Re: Active mode FTP over PPP

On May 9, 1:38 am, ibupro...@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin) wrote:
On 8 May 2007, in the Usenet newsgroup alt.os.linux, in article
<1178622531.597442.94...@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> amf in the
Usenet newsgroup comp.protocols.ppp, in article

<1178623012.877758.16...@xxxxxxxxxxxxxxxxxxxxxxxxxxx>. logger wrote:

[Please don't post the same article to multiple newsgroups. If you
must, set the newsgroup header to a comma separated list, and set
a 'Followup-To:' header as I have done here.]

I wonder if somebody could shed some light on a problem I'm having
with "Active mode" FTP over a serial PPP link.

Doesn't sound like a ppp problem - routing or firewall perhaps. You
need to use a packet sniffer and look at the exchanges when the active
mode transfer is being set up.

I have three servers, which I'll call A (as mentioned above), B & C.
All have an ethernet interface each and are on the same subnet. Server
"A" has a number of modems installed all of which work just fine and
can handle local (i.e just to itself and not involving "B" or "C")
active and passive modes of FTP over the PPP link that get established
from the calling Linux or Windows clients.

This _implies_ that ppp and routing is set OK. What addresses are you
using on the Ethernet, and on the client? Same subnet? Are you using
'proxy-arp on the dialin server?

The problem:
Arises when "client" dials the PPP link to machine "A" it can't do an
"active mode" FTP to machines "B" or "C" it just bombs with errors
listed in the output below . I can do an "active mode" Ftp from
"client" to machine "A" without any problem.

Set up your favorite packet sniffer on the dialin server, and run a
packet capture of a FTP to server A (on the ppp0 side, which you say
works). Then repeat the process using sever B or C. What is different
about the active mode setup? You may need to monitor the eth0 side
of the dialin server if the ppp0 side doesn't show everything. Please
don't post the packet dumps - what you are looking for is a difference
in how the second (data) channel is being set up. Something is blocking
that - and normally that would be a packet filter, or incorrectly
configured NAT (masquerade) server.

It smells like a problem with PPP but why would PPP be causing this
problem - why should it care about active or passive

What makes you think ppp is the cause? The difference between passive
and active FTP is that in passive mode, all data and control information
use a single port pair - ephemeral (above 1025) on the client, to/from
21 on the server. In active mode, two port pairs are used, ephemeral
(above 1025) on the client, to/from 21 on the server for the control,
and a different ephemeral on the client, to/from 20 on the server for
the data. It sounds as if something is not allowing the second pair
to establish a connection. Why? Like I say, that's normally a firewall
or NAT (Network Address Translation - call it IP-Masquerade) problem.

Old guy



Hi Guys, thanks for your replies. Apologies for the multi-posting, new
to newsgroups and not too sure of the etiquette.

In response to your questions.

Moe Trin wrote ......

This _implies_ that ppp and routing is set OK. What addresses are you
using on the Ethernet, and on the client? Same subnet? Are you using
'proxy-arp on the dialin server?

The PPP client is assigned an address in the 192.168.150.* range as
defined in /etc/ppp/options.ttyG0.0x.
Proxyarp is set in /etc/ppp/options.server
Servers A, B & C reside in 192.168.100 subnet via their ethernet
cards.
Server A = 192.168.100.26
Server B = 192.168.100.31
Server C = 192.168.100.73

Moe Trin wrote ......

What makes you think ppp is the cause?

Just a guess, as all works perfectly until PPP is introduced into the
mix. Both Active and Passive mode Ftp's work just fine over the
ethernet interfaces between A,B & C. My problems begin with attempting
the active mode Ftp from client via Server A to B or C. However given
a little more thought the likely cause would appear to be some kind of
forwarding/masquerading issue.

I've just installed Ethereal and will attempt to capture something of
use.

chris

.

Relevant Pages

  • Re: id- 1030 source - Userenv
    ... check your settings on the server and client computers. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to reset winxp client profiles
    ... When you reinstall SBS server, ... If you want to make user profiles in old domain available in the new ... You do this in http://servername/connectcomputer in client ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA - cant send, reply, or show calendar views
    ... Microsoft CSS Online Newsgroup Support ... This posting is provided "AS IS" with no warranties, ... As you mentioned, the OWA work fine on the SBS Server, but it have ... Please try to test it on other client ...
    (microsoft.public.windows.server.sbs)
  • Re: Please enter password for HTTP proxy
    ... Web Proxy log: WEBEXTDyyyymmdd.log ... This newsgroup only focuses on SBS technical issues. ... |> on to the SBS server that hosts the ISA. ... |> sure the problematic clients also have Firewall Client installed. ...
    (microsoft.public.windows.server.sbs)
  • RE: Not able to connect to client from RWW page
    ... do you have ISA server or router installed in front of the SBS ... Ask the problematic client log on a good workstation, ... Please fully explain "cannot connect to RWW page directly" and "The one ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
Loading