4. FTP Client Proxy / passive FTP

FTP Client Proxy / passive FTP

  • D

    Hi,

    we have installed the FTP Client Proxy package, to get active ftp working. But with the running service passive ftp is broken. Why? Any additional steps or firewall rules?

    Thx!

    0
  • D

    Ok, I dump some of the traffic and think I find the problem:

    Client 1.1.1.1
    Server 2.2.2.2

    Here is the dump for a listing in passive mode:

    17:51:56.209388 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438097740 ecr 0,nop,wscale 7], length 0
17:51:56.228354 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246550 ecr 438097740,nop,wscale 3], length 0
17:51:56.228379 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
17:51:57.207804 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438097990 ecr 0,nop,wscale 7], length 0
17:51:57.216513 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246650 ecr 438097740,nop,wscale 3], length 0
17:51:57.216579 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
17:51:59.211787 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438098491 ecr 0,nop,wscale 7], length 0
17:51:59.240789 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246850 ecr 438097740,nop,wscale 3], length 0
17:51:59.240815 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
17:51:59.812596 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246910 ecr 438097740,nop,wscale 3], length 0
17:51:59.812651 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
17:52:03.215791 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438099492 ecr 0,nop,wscale 7], length 0
17:52:03.224268 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811247251 ecr 438097740,nop,wscale 3], length 0
17:52:03.224288 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
17:52:05.812505 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811247510 ecr 438097740,nop,wscale 3], length 0

The client initiates the connection from port 34966 to 58523\. But the answer come from port 38538 and not port 58523\. So the client send a RST and retransmit..

A bug in the package? Any ideas? We really need a working ftp helper implementation for our customers :-/

Thx! [/s][/s][/s][/s]
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy