Hello,
BIG Problem : I need to access a FTP Site wich i can only connect with Passiv Mode disable.
I can connect to the site but the Data transfer block...
I understand the difference between Passiv and Activ mode and know how the data connection occured in each way.
My problem is I need to access a FTP site in Activ Mode only.
Even if i disable Wingate Firewall, the Data Connection failed...
All work fine with FTP sites in Passiv Mode.
Has Someone has tested such a configuration ?
Or encounter the same problem ?
Or to avoid this ?
Test with several FTP Client (WS_FTP, FTPEXpert, cutePft, ....)
Latest Wingate 5.2.3 release - previous version 5.x do the same...
FTP Can't Open Data Connection with Passiv Transfer disable
Moderator: Qbik Staff
9 posts
• Page 1 of 1
FTP Can't Open Data Connection with Passiv Transfer disable
by jerome » May 06 04 9:13 pm
- jerome
- Posts: 6
- Joined: Oct 23 03 5:54 am
by erwin » May 10 04 10:57 am
Hi Jerome
WinGate has been designed to allow both active and Psv mode ftp through its NAT and firewall.
Understanding the limitations that Active FTP can sometimes have with NAT/firewall negotiating. (Where in Active mode the remote FTP Server actually instigates the Data connection rather then the client when processing causing it to look like a externally orientated connection) WinGate has supported the use of both types of transfer since the middle versions of 4.5.*
I have just rechecked this functionality with WinGate 5.2.3 through both command line ftp (in Windows, which runs in Active mode by default.) and CuteFTP with PSV switched off and both worked fine.
Just wondering in your scenario if the particular FTP server has security set for browsing, data transfer restrictions.
Regards
Erwin
WinGate has been designed to allow both active and Psv mode ftp through its NAT and firewall.
Understanding the limitations that Active FTP can sometimes have with NAT/firewall negotiating. (Where in Active mode the remote FTP Server actually instigates the Data connection rather then the client when processing causing it to look like a externally orientated connection) WinGate has supported the use of both types of transfer since the middle versions of 4.5.*
I have just rechecked this functionality with WinGate 5.2.3 through both command line ftp (in Windows, which runs in Active mode by default.) and CuteFTP with PSV switched off and both worked fine.
Just wondering in your scenario if the particular FTP server has security set for browsing, data transfer restrictions.
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by jerome » May 11 04 1:58 am
Hi Erwin
I use proxy connection, not NAT.
Please find below a test account (read only) on the host I cannot reach.
Host : 62.23.182.70 User : wingate - Psword : Kio$L69!
(Activ Mode only)
Please tell me if you can have the Data connection ?
All other transfers through wingate work fine. The only problem left i get is
on activ FTP connection. Log seems to indicate routing problem, i don't understand !
Waiting for your test result !
Thanks
I use proxy connection, not NAT.
Please find below a test account (read only) on the host I cannot reach.
Host : 62.23.182.70 User : wingate - Psword : Kio$L69!
(Activ Mode only)
Please tell me if you can have the Data connection ?
All other transfers through wingate work fine. The only problem left i get is
on activ FTP connection. Log seems to indicate routing problem, i don't understand !
Waiting for your test result !
Thanks
erwin wrote:Hi Jerome
WinGate has been designed to allow both active and Psv mode ftp through its NAT and firewall.
Understanding the limitations that Active FTP can sometimes have with NAT/firewall negotiating. (Where in Active mode the remote FTP Server actually instigates the Data connection rather then the client when processing causing it to look like a externally orientated connection) WinGate has supported the use of both types of transfer since the middle versions of 4.5.*
I have just rechecked this functionality with WinGate 5.2.3 through both command line ftp (in Windows, which runs in Active mode by default.) and CuteFTP with PSV switched off and both worked fine.
Just wondering in your scenario if the particular FTP server has security set for browsing, data transfer restrictions.
Regards
Erwin
- jerome
- Posts: 6
- Joined: Oct 23 03 5:54 am
by erwin » May 11 04 1:38 pm
Hi Jerome
Well I gave it a test with your details and unfortunately I was not able to reproduce your issue.
Used WinGate 5.2.3
I used CuteFtp version 4.0 with its Firewall/proxy config set to the internal IP address of the WinGate server on port 21.
With this I tried a straight proxy connection through WinGate (with no gateway set on the client machine to avoid any possibility of using NAT).
To make this work I had to select the user@site option in the CuteFTP Firewall/Proxy server settings as expected.
I specified the Username and password you gave to connect in the site manager when I created the your site profile.
In CuteFTP firewall/proxy config the "enable firewall" check box was ticked. The PASV checkbox was unticked.
It connected to the site fine without issues.
To be sure that CuteFTP wasnt using PASV mode (as it states this when its entering this mode in the Log), I switched PASV on in the settings and got a time out/data socket error, which I presumed indicating that the server was set to only allow Active connections as you had said.
One thing to mention though in particular I found with CuteFTP is that FTP will not work at all in this case (Straight Proxy connection) when the "enable Firewall access" is not checked in the CuteFTP config.
Sorry I cant help any further but it seems as though WinGate is behaving correctly in this case.
Regards
Erwin
Well I gave it a test with your details and unfortunately I was not able to reproduce your issue.
