Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FTP Client Proxy / passive FTP

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 1 Posters 662 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      delumax
      last edited by

      Hi,

      we have installed the FTP Client Proxy package, to get active ftp working. But with the running service passive ftp is broken. Why? Any additional steps or firewall rules?

      Thx!

      1 Reply Last reply Reply Quote 0
      • D
        delumax
        last edited by

        Ok, I dump some of the traffic and think I find the problem:

        Client 1.1.1.1
        Server 2.2.2.2

        Here is the dump for a listing in passive mode:

        17:51:56.209388 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438097740 ecr 0,nop,wscale 7], length 0
        17:51:56.228354 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246550 ecr 438097740,nop,wscale 3], length 0
        17:51:56.228379 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
        17:51:57.207804 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438097990 ecr 0,nop,wscale 7], length 0
        17:51:57.216513 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246650 ecr 438097740,nop,wscale 3], length 0
        17:51:57.216579 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
        17:51:59.211787 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438098491 ecr 0,nop,wscale 7], length 0
        17:51:59.240789 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246850 ecr 438097740,nop,wscale 3], length 0
        17:51:59.240815 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
        17:51:59.812596 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811246910 ecr 438097740,nop,wscale 3], length 0
        17:51:59.812651 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
        17:52:03.215791 IP 1.1.1.1.34966 > 2.2.2.2.58523: Flags [s], seq 367546487, win 29200, options [mss 1460,sackOK,TS val 438099492 ecr 0,nop,wscale 7], length 0
        17:52:03.224268 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811247251 ecr 438097740,nop,wscale 3], length 0
        17:52:03.224288 IP 1.1.1.1.34966 > 2.2.2.2.38538: Flags [R], seq 367546488, win 0, length 0
        17:52:05.812505 IP 2.2.2.2.38538 > 1.1.1.1.34966: Flags [S.], seq 3116512794, ack 367546488, win 5792, options [mss 1460,sackOK,TS val 811247510 ecr 438097740,nop,wscale 3], length 0
        
        The client initiates the connection from port 34966 to 58523\. But the answer come from port 38538 and not port 58523\. So the client send a RST and retransmit..
        
        A bug in the package? Any ideas? We really need a working ftp helper implementation for our customers :-/
        
        Thx! [/s][/s][/s][/s]
        
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.