FTP and disabled guest bug

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
snoopy
  • snoopy
  • Posts: 9
  • Joined: Jan 04 04 5:18 am

FTP and disabled guest bug

Jan 04 04 5:37 am

Wingate 5.2.2 892, NAT only on static DSL line, users assumed by IP addresses.

The problem: if the guest user is disabled, none of the clients can connect to FTP servers. Well, they connect, but you can't see directory listing etc., because packets coming from FTP server somehow are adressed to local IP, but with guest user assumed. It looks like this:

Object: Authentication
Time: 03-Jan-2004 18:27:45
Message ID: 0301
Description: Authentication failed - user Guest on 212.122.64.13 requested NAT: TCP Connection to 192.168.7.60:3172

212... is FTP address, 192... is my local IP.

However, if clients enable passive mode, everything's OK.
Never had problems like these in deerfield's releases of Wingate.
erwin

Jan 08 04 4:21 pm

Hi there

This problem only occurs when the Guest account is disabled and assumed users by Ip is being used.

The problem lies in the difference between the way that Active vs Passive mode ftp works.

Basically whenever Active mode ftp is used, after the FTP client connects to the FTP Server, and tells the server which port it is listening to receive data on when it makes a request. The FTP server (not the user) then initiates the the data transaction.

This inturn looks to WinGate NAT as though a Guest is trying a TCP connection to the FTP client machine behind WinGate. Of course because the guest account is disabled in your scenario and users are assumed you will see the same failure.

When Passive mode ftp is used the client initiates the data transaction as well, and so everything will work fine. This difference between Active and Psv Ftp is quite a well known problem with NAT and Firewalls, however both modes will work fine with WinGate if the guest account is enabled.

Thanks for highlighting this for us and its definitely something we will look into, however using Passive mode ftp seems to be the best solution for you at the moment.

Regards
Erwin
snoopy
  • snoopy
  • Posts: 9
  • Joined: Jan 04 04 5:18 am

Feb 29 04 1:33 am

Thank you for description of the problem, however, this is not an issue on v5.2.855 and earlier builds. Why? And problem persists on last build too :(
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Feb 29 04 7:55 pm

Hi

This seems to be a bug. Previous versions of the ENS driver (versions 5.0.7 and earlier which were released by us through Deerfield) would associate the data connection coming back from the server as part of the FTP session, and deem it to be in the user context of the client who had access.

Looks like the change in driver from 5.0.8 onwards broke this. It should be a fairly simple fix.

If you wish, you should be able to use the ENS driver from 5.0.7 with the latest engine etc in the interim.

Adrien
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index