Used WinGate 5.2.3
I used CuteFtp version 4.0 with its Firewall/proxy config set to the internal IP address of the WinGate server on port 21.
With this I tried a straight proxy connection through WinGate (with no gateway set on the client machine to avoid any possibility of using NAT).
To make this work I had to select the user@site option in the CuteFTP Firewall/Proxy server settings as expected.
I specified the Username and password you gave to connect in the site manager when I created the your site profile.
In CuteFTP firewall/proxy config the "enable firewall" check box was ticked. The PASV checkbox was unticked.
It connected to the site fine without issues.
To be sure that CuteFTP wasnt using PASV mode (as it states this when its entering this mode in the Log), I switched PASV on in the settings and got a time out/data socket error, which I presumed indicating that the server was set to only allow Active connections as you had said.
One thing to mention though in particular I found with CuteFTP is that FTP will not work at all in this case (Straight Proxy connection) when the "enable Firewall access" is not checked in the CuteFTP config.
Sorry I cant help any further but it seems as though WinGate is behaving correctly in this case.
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by jerome » May 11 04 9:30 pm
Hi Erwin
Thank for your test, I finally resolved the problem i have.
I listened carrefully the port connection on PASV mode and other mode.
In FTP Proxy settings, binding was on local LAN only so i changed Binding & Interfaces to be 'Allow Connections in any inteface' to support Not PASV Mode in FTP Proxy settings.
This is of course so simple and so evident.
I think there was a problem with previous version because i surely have tested this before...
All works fine now !
Can return to my normal job....
Thank your for you help, and have a good day !
Jerome
Thank for your test, I finally resolved the problem i have.
I listened carrefully the port connection on PASV mode and other mode.
In FTP Proxy settings, binding was on local LAN only so i changed Binding & Interfaces to be 'Allow Connections in any inteface' to support Not PASV Mode in FTP Proxy settings.
This is of course so simple and so evident.
I think there was a problem with previous version because i surely have tested this before...
All works fine now !
Can return to my normal job....
Thank your for you help, and have a good day !
Jerome
erwin wrote:Hi Jerome
Well I gave it a test with your details and unfortunately I was not able to reproduce your issue.
Used WinGate 5.2.3
I used CuteFtp version 4.0 with its Firewall/proxy config set to the internal IP address of the WinGate server on port 21.
With this I tried a straight proxy connection through WinGate (with no gateway set on the client machine to avoid any possibility of using NAT).
To make this work I had to select the user@site option in the CuteFTP Firewall/Proxy server settings as expected.
I specified the Username and password you gave to connect in the site manager when I created the your site profile.
In CuteFTP firewall/proxy config the "enable firewall" check box was ticked. The PASV checkbox was unticked.
It connected to the site fine without issues.
To be sure that CuteFTP wasnt using PASV mode (as it states this when its entering this mode in the Log), I switched PASV on in the settings and got a time out/data socket error, which I presumed indicating that the server was set to only allow Active connections as you had said.
One thing to mention though in particular I found with CuteFTP is that FTP will not work at all in this case (Straight Proxy connection) when the "enable Firewall access" is not checked in the CuteFTP config.
Sorry I cant help any further but it seems as though WinGate is behaving correctly in this case.
Regards
Erwin
- jerome
- Posts: 6
- Joined: Oct 23 03 5:54 am
by jerome » May 14 04 2:14 am
Hello again,
Finally it find that id doesn't work all the time.
Sometimes all works fine, sometine Data Connection Blocks !!!!
Same Host, same software, same FTP Site- even ftp.adobe.com in Activ Mode.
I think it depend on the Port number assigned by the Client FTP.
10 % working 90 % Not OK
Wingate Configuration doesn't change.
It's really a BUG !
Firewall Port 1024-4096 TCP in/out opened
Finally it find that id doesn't work all the time.
Sometimes all works fine, sometine Data Connection Blocks !!!!
Same Host, same software, same FTP Site- even ftp.adobe.com in Activ Mode.
I think it depend on the Port number assigned by the Client FTP.
10 % working 90 % Not OK
Wingate Configuration doesn't change.
It's really a BUG !
Firewall Port 1024-4096 TCP in/out opened
erwin wrote:Hi Jerome
WinGate has been designed to allow both active and Psv mode ftp through its NAT and firewall.
Understanding the limitations that Active FTP can sometimes have with NAT/firewall negotiating. (Where in Active mode the remote FTP Server actually instigates the Data connection rather then the client when processing causing it to look like a externally orientated connection) WinGate has supported the use of both types of transfer since the middle versions of 4.5.*
I have just rechecked this functionality with WinGate 5.2.3 through both command line ftp (in Windows, which runs in Active mode by default.) and CuteFTP with PSV switched off and both worked fine.
Just wondering in your scenario if the particular FTP server has security set for browsing, data transfer restrictions.
Regards
Erwin
- jerome
- Posts: 6
- Joined: Oct 23 03 5:54 am
by jerome » May 14 04 8:45 pm
Hi,
Unfortunately not.
I run FTP Client from several Host on my LAN PCs.
Unfortunately not.
I run FTP Client from several Host on my LAN PCs.
genie wrote:Hi,
If you run your FTP client from Wingate server machine, then active would not work (unfortunately). This limitation will be resolved shortly.
- jerome
- Posts: 6
- Joined: Oct 23 03 5:54 am
9 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 4 guests