This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP Verbindung zu einem externen FTP Server ist in v18 nicht möglich

Hallo zusammen,

wir haben unsere Firewall auf Version 18 aktualisiert. Seitdem sind wir nicht mehr in der Lage eine Verbindung zu einem FTP Server herzustellen. Diese FTP Verbindung haben wir unter Version 17 noch aufbauen können.

Einzelne Schritte bis zum Problem:

1. Wir bauen, via CMD, eine Verbindung zum FTP Server auf.

2. Wir authentifizieren uns mit einem Benutzernamen und einem Passwort.

3. Wir führen den Befehl "dir", zum listen der Ordner auf dem Server, aus.

Das Problem: Nach dem Befehl "dir" (/bin/ls) kommt keine Auflistung der Ordner zurück. Stattdessen wird die Verbindung nach ca. 10 Sekunden abgebrochen.

Unsere Versuche den Fehler zu lokalisieren:

Wir haben alle Protection Features abgeschaltet.

Wir haben eine Firewall Regel LAN -> WAN -> Any -> Allow erstellt.

Wir haben uns den TCP Dump angeschaut.

Anschließend habe ich es auf einer anderen Firewall mit v17 nochmals geprüft. Dort funktioniert alles reibungslos. Was können wir machen?

TCP DUMP:

listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes

11:06:14.042986 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.21 > 79.140.176.88.50876: Flags [S.], seq 692585719, ack 2971673627, win 64240, options [mss 1452,nop,wscale 0,nop,nop,sackOK], length 0

11:06:14.043203 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [S.], seq 692585719, ack 2971673627, win 64240, options [mss 1452,nop,wscale 0,nop,nop,sackOK], length 0

11:06:14.043205 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [S.], seq 692585719, ack 2971673627, win 64240, options [mss 1452,nop,wscale 0,nop,nop,sackOK], length 0

11:06:14.063483 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.21 > 79.140.176.88.50876: Flags [P.], seq 1:45, ack 1, win 64240, length 44: FTP: 220-Serv-U FTP Server for WinSock ready...

11:06:14.063658 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 1:45, ack 1, win 64240, length 44: FTP: 220-Serv-U FTP Server for WinSock ready...

11:06:14.063659 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 1:45, ack 1, win 64240, length 44: FTP: 220-Serv-U FTP Server for WinSock ready...

11:06:14.131228 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.21 > 79.140.176.88.50876: Flags [P.], seq 45:302, ack 1, win 64240, length 257: FTP: 220-Willkommen auf dem FTP-Server der Firma XXX

11:06:14.131319 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 45:302, ack 1, win 64240, length 257: FTP: 220-Willkommen auf dem FTP-Server der Firma XXX

11:06:14.131321 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 45:302, ack 1, win 64240, length 257: FTP: 220-Willkommen auf dem FTP-Server der XXX

11:06:23.211519 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.21 > 79.140.176.88.50876: Flags [P.], seq 302:338, ack 16, win 64225, length 36: FTP: 331 User name okay, need password.

11:06:23.211639 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 302:338, ack 16, win 64225, length 36: FTP: 331 User name okay, need password.

11:06:23.211641 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 302:338, ack 16, win 64225, length 36: FTP: 331 User name okay, need password.

11:06:26.167691 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.21 > 79.140.176.88.50876: Flags [P.], seq 338:368, ack 30, win 64211, length 30: FTP: 230 User logged in, proceed.

11:06:26.167699 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 338:368, ack 30, win 64211, length 30: FTP: 230 User logged in, proceed.

11:06:26.167700 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 338:368, ack 30, win 64211, length 30: FTP: 230 User logged in, proceed.

11:06:28.026561 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.21 > 79.140.176.88.50876: Flags [P.], seq 368:398, ack 58, win 64183, length 30: FTP: 200 PORT Command successful.

11:06:28.026589 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 368:398, ack 58, win 64183, length 30: FTP: 200 PORT Command successful.

11:06:28.026590 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 368:398, ack 58, win 64183, length 30: FTP: 200 PORT Command successful.

11:06:28.048624 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.20 > 79.140.176.88.50901: Flags [S], seq 2719085259, win 64240, options [mss 1452,nop,nop,sackOK], length 0

11:06:28.048788 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.20 > 192.168.2.XXX.50901: Flags [S], seq 2719085259, win 64240, options [mss 1452,nop,nop,sackOK], length 0

11:06:28.048790 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.20 > 192.168.2.XXX.50901: Flags [S], seq 2719085259, win 64240, options [mss 1452,nop,nop,sackOK], length 0

11:06:28.048859 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.21 > 79.140.176.88.50876: Flags [P.], seq 398:451, ack 64, win 64177, length 53: FTP: 150 Opening ASCII mode data connection for /bin/ls.

11:06:28.048865 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 398:451, ack 64, win 64177, length 53: FTP: 150 Opening ASCII mode data connection for /bin/ls.

11:06:28.048866 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 398:451, ack 64, win 64177, length 53: FTP: 150 Opening ASCII mode data connection for /bin/ls.

11:06:31.016389 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.20 > 79.140.176.88.50901: Flags [S], seq 2719085259, win 64240, options [mss 1452,nop,nop,sackOK], length 0

11:06:31.016475 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.20 > 192.168.2.XXX.50901: Flags [S], seq 2719085259, win 64240, options [mss 1452,nop,nop,sackOK], length 0

11:06:31.016477 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.20 > 192.168.2.XXX.50901: Flags [S], seq 2719085259, win 64240, options [mss 1452,nop,nop,sackOK], length 0

11:06:37.050632 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.20 > 79.140.176.88.50901: Flags [S], seq 2719085259, win 64240, options [mss 1452,nop,nop,sackOK], length 0

11:06:37.050734 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.20 > 192.168.2.XXX.50901: Flags [S], seq 2719085259, win 64240, options [mss 1452,nop,nop,sackOK], length 0

11:06:37.050736 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.20 > 192.168.2.XXX.50901: Flags [S], seq 2719085259, win 64240, options [mss 1452,nop,nop,sackOK], length 0

11:06:49.021079 PortE6_ppp, IN: IP 213.XXX.XXX.XXX.21 > 79.140.176.88.50876: Flags [P.], seq 451:498, ack 64, win 64177, length 47: FTP: 426 Data connection closed, transfer aborted.

11:06:49.021093 LAG1VLAN.101, OUT: IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 451:498, ack 64, win 64177, length 47: FTP: 426 Data connection closed, transfer aborted.

11:06:49.021095 LAG1VLAN, OUT: ethertype IPv4, IP 213.XXX.XXX.XXX.21 > 192.168.2.XXX.50876: Flags [P.], seq 451:498, ack 64, win 64177, length 47: FTP: 426 Data connection closed, transfer aborted.

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 4 years ago

Is this Passiv FTP or active FTP?

Looks like passive FTP. So the connection will be opened up on another port. This is missing on this tcpdump.

Check out the Documentation for FTP. https://en.wikipedia.org/wiki/List_of_FTP_commands

You are calling "PORT" and getting the new connection. So your Client will connect to this port with a new connection. Likely this does not work.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LuCar Toni over 4 years ago

Is this Passiv FTP or active FTP?

Looks like passive FTP. So the connection will be opened up on another port. This is missing on this tcpdump.

Check out the Documentation for FTP. https://en.wikipedia.org/wiki/List_of_FTP_commands

You are calling "PORT" and getting the new connection. So your Client will connect to this port with a new connection. Likely this does not work.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data