Re: Problems with PASV ftp

[Herouth Maoz]

First, thanks for all the suggestions

At 08:12 +0300 on 23/6/2003, Oron Peled wrote:
�
��No, the external interface should not have an IP! (it is documented
��somewhere, forgot where). I have the same setup with the same ISP
��and modem (The following is from RedHat):
Oh, I wished that this would be the solution - I got a similar
suggestion from someone in Mandrake Club - but it isn't. I set eth1
without an IP and a mask. As before, the network works fine, I can do
everything except passive FTP.
So, I am doing a tcpdump session, as per a couple of suggestions.
First, down with the firewall, just to be sure. Result of iptables -L
-v is:
Chain INPUT (policy ACCEPT 32 packets, 2091 bytes)
�pkts bytes target���� prot opt in���� out���� source��������������
destination��������
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
�pkts bytes target���� prot opt in���� out���� source��������������
destination��������
Chain OUTPUT (policy ACCEPT 19 packets, 1922 bytes)
�pkts bytes target���� prot opt in���� out���� source��������������
destination��������
So, indeed, no firewall. Now to the tcpdump. My comments marked with "***"

����My command line is: tcpdump -i ppp0 -v host ftp.iglu.org.il ***

tcpdump: listening on ppp0

����Log into ftp ***

21:12:35.324091�192.115.21.202.32788���192.117.122.34.ftp: S [tcp sum
ok] 2219693117:2219693117(0) win 5808 <mss 1452,sackOK,timestamp
208203 0,nop,wscale 0> (DF) (ttl 64, id 63862, len 60)
21:12:35.346709 192.117.122.34.ftp > 192.115.21.202.32788: S [tcp sum
ok] 2070393294:2070393294(0) ack 2219693118 win 31064 <mss
1412,sackOK,timestamp 196932324 208203,nop,wscale 0> (DF) (ttl 63, id
61790, len 60)
21:12:35.346877�192.115.21.202.32788���192.117.122.34.ftp: . [tcp sum
ok] ack 1 win 5808 <nop,nop,timestamp 208206 196932324> (DF) (ttl 64,
id 63863, len 52)
21:12:35.385146�192.117.122.34.11102���192.115.21.202.auth: S [tcp
sum ok] 2056825834:2056825834(0) win 32120 <mss 1412,sackOK,timestamp
196932326 0,nop,wscale 0> (DF) (ttl 63, id 61793, len 60)
21:12:35.385359 192.115.21.202.auth > 192.117.122.34.11102: R [tcp
sum ok] 0:0(0) ack 2056825835 win 0 (DF) (ttl 64, id 0, len 40)
21:12:35.411587 192.117.122.34.ftp > 192.115.21.202.32788: P 1:42(41)
ack 1 win 32200 <nop,nop,timestamp 196932330 208206> (DF) (ttl 63, id
61806, len 93)
21:12:35.414676�192.115.21.202.32788���192.117.122.34.ftp: . [tcp sum
ok] ack 42 win 5808 <nop,nop,timestamp 208212 196932330> (DF) [tos
0x10]� (ttl 64, id 63864, len 52)
21:12:35.417220�192.115.21.202.32788���192.117.122.34.ftp: P [tcp sum
ok] 1:14(13) ack 42 win 5808 <nop,nop,timestamp 208213 196932330>
(DF) [tos 0x10]� (ttl 64, id 63865, len 65)
21:12:35.479203 192.117.122.34.ftp > 192.115.21.202.32788: . [tcp sum
ok] ack 14 win 32187 <nop,nop,timestamp 196932334 208213> (DF) (ttl
