After several hours web-browsers can not login FTP anymore

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
kdiamond
  • kdiamond
  • Posts: 20
  • Joined: Dec 22 05 2:57 pm

After several hours web-browsers can not login FTP anymore

Jul 11 06 1:02 pm

Hi!

Wingate and FTP running on same machine. Allow TCP for 20-21.

When I start the computer everything is fine. FTP is working. FTP clients and browsers can login.

But after a several hours, browsers can not login anymore. List command does not seem to work anymore.

I can see Firewall blocks some trafic on ports above 3000. So why suddently browsers tries to use random ports above 3000 for FTP?

When I stop Wingate service everyhing is OK, when I start it back again browsers can not login. If I restart compter everything works for a few hours and the story repeates.

What can I do?

Thank you
Best Regards,
Dali
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Jul 11 06 6:55 pm

Most probably your situation is this:

You have an allowed port range (say, 1024-3000) - these are the ports that are allowed through the firewall. Since ports are sometimes reused and sometimes are not, your FTP server starts using ports outside this 1024-3000 range for data channel. Can you force the FTP server to use active mode only or passive mode on some predefined port (20 default)?
kdiamond
  • kdiamond
  • Posts: 20
  • Joined: Dec 22 05 2:57 pm

Jul 11 06 9:11 pm

Hi!

Thank you for your fast reply

I have to say that I use Serv-U Ftp client on other setups without any problem. For an example. Linux Brazil-FW Gateway and Serv-U are working fine. Only here with WG it stops after several hours.

You have an allowed port range (say, 1024-3000) - these are the ports that are allowed through the firewall


No I don't. Shoud I allow those ports?

Can you force the FTP server to use active mode only or passive mode on some predefined port (20 default)?

Allow passive mode data transfers is all there is.

But why does it work for about 10 hours and then stops? Why after reboot works again for approx. 10 hours?

Best Regards,
Dali
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Jul 11 06 10:25 pm

If my theory is correct, it is just a matter of fine to use up the entire allowed port range - check your Extended Networking settings, port actions page. What version of Wingate are you using, by the way?
kdiamond
  • kdiamond
  • Posts: 20
  • Joined: Dec 22 05 2:57 pm

Jul 12 06 7:29 am

What version of Wingate are you using, by the way?


Don't know exactly, because I'm not at location, but I'm sure it's 6.x.x

But since now all I had to do is to forward port 21, no mattter what router, gateway I was using and there were no problems. Why is it diferent here?

What does ports above 1000 has to do with FTP whnich works on 21?

Br,
Dali
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Jul 12 06 6:56 pm

FTP uses 2 connections, a control channel connection on port 21, then every time you do a list or a file transfer, it opens a new data connection.

It's this data connection that is being blocked after a while.

There are 2 modes of data transfer, normal and PASV.

Normal: the client sends a PORT command, and the server connects back to the client on the port number that was sent by the client.

PASV: the client sends a PASV command, the server opens a new port, and tells the client the port number, then the client connects to the server on this port.

With this second mode, then every time the PASV command is sent, a new port number is allocated by the operating system (unless the FTP server allows you to specify the port number that must be used).

Adrien
kdiamond
  • kdiamond
  • Posts: 20
  • Joined: Dec 22 05 2:57 pm

Jul 13 06 1:17 pm

Hi Adrien.

Thank you for explaining how it works.

(unless the FTP server allows you to specify the port number that must be used)


No, Serv-U FTP server has no setting to specify an aditional port for PASV mode. I've never saw it nor had to use it.

So since Serv-U has no such an option, what can I do?
I can not just allow port range from 1000 - 3000, in case FTP decides to use that any port in between.

Till now I always forwarded port 21 and it always worked without any problems and it works on numerous other setups while we speak. That's a fact. Other firewals don't need any aditional port (beside 21) to be opened for browsers to login FTP. Therfore I assume it must be Wingate specific case.

So, port 21 opend, FTP has no option to set the PASV port, browser can not login. What would you do?

Thank you

Br,
Dali
kdiamond
  • kdiamond
  • Posts: 20
  • Joined: Dec 22 05 2:57 pm

Jul 16 06 5:27 am

I found it. Exactly like you said. I need to specify port for PASV mode. It's so strange that it works on other routers without opening a dedicated port.

Thank you for yout help.

Br,
Dali
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index