If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Windows XP FTP Server time out errors with FTP clients
I am a network administrator & computer consultant and my background
on this topic is good. I was runing serv-u FTP server on windows 2000 behind a linksys router for years without any problems. Just upgraded to Windows XP Pro. FTP server will not work with certain FTP clients mainly internet explorer's FTP client. I have made sure it is not windows xp firewall, i have set it up correctly. I have even disabled windows xp firewall. The problem is not with my linksys router, this has worked for years, a simple port forwarding to my computer's IP has alredy been setup. I changed my ftp server thinking it was incompatible with windows XP, downloaded cerberus ftp server, same problem. I think it is something with windows xp and possible SP2, maybe something with the damn winsock.dll who knows? I have tried multiple ftp server with no luck, my linksys router is setup correctly, windows firewall is not the issue. My FTP server shows a connection from the client but when they run a dir or any ftp command the connection times out (and yes the timeout on my ftp server is set to 100 seconds, more than enough time) The only thing i ccan not rule out is the change from windows 2000 to windows xp pro sp2. One more thing i noticed also is when i turn off "passive mode support" in internet explorer advanced options that it seems to work then. I assume internet explorer would try to directly connect to my ftp server first then use passive mode. a direct connection will work because i have port 21 forwarded directly to my ftp server computer inside my network, this has worked for years before the upgrade to windows xp. If anyone knows of any information that would help, i'd really appreciate it. I have read of others having this or very similar FTP problems as well. thanx |
Ads |
#2
|
|||
|
|||
Windows XP FTP Server time out errors with FTP clients
"Dillboi" wrote in message
om... I am a network administrator & computer consultant and my background on this topic is good. I was runing serv-u FTP server on windows 2000 behind a linksys router for years without any problems. Just upgraded to Windows XP Pro. FTP server will not work with certain FTP clients mainly internet explorer's FTP client. I have made sure it is not windows xp firewall, i have set it up correctly. I have even disabled windows xp firewall. The problem is not with my linksys router, this has worked for years, a simple port forwarding to my computer's IP has alredy been setup. I changed my ftp server thinking it was incompatible with windows XP, downloaded cerberus ftp server, same problem. I think it is something with windows xp and possible SP2, maybe something with the damn winsock.dll who knows? I have tried multiple ftp server with no luck, my linksys router is setup correctly, windows firewall is not the issue. My FTP server shows a connection from the client but when they run a dir or any ftp command the connection times out (and yes the timeout on my ftp server is set to 100 seconds, more than enough time) The only thing i ccan not rule out is the change from windows 2000 to windows xp pro sp2. One more thing i noticed also is when i turn off "passive mode support" in internet explorer advanced options that it seems to work then. I assume internet explorer would try to directly connect to my ftp server first then use passive mode. a direct connection will work because i have port 21 forwarded directly to my ftp server computer inside my network, this has worked for years before the upgrade to windows xp. If anyone knows of any information that would help, i'd really appreciate it. I have read of others having this or very similar FTP problems as well. thanx Can I attempt to summarise: 1) You have an FTP server behind a NAT router; 2) The router has port 21 forwarded to the FTP server; 3) From external IP addresses, Active mode connections work; 4) From external IP addresses, Passive mode connections fail. You see the control connection working, but the data connection is not established. To be honest, this is exactly what I'd expect. Try active and passive mode connections to the server from a machine on your local LAN ( ie not coming in through the router. ) Then make the same tests from an external machine. I'd expect both modes to work locally, but PASV to fail from an external machine. And both may fail from an external machine if it's also behind NAT. Depends on the cleverness of the NAT to make special provision for FTP. First, let's get on to the same page about how Active and Passive FTP work: http://slacksite.com/other/ftp.html http://www.ncftpd.com/ncftpd/doc/mis...firewalls.html Quick summary: FTP uses 2 connections: Control and Data. Control always comes from clientIP:ephemeral to serverIP:21. Data depends on Active /Passive mode. Client requests either active (PORT) or passive (PASV). Active: After initial control connection to server port 21, Client opens ephemeral port, and tells server to connect to it. Server connects from serverIP:20 - clientIP:ephemeral Passive: After initial control connection to server port 21, Server opens ephemeral port, and tells client to connect to it. Client connects from ClientIP:ephemeral - ServerIP: ephemeral Now, here's what's happening in your situation, With server-side NAT ( which you have ). Active mode: Client connects to your external IP:21. This is explicitly forwarded to the FTP server:21. The control connection is established OK. Client requests PORT mode. Client opens ephemeral port, and tells server to connect to it. Server connects from serverIP:20 - clientIP:ephemeral. This is an outbound connection throuth your NAT, and so it works OK. Passive Mode: Client connects to your external IP:21. This is explicitly forwarded to the FTP server:21. The control connection is established OK. Client requests PASV. Server replies with IP:RandomPort to connect to. Client will attempt to connect to the IP:Port the server specified. 2 problems he 1) The server will tell the client the wrong IP address. The server sees itself as 192.168.0.10 or whatever. It has no knowledge of the external IP, and so the client attempts to connect to a non-routable IP. 2) The server has opened a random port and asked the client to connect. The NAT device knows nothing of this, and will see the incoming connection from the client as unsolicited, and drop the packet. You need to overcome these 2 fundamental problems to allow Passive FTP to a server behind NAT. To solve (1), Sometimes, an FTP server will have options to manually specify an external IP. Sometimes, the NAT is clever enough to recognise the FTP session, and actually edit the contents of the packet and insert the correct external IP address. If neither of these can be done, then it's not going to work. To solve (2), If the NAT is clever enough to handle (1), it may also open up a temporary port-forwarding on-the-fly to accomodate (2). If it isn't, then you can restrict the Passive Port Range on the server to a couple of hundred ports, then on the NAT router, explicitly forward that port range to the FTP server. So what to do? Well, working on the basis that by rights it shouldn't work, you need to discover what magic made it work before. Try bringing a win2k box back and sniff the traffic using ethereal or similar at both the client and server sides. Look at the reply to the PASV command as sent by the server, and as recieved by the client. This will determine what NAT editing the Linksys box is doing to make special provision for FTP servers. ( which it may be. ) Then make the same test on your XP based FTP server. Take it from there. -- Best Regards, Ron Lowe MS-MVP Windows Networking |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Pop Up Ad Help | Dragon | Windows XP Help and Support | 9 | November 21st 05 06:15 PM |
which security updates should be kept, which can be deleted? | Stan Hill | General XP issues or comments | 5 | January 8th 05 12:49 PM |
SP2 slows down surfing | snappydragon | Windows Service Pack 2 | 4 | December 4th 04 02:29 AM |
HELP!! - Can I reload Windows XP??? | SuZ | New Users to Windows XP | 5 | November 3rd 04 06:35 PM |
WUP fials to update XP HighMAT | David Beardmore | The Basics | 0 | July 31st 04 05:22 PM |