63, id 61815, len 52)
21:12:35.479365 192.117.122.34.ftp > 192.115.21.202.32788: P [tcp sum
ok] 42:68(26) ack 14 win 32200 <nop,nop,timestamp 196932334 208213>
(DF) (ttl 63, id 61816, len 78)
21:12:35.482968�192.115.21.202.32788���192.117.122.34.ftp: P [tcp sum
ok] 14:32(18) ack 68 win 5808 <nop,nop,timestamp 208219 196932334>
(DF) [tos 0x10]� (ttl 64, id 63866, len 70)
21:12:35.513127 192.117.122.34.ftp > 192.115.21.202.32788: P [tcp sum
ok] 68:94(26) ack 32 win 32200 <nop,nop,timestamp 196932340 208219>
(DF) (ttl 63, id 61826, len 78)
21:12:35.585025�192.115.21.202.32788���192.117.122.34.ftp: . [tcp sum
ok] ack 94 win 5808 <nop,nop,timestamp 208230 196932340> (DF) [tos
0x10]� (ttl 64, id 63867, len 52)
21:12:38.558506�192.115.21.202.32788���192.117.122.34.ftp: P [tcp sum
ok] 32:48(16) ack 94 win 5808 <nop,nop,timestamp 208527 196932340>
(DF) [tos 0x10]� (ttl 64, id 63868, len 68)
21:12:38.622549 192.117.122.34.ftp > 192.115.21.202.32788: P
94:170(76) ack 48 win 32200 <nop,nop,timestamp 196932648 208527> (DF)
(ttl 63, id 62565, len 128)
21:12:38.623634�192.115.21.202.32788���192.117.122.34.ftp: . [tcp sum
ok] ack 170 win 5808 <nop,nop,timestamp 208533 196932648> (DF) [tos
0x10]� (ttl 64, id 63869, len 52)
21:12:54.140781�192.115.21.202.32788���192.117.122.34.ftp: P [tcp sum
ok] 48:62(14) ack 170 win 5808 <nop,nop,timestamp 210085 196932648>
(DF) [tos 0x10]� (ttl 64, id 63870, len 66)
21:12:54.202643 192.117.122.34.ftp > 192.115.21.202.32788: P
170:221(51) ack 62 win 32200 <nop,nop,timestamp 196934206 210085>
(DF) (ttl 63, id 710, len 103)
21:12:54.203139�192.115.21.202.32788���192.117.122.34.ftp: . [tcp sum
ok] ack 221 win 5808 <nop,nop,timestamp 210091 196934206> (DF) [tos
0x10]� (ttl 64, id 63871, len 52)
21:12:54.203457�192.115.21.202.32788���192.117.122.34.ftp: P [tcp sum
ok] 62:68(6) ack 221 win 5808 <nop,nop,timestamp 210091 196934206>
(DF) [tos 0x10]� (ttl 64, id 63872, len 58)
21:12:54.262292 192.117.122.34.ftp > 192.115.21.202.32788: P [tcp sum
ok] 221:240(19) ack 68 win 32200 <nop,nop,timestamp 196934213 210091>
(DF) (ttl 63, id 730, len 71)
21:12:54.295026�192.115.21.202.32788���192.117.122.34.ftp: . [tcp sum
ok] ack 240 win 5808 <nop,nop,timestamp 210101 196934213> (DF) [tos
0x10]� (ttl 64, id 63873, len 52)
����cd to pub ***

21:13:23.736606�192.115.21.202.32788���192.117.122.34.ftp: P [tcp sum
ok] 68:77(9) ack 240 win 5808 <nop,nop,timestamp 213045 196934213>
(DF) [tos 0x10]� (ttl 64, id 63874, len 61)
21:13:23.765942 192.117.122.34.ftp > 192.115.21.202.32788: P
240:269(29) ack 77 win 32200 <nop,nop,timestamp 196937165 213045>
(DF) (ttl 63, id 7759, len 81)
21:13:23.766438�192.115.21.202.32788���192.117.122.34.ftp: . [tcp sum
ok] ack 269 win 5808 <nop,nop,timestamp 213048 196937165> (DF) [tos
0x10]� (ttl 64, id 63875, len 52)
����ls (this is done in passive mode) ***

