PDA

Bekijk de volledige versie : Cannot get PASV ftp transfer to work for ppl also behind router



thias
05-04-2005, 10:27
Dear Forum Inhabitants...

I have tried now for quite some time to get my ftp to work in pasv mode for a specific group of people that is also behind a router and cannot connect to my ftp. I'm not talking about the built-in usb ftp but one that is running on a lan machine. The error always occurs when the data connection should be established; LISTING directory content.
Most people CAN connect without problems.

My data:

Mode: home gateway
Firmware: 1.9.2.7-4
Firewall: enabled
-Ports forwarded in virtual server for ftp: 2110-2111 on BOTH and 50100:50200 on BOTH just to make sure for the Control and the Data connection
-I enabled wan to lan, en lan to wan filter and forwarded 50100:50200 there, setting: specified packets will be accepted
-Server used: Bulletproof ftp 2.21 fixed on internal ip 192.168.1.2 and the pasv portrange 50100:50200 specified in the pasv tab.
-I have a fixed wan ip

-The machine on which the Ftp server runs has internal ip 192.168.1.2 which is fixed by specifying the mac address in the DHCP server tab.

I tried specifying the server ports in port trigger as well, but this did not work, so I erared that setting again. I enabled wan to lan and vice-versa filter because I read somewhere on this forum that pasv ftp only works with this filter enabled. I am trying now to make it work without this filter but I tried that before... didn't work. You could think that if you enable the setting that not specified packets will be accepted, the specified ones will be dropped, but if that would be true, nodody would be able to connect anymore.

the ftp log data:

STATUS:> Connecting to xxx.xxx.xxx.xxx (Wan outside ip displayed)
STATUS:> Socket connected. Waiting for welcome message...
220-Myftp
220 Welcome
STATUS:> Connected. Authenticating...
COMMAND:> USER Yan
331 Password required for Yan.
COMMAND:> PASS ********
230 User Yan logged in.
STATUS:> Login successful
COMMAND:> TYPE I
200 Type set to I.
COMMAND:> pwd
257 "/" is current directory.
COMMAND:> TYPE A
200 Type set to A.
STATUS:> Retrieving directory listing...
COMMAND:> PASV
227 Entering Passive Mode (192,168,1,2,195,239).
COMMAND:> LIST
STATUS:> Connecting data socket...
ERROR:> Failed to establish data socket
ERROR:> Timeout

As you can see the client tries to connect to the right port (256x195+239) He said he even put his machine in dmz mode for it.

This problem is driving me nuts.

I am also unsure about two other issues that could be important in this case:

*What is exactly the interaction between port triggering, virtual server and wan<-->lan filter?
*When are router configuration changes really applied?
*What does the firewall exactly do? (switched it off, but it didn't work, and I feel it should be able to work in combination with my server as well)

I hope somebody can help me.

Thias

Oleg
05-04-2005, 10:46
Try connecting to LAN IP, instead of WAN.

thias
05-04-2005, 11:03
Try connecting to LAN IP, instead of WAN.

I'm not sure I know what you mean? How could somebody on wan, outside my lan network connect to my internal LAN IP??????

............

Oleg
05-04-2005, 11:05
Ah, I see. At first I thought there is a problem on the LAN side.

thias
05-04-2005, 11:13
Ah, I see. At first I thought there is a problem on the LAN side.

D*mn, I thought I really specified everything :)

pimz3001
27-04-2005, 21:16
I'm not complete sure, but can it be the case that forwarding ranges doesn't work well?
I use 2121 & 2120 and passive ports 51000, 51001, up to 51005. All individualy specified. Not as a range.

(Also the XP Firewall was in the way at a certain moment. Did shut it down. That's why I'm not completely sure about the 1st point)

Now everything works. (Also the WL500g FTP-server at 21 at the same time)

Maybe it's of some use for you.

Grtz, Pim.

(Using: 1.9.2.7.3)

Antiloop
27-04-2005, 23:39
Bulletproof.. is that also the G6 FTP server thingy? if yes perhaps I can help you
but have to look into the configuration of my other pc
but i'm only using it to FXP to it..

thias
24-05-2005, 10:33
Thanks for the replies guys,

I have no indication that the range-forwarding wouldn't work well. This is because most people can connect without problems. Their machines are opening exactly the right ports on my machine, somewhere in the range 50100-50200.

The weird thing is that some people that are also behind a router try to do the same thing, but the data connection somehow hangs and they never receive any dir listing. I expect this problem to be caused by interaction between two routers. Forwarding port-by-port is not really an option for me, since the ammount of users on my ftp requires me to open at least 100 ports.

Antiloop
24-05-2005, 14:56
I have this at my virtual server:

Port range: 55000-65535
Local ip: 192.168.0.123
local port: LEAVE IT EMPTY
Protocol: TCP
Protocol No: LEAVE IT EMPTY
Description: ftp passive

but I'm using G6 ftp or something, afaik it is also named Bulletproof..?