FTP Client Proxy / passive FTP



  • Hi,

    we have installed the FTP Client Proxy package, to get active ftp working. But with the running service passive ftp is broken. Why? Any additional steps or firewall rules?

    Thx!



  • Ok, I dump some of the traffic and think I find the problem:

    Client 1.1.1.1
    Server 2.2.2.2

    Here is the dump for a listing in passive mode:

    17:51:56.209388 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438097740 ecr 0,nop,wscale 7], length 0
    17:51:56.228354 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246550 ecr 438097740,nop,wscale 3], length 0
    17:51:56.228379 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
    17:51:57.207804 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438097990 ecr 0,nop,wscale 7], length 0
    17:51:57.216513 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246650 ecr 438097740,nop,wscale 3], length 0
    17:51:57.216579 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
    17:51:59.211787 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438098491 ecr 0,nop,wscale 7], length 0
    17:51:59.240789 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246850 ecr 438097740,nop,wscale 3], length 0
    17:51:59.240815 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
    17:51:59.812596 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246910 ecr 438097740,nop,wscale 3], length 0
    17:51:59.812651 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
    17:52:03.215791 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438099492 ecr 0,nop,wscale 7], length 0
    17:52:03.224268 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811247251 ecr 438097740,nop,wscale 3], length 0
    17:52:03.224288 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
    17:52:05.812505 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811247510 ecr 438097740,nop,wscale 3], length 0
    
    The client initiates the connection from port 34966 to 58523\. But the answer come from port 38538 and not port 58523\. So the client send a RST and retransmit..
    
    A bug in the package? Any ideas? We really need a working ftp helper implementation for our customers :-/
    
    Thx! [/s][/s][/s][/s]
    

Log in to reply