21:14:04.553080�192.115.21.202.32788���192.117.122.34.ftp: P [tcp sum
ok] 77:83(6) ack 269 win 5808 <nop,nop,timestamp 217126 196937165>
(DF) [tos 0x10]� (ttl 64, id 63876, len 58)
21:14:04.585140 192.117.122.34.ftp > 192.115.21.202.32788: P
269:320(51) ack 83 win 32200 <nop,nop,timestamp 196941247 217126>
(DF) (ttl 63, id 17694, len 103)
21:14:04.585726�192.115.21.202.32788���192.117.122.34.ftp: . [tcp sum
ok] ack 320 win 5808 <nop,nop,timestamp 217130 196941247> (DF) [tos
0x10]� (ttl 64, id 63877, len 52)
21:14:04.586403�192.115.21.202.32789���192.117.122.34.0��S [tcp sum
ok] 2313886043:2313886043(0) win 5808 <mss 1452,sackOK,timestamp
217130 0,nop,wscale 0> (DF) (ttl 64, id 1880, len 60)
21:14:07.585072�192.115.21.202.32789���192.117.122.34.0��S [tcp sum
ok] 2313886043:2313886043(0) win 5808 <mss 1452,sackOK,timestamp
217430 0,nop,wscale 0> (DF) (ttl 64, id 18802, len 60)
21:14:13.585048�192.115.21.202.32789���192.117.122.34.0��S [tcp sum
ok] 2313886043:2313886043(0) win 5808 <mss 1452,sackOK,timestamp
218030 0,nop,wscale 0> (DF) (ttl 64, id 18803, len 60)
21:14:25.585054�192.115.21.202.32789���192.117.122.34.0��S [tcp sum
ok] 2313886043:2313886043(0) win 5808 <mss 1452,sackOK,timestamp
219230 0,nop,wscale 0> (DF) (ttl 64, id 18804, len 60)
21:14:49.585034�192.115.21.202.32789���192.117.122.34.0��S [tcp sum
ok] 2313886043:2313886043(0) win 5808 <mss 1452,sackOK,timestamp
221630 0,nop,wscale 0> (DF) (ttl 64, id 18805, len 60)
����long pause. after a while ***

21:15:37.585081�192.115.21.202.32789���192.117.122.34.0��S [tcp sum
ok] 2313886043:2313886043(0) win 5808 <mss 1452,sackOK,timestamp
226430 0,nop,wscale 0> (DF) (ttl 64, id 18806, len 60)
����FTP times out. I logout from ftp ***

21:18:29.555344�192.115.21.202.32788���192.117.122.34.ftp: P [tcp sum
ok] 83:89(6) ack 320 win 5808 <nop,nop,timestamp 243627 196941247>
(DF) [tos 0x10]� (ttl 64, id 63878, len 58)
21:18:29.581484 192.117.122.34.ftp > 192.115.21.202.32788: P [tcp sum
ok] 320:334(14) ack 89 win 32200 <nop,nop,timestamp 196967746 243627>
(DF) (ttl 63, id 16858, len 66)
21:18:29.581632 192.117.122.34.ftp > 192.115.21.202.32788: F [tcp sum
ok] 334:334(0) ack 89 win 32200 <nop,nop,timestamp 196967746 243627>
(DF) (ttl 63, id 16859, len 52)
21:18:29.581969�192.115.21.202.32788���192.117.122.34.ftp: . [tcp sum
ok] ack 334 win 5808 <nop,nop,timestamp 243629 196967746> (DF) [tos
0x10]� (ttl 64, id 63879, len 52)
21:18:29.582222�192.115.21.202.32788���192.117.122.34.ftp: F [tcp sum
ok] 89:89(0) ack 335 win 5808 <nop,nop,timestamp 243629 196967746>
(DF) [tos 0x10]� (ttl 64, id 63880, len 52)
21:18:29.614797 192.117.122.34.ftp > 192.115.21.202.32788: . [tcp sum
ok] ack 90 win 32199 <nop,nop,timestamp 196967749 243629> (DF) (ttl
63, id 16864, len 52)
����That's it ***

Now, if anybody can say anything based on that, I'll be glad. One
thing seems sure - it's not a firewall thing.
Herouth
--
EMAIL: [EMAIL PROTECTED]
HOME PAGE: http://herouth.port5.com/
================================================================To unsubscribe, send 
mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]