
    07:08:30.864833 IP FTPIPADR.59304 > CLIENTIPADR.55174: S 3443460665:3443460665(0) win 65535 <mss 1460,nop,nop,sackok="">07:08:31.060065 IP CLIENTIPADR.55172 > FTPIPADR.21: . ack 507 win 1921
    07:08:33.785804 IP FTPIPADR.59304 > CLIENTIPADR.55174: S 3443460665:3443460665(0) win 65535</mss></mss></mss></mss></mss></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></nop,nop,timestamp></mss></mss>



  • You know what?
    Thanks for making me do the TCPDUMP.

    Seriously.
    Because now I looked at its output, and I can see the problem:  The Userland FTP helper is working fine - but the connection on the client isn't being accepted.  Its the local client firewall blocking the active FTP incoming connection.

    I HATE ACTIVE FTP.

    But at least this problem is sorted.

    Thanks again!


Log in to reply