1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042 - FTP Non-Standard Points - No Transaltion

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by o2manyfish, May 16, 2007.

  1. o2manyfish

    o2manyfish LI Guru Member

    I have a RV042 with the most recent firmware.

    I have a Windows 2003 Server, running IIS.

    Prior to my W2k3 server being behind the RV042, from IIS 6.0 I could create FTP sites with different ports just by clickin in IIS 6.0

    So now I have my RV042 configured. I have 4 static IP's.

    I am using NAT to convert WAN IP x.x.x.108 to LAN IP X.X.X.36. My inhouse subnet is 198.198.10.x

    So now I create my first FTP Server on non-standard port (5111).

    From my LAN I can connect to the FTP on 5111 without problem.

    When connecting from the WAN via port 21 - a connections is established: (FTP Log)
    Connecting to 74.x.x.108:21
    Connected to 74.x.x.108:21 in 0.030036 seconds, Waiting for Server Response
    220-Microsoft FTP Service
    220 This is Basic at Port 21
    Host type (1): Automatic Detect
    USER Dave
    331 Password required for Dave.
    PASS (hidden)
    230-Welcome to FTP on 21
    230 User Dave logged in.
    SYST
    215 Windows_NT
    Host type (2): Microsoft NT
    Sending "FEAT" command to determine what features this server supports.
    FEAT
    211-FEAT
    SIZE
    MDTM
    211 END
    Finished interpreting "FEAT" response.
    Sending the FEAT command is optional. You can disable it in the site options of the profile.
    PWD
    257 "/" is current directory.
    TYPE A
    200 Type set to A.
    PASV
    227 Entering Passive Mode (74,x.x,108,7,16).
    connecting data channel to 74.x.x.108:7,16(1808)
    data channel connected to 74.x.x.108:7,16(1808)
    LIST
    125 Data connection already open; Transfer starting.
    # transferred 58 bytes in < 0.001 seconds, 453.125 Kbps ( 56.641 Kbps), transfer succeeded.
    226 Transfer complete.


    Okay - So from the WAN the FTP server responds with passive mode and the correct WAN IP Server/ports...


    Now when connecting via WAN to FTP on Port 5111:

    Connecting to 74.x,x.108:5111
    Connected to 74.x.x.108:5111 in 0.000000 seconds, Waiting for Server Response
    220-Microsoft FTP Service
    220 Hit Port 5111
    Host type (1): Automatic Detect
    USER Dave
    331 Password required for Dave.
    PASS (hidden)
    230-Hitting Port 5111
    230 User Dave logged in.
    SYST
    215 Windows_NT
    Host type (2): Microsoft NT
    Sending "FEAT" command to determine what features this server supports.
    FEAT
    211-FEAT
    SIZE
    MDTM
    211 END
    Finished interpreting "FEAT" response.
    Sending the FEAT command is optional. You can disable it in the site options of the profile.
    PWD
    257 "/" is current directory.
    TYPE A
    200 Type set to A.
    PASV
    227 Entering Passive Mode (198,198,10,36,7,17).
    connecting data channel to 198.198.10.36:7,17(1809)
    data channel connected to 198.198.10.36:7,17(1809)
    LIST
    426 Connection closed; transfer aborted.
    [2007.05.16 02:32:05.015] CDUP
    [2007.05.16 02:32:05.015] It appears that the connection is dead. Attempting reconnect


    So now the Client connects via 5111 - The server responds, sends the welcome message, then a password handshake.

    But then the client attempts to connect using the LAN IP of the server !!!

    So why is the RV042 not NAT routing the connection for FTP correctly other than on Port 21 ?

    Thoughts ?

    Thanks

    Dave
     
  2. ifican

    ifican Network Guru Member

    Thats a very good question, the only guess i have at the moment is to change your lan ip range to an actual NAT range. Perhaps the coding of the router is such that it is not nat'ing or not nat'ing correctly because of your lan range. In the mean time ill see if i can come up with something else.
     
  3. o2manyfish

    o2manyfish LI Guru Member

    NAt'ing

    Ifican,

    What do you mean by changing my LAN and NAT ?

    Thanks

    Dave
     
  4. ifican

    ifican Network Guru Member

    Your using a non standard internal nat ip range 198.198.x.x, this particular ip range is actually routeable on the internet. ISP routers know where it lives and how to get there. Im am just curious is for some reason your router is doing something goofy because your lan ip range is not RFC Nat compliant. Maybe something is the code is telling it to handle that traffic differently, that i do not know because i have not run any network that uses non compliant internal ip space. Its just a thought, and after doing some preliminary checking i havent found anything yet on this issue.
     
  5. o2manyfish

    o2manyfish LI Guru Member

    RFC Nat

    Ifican,

    I started working on your RFC Nat theory. However, I realized that currently the port 21 for FTP is working using my non-standard subnet - the router changes the IP's for port 21.

    In addition the router is routing traffic properly for 3 webcams from the internet - each cam is PTZ so it sends traffic on multiple ports.


    I will be able to confirm tonight that the subnet is not the issue, so please keep looking for another option.

    Thanks for the possible solutions so far.

    Dave B
     
  6. o2manyfish

    o2manyfish LI Guru Member

    Not Subnet

    It wasn't the subnet settings.

    I set everything to a standard 192.168... format -- Did not solve the problem.



    Anyone else have any ideas ?


    Dave
     
  7. d__l

    d__l Network Guru Member

    FTP uses two TCP connections, one for control and one for data. The default control connection is TCP Port 21 and the default data connection is Port 20.

    I don't think you were able to complete a data connection so the FTP failed.
     
  8. o2manyfish

    o2manyfish LI Guru Member

    When using port 21 -- The data connection data sent to the client unit is a WAN IP address and port number.


    When using a port other than 21 the data connection data sent to the client is a LAN IP address -- (See data pasted in first post).

    So the data connection is not connecting because the client cannot to a LAN address.

    So why is this data not coming back correctly for non-21 ports ?


    Dave
     
  9. ifican

    ifican Network Guru Member

    I know it didnt make much sense about NAT being an issue but you never know when it comes to how the router code handles the NAT. And by default ftp uses port 20 and 21, if you set it to passive ftp it will only use 21 or whatever port you specify. There are 2 possible issues here, isp is not letting traffic on that port through, i dont think this is the issue. Or your router is not forwarding correctly (i think this is it). The only way to test however is to get a known good working device and test it in your setup. Also how are you testing from the wan side? What happens if you test from some other location? What happens if you reboot the router and then try 5111 first before trying 21?
     
  10. o2manyfish

    o2manyfish LI Guru Member

    Ifican,

    I don't think my ISP is the issue:
    a) ports 21/20 work no problem from WAN and LAN
    b) Right now I am testing with port 5111 - I have tried about 10 other port numbers without an issue.
    b2) Using PortQuery - When I query the WAN IP using Port 5111 - I get "listening" ---- ***--- However, kind of interesting - when I test the Port 21 I get a response back saying FTP and Microsoft. On any other Port # -- ex 5111 - when using Port Query on my LAN - It just says listening - The PortQuery does not get an FTP response. But using port 5111 on the LAN I can connected and FTP no problem.

    As for my testing methods - I use FTP_Pro and Opus Directory FTP. I just switch the IP's.

    I have also logged onto a neighbors WLAN and then tried to ping, query, and then FTP connect and I get the same results.



    Something that just came to mind while entering all this. The IT guy who setup my HTTPS Exchanger Server access, configured my Exchange Server to also be my primary DNS server. Is there anything on the DNS server for FTP entries ? I am connecting using IP address, not domain names.


    Thanks again for the different ideas for solutions.

    Dave
     
  11. heidnerd

    heidnerd LI Guru Member

    Check with your IT person, it would not be Exchange, or DNS, but probably IAS (Microsoft's Internet Acceleration Service ... aka proxy server). It may be that IAS is filtering out and preventing the ftp traffic.
     
  12. o2manyfish

    o2manyfish LI Guru Member

    IT Person

    Heid,

    I am not running IAS -- I am the IT person. But I didn't know anything about HTTPS and certificates. So I brought someone in for that portion of the network.

    I don't think it is something on the Server Box, because all the different ports I have tried all work when the client is on the lan. If the server was filtering, it would block port 5111 on the lan side as well as the wan.

    Its' only when the client goes to the WAN and the port is something other than 21.

    Which leads me to believe its and issue with the RV042.

    One of the important things to me, is that when the Client first connects via the WAN - It shows a connection.

    The FTP shows that a session has started, and actually keeps the session open.

    So the first client connection from the WAN - The Data gets to the server, the server acknowledges, opens a connection on the incoming IP and Port and then tells the client to connect using a LAN IP ( NOT A WAN IP ). --- Its this part of connecting that the Router is not translating.

    Dave B
     
  13. d__l

    d__l Network Guru Member

Share This Page