PDA

Bekijk de volledige versie : USB-FTP server & passive mode


Tamadite
12-12-2004, 02:46
I have found a strange problem in my WL-500g running firmware ver. 1.8.1.9.

When using the USB-FTP server it works perfectly on port 21 on ftp-clients running both active mode and passive mode. But if I change the port on my USB-FTP server to another port (e.g. 1050) it only works if ftp-clients use active mode.

If clients use passive ftp mode, it seems that my WL-500g does not send any SYN-ACK back when initiating the data transmission. As a summary of what I have found:


Client sends: PASV (to port 1050)
Server sends: Entering passive mode indicating listening port
Client sends: (ftp command, e.g. “list”, to port 1050)
Client sends: SYN (to server PASV listening port to start data transmission)
Server never sends SYN-ACK back

When looking at the log on my WL-500g I can see packets sent to the listening port that have been denied hence SYN-ACK are never sent back.

What is the reason for this?
Is the USB-FTP server behind the firewall?
If it is so, how the firewall is ruling its traffic?

PS1: Clients on the LAN have no problem with passive/active FTP, only clients in WAN have.
PS2: FTP-passive mode is used by clients/users in the WAN behind firewalls therefore it is needed to find the reason of this behaviour so users behind firewalls can reach the USB-FTP server.
brubber
12-12-2004, 21:29
Probably the data port is not forwarded correctly for command ports other then 21, so data never gets to your ftp server. Perhaps you can restrict the data ports that can be used in PASV mode (don't know if this is possible with the ftp server on the wl-500g) and manually forward them to your ftp server (to test if this is actually the problem)

If this is true you will probably need to use port redirection (don't know if this is possible on the wl-500g though)
Tamadite
13-12-2004, 18:52
It looks like the USB-FTP server works behind the firewall otherwise there is no reason for dropping packets when opening a FTP session in passive mode if it is not to port 21.

It seems that the USB-FTP server deamon can properly open the PASV listening port on the firewall when working on port 21. But as long as the USB-FTP server works on some other port but port 21 either it is not able to open the PASV listening port on the firewall or it just does not work at all on PASV mode but on port 21.

But the question is, if the USB-FTP server deamon can not work on PASV mode on other port than port 21, why does it send "entering passive mode" to the ftp-client?

I don't know if this can be considered a bug or just a normal operation on this router prone to be amended.