This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems setting up Passive FTP...

Raiden is running on a win2k box with IIS.  I can't seem to get pasv to work.  When my client logins it says entering Passv and then hangs.  You can't do a directory listing or send file.

thanks for your help!

Firewall: ASL 4.0.07
FTP Software: RaidenFTP

RaidenFTP Info
Source Port: 7200
Use data port range: 1501-1600

ASL Info
networks Defined:
Private Web Server: 192.168.10.3
WAN_Interface__:  IP From Cable Modem

Services Defined:
FTP-Control     tcp       sport: 1024:65535       dport: 7200
FTP-Data     tcp       sport: 1024:65535       dport: 1501:1600

DNAT Rules:
Private Web Server FTP-Control   Any -> WAN_Interface__ / FTP-Control   None   Private_Web_Server
Private Web Server FTP-Data   Any -> Private_Web_Server / FTP-Data   None   Private_Web_Server

Packet Filter Rules:
From: Any        Service: FTP-Control          To: Private_Web_Server         Action: Allow
From: Any        Service: FTP-Data          To: Private_Web_Server         Action: Allow

Raiden Log file:
66.192.x.x ftpusername default 2003/11/21:11:30:07 l "succeeded"
66.192.x.x ftpusername default 2003/11/21:11:30:23 e "PASV accept failed (15 seconds timeout), no one connects to me at ip:66,57,18,222 port:1502"
66.192.x.x ftpusername default 2003/11/21:11:31:42 l "succeeded"
66.192.x.x ftpusername default 2003/11/21:11:31:58 e "PASV accept failed (15 seconds timeout), no one connects to me at ip:66,57,18,222 port:1502"
66.192.x.x ftpusername default 2003/11/21:11:37:43 l "succeeded"
66.192.x.x ftpusername default 2003/11/21:11:37:59 e "PASV accept failed (15 seconds timeout), no one connects to me at ip:66,57,18,222 port:1502"
66.192.x.x ftpusername default 2003/11/21:11:40:17 l "succeeded"
66.192.x.x ftpusername default 2003/11/21:11:40:34 e "PASV accept failed (15 seconds timeout), no one connects to me at ip:66,57,18,222 port:1502"
127.0.0.1 ftpusername default 2003/11/21:11:42:04 l "succeeded"
66.192.x.x ftpusername default 2003/11/21:11:49:23 l "succeeded"
66.192.x.x ftpusername default 2003/11/21:11:49:39 e "PASV accept failed (15 seconds timeout), no one connects to me at ip:66,57,18,222 port:1502"

ASL Filter LiveLog:

11:40:18 66.193.218.253 54976  ->  66.57.18.222 1502 TCP SYN
11:42:44 66.193.218.253 56417  ->  66.57.18.222 1502 TCP SYN
11:42:47 66.193.218.253 56417  ->  66.57.18.222 1502 TCP SYN
11:42:53 66.193.218.253 56417  ->  66.57.18.222 1502 TCP SYN

ASL Filter Log file:
Nov 21 11:40:09 (none) kernel: TCP Drop: IN=eth4 OUT=  SRC=66.192.x.x DST=66.57.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=31319 DF PROTO=TCP SPT=54976 DPT=1502 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 21 11:40:12 (none) kernel: TCP Drop: IN=eth4 OUT=  SRC=66.192.x.x DST=66.57.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=31334 DF PROTO=TCP SPT=54976 DPT=1502 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 21 11:40:18 (none) kernel: TCP Drop: IN=eth4 OUT=  SRC=66.192.x.x DST=66.57.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=31397 DF PROTO=TCP SPT=54976 DPT=1502 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 21 11:42:44 (none) kernel: TCP Drop: IN=eth4 OUT=  SRC=66.192.x.x DST=66.57.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=32344 DF PROTO=TCP SPT=56417 DPT=1502 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 21 11:42:47 (none) kernel: TCP Drop: IN=eth4 OUT=  SRC=66.192.x.x DST=66.57.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=32370 DF PROTO=TCP SPT=56417 DPT=1502 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 21 11:42:53 (none) kernel: TCP Drop: IN=eth4 OUT=  SRC=66.192.x.x DST=66.57.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=32420 DF PROTO=TCP SPT=56417 DPT=1502 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 21 11:51:49 (none) kernel: TCP Drop: IN=eth4 OUT=  SRC=66.192.x.x DST=66.57.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=33933 DF PROTO=TCP SPT=60742 DPT=1502 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 21 11:51:52 (none) kernel: TCP Drop: IN=eth4 OUT=  SRC=66.192.x.x DST=66.57.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=33936 DF PROTO=TCP SPT=60742 DPT=1502 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 21 11:51:58 (none) kernel: TCP Drop: IN=eth4 OUT=  SRC=66.192.x.x DST=66.57.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=33937 DF PROTO=TCP SPT=60742 DPT=1502 WINDOW=64240 RES=0x00 SYN URGP=0

Things I've done to try to fix it:

Obviously the packets are getting dropped.  I'm not sure why.  I have tried turning on a rule at the top of my rules list that says any any any allow.  This didn't make any difference.

Entire list of packet filter rules:
  2  Wireless_Network PPTP WDMZ_Interface__ Allow
  3  Wireless_Network { netbios } WDMZ_Interface__ Drop
  4  Wireless_Network Any Any Drop
  5  Any ping-request WAN_Interface__ Drop
  6  { Private_Networks_-_RFC1918 } Any WAN_Interface__ Drop
  7  Any Any Internet_Broadcast Drop
  8  Any Any WAN_Broadcast__ Drop
  9  Any Any DMZ_Broadcast__ Drop
  10  Any Any WDMZ_Broadcast__ Drop
  11  Any Any LAN_Broadcast__ Drop
  12  Any SMTP Private_Mail_Server Allow
  13  Any IMAP Private_Mail_Server Allow
  14  Any POP3 Private_Mail_Server Allow
  15  Any Microsoft - TS Private_Web_Server Allow
  16  Any HTTP Private_Web_Server Allow
  17  Any HTTPS Private_Mail_Server Allow
  18  Any HTTP Proxy WAN_Interface__ Allow
  19  Private_Mail_Server DNS Any Allow
  20  Private_Mail_Server SMTP Any Allow
  21  Private_Web_Server DNS Any Allow
  22  Private_Web_Server HTTP Any Allow
  23  Any FTP-Control Private_Web_Server Allow
  24  Any FTP-Data Private_Web_Server Allow
  25  LAN_Network__ Any Any Allow
  26  Any Any Any Log Drop

This thread was automatically locked due to age.

Parents

0 AJo over 21 years ago

Just noticed something....
[ QUOTE ]

DNAT Rules:
Private Web Server FTP-Control Any -> WAN_Interface__ / FTP-Control None Private_Web_Server
Private Web Server FTP-Data Any -> Private_Web_Server / FTP-Data None Private_Web_Server

[/ QUOTE ]
Looks a bit odd... shouldnt it be:

Private Web Server FTP-Data Any -> WAN_Interface__ / FTP-Data None Private_Web_Server
Cancel
Vote Up 0 Vote Down

Cancel
0 uncue75 over 21 years ago in reply to AJo

I opened my DNAT rules and didn't see that. so I must have already fixed it after posting the first message.

You aren't going to believe what the problem was. I registerd the software before I even installed it. They want you to submit a generated machine machine code used to make your registration keys. I didn't want to do that until I got everything working so why wouldn't try to say I had it installed to two boxes at the same time. Long story short. I did it anyway and after registering the software it started working. Seems like the fully functional trial version is not the case.

thanks for all your help!
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 uncue75 over 21 years ago in reply to AJo

I opened my DNAT rules and didn't see that. so I must have already fixed it after posting the first message.

You aren't going to believe what the problem was. I registerd the software before I even installed it. They want you to submit a generated machine machine code used to make your registration keys. I didn't want to do that until I got everything working so why wouldn't try to say I had it installed to two boxes at the same time. Long story short. I did it anyway and after registering the software it started working. Seems like the fully functional trial version is not the case.

thanks for all your help!
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 AJo over 21 years ago in reply to uncue75
Cancel
Vote Up 0 Vote Down

Cancel
0 uncue75 over 21 years ago in reply to AJo

You know I've been thinking about this and it still doesn't make sense. the firewall log shows packets being dropped. which means the packets weren't even getting to the ftp software, so registering it shouldn't make a difference.

I'm going to relook over all my rules and I'll post what I find out.
Cancel
Vote Up 0 Vote Down

Cancel