I am facing a problem with the FTP proxy service.
Here are the details of my configuration:
Wingate version 8.5.9.4883
2 Ethernet adapters, one on LAN side, the other on WAN side, on two distinct networks.
A FTP server based on IIS on the WAN side.
We are using a proprietary application to connect from our workstations (on the LAN side) to the FTP server through the FTP proxy in Wingate. This was working without a problem for years until January. I think (not sure) the problems started when I updated Wingate to the current version. I don't know what version we were using before but I'm pretty sure it was a not so old version. On the same computer, the command connection is always establishing but sometimes the data transfers are failing.
I used the Packet capture utility and Wireshark to try a basic analysis and found a difference between the good and the bad connections. When opening the data connection, the server answers “150 Opening ASCII mode data connection.”. But on failing tries, the server answers “125 Data connection already open; Transfer starting.”. I don’t know if the data loss is in the Wingate proxy or in our application but the result is the same, so I am searching for a solution to this situation.
One last precision: the problem is the same with active or passive modes.
Here is a transcript of a “good” session:
- Code: Select all
FTP-Server Wingate TCP 66 62192 > 21 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
Wingate FTP-Server TCP 66 21 > 62192 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
FTP-Server Wingate TCP 54 62192 > 21 [ACK] Seq=1 Ack=1 Win=65536 Len=0
Wingate FTP-Server FTP 81 Response: 220 Microsoft FTP Service
FTP-Server Wingate FTP 69 Request: USER testuser
Wingate FTP-Server FTP 91 Response: 331 Password required for testuser.
FTP-Server Wingate FTP 69 Request: PASS xxxx
Wingate FTP-Server FTP 75 Response: 230 User logged in.
FTP-Server Wingate FTP 60 Request: FEAT
Wingate FTP-Server FTP 88 Response: 211-Extended features supported:
Wingate FTP-Server FTP 72 Response: LANG EN*
Wingate FTP-Server FTP 107 Response: AUTH TLS;TLS-C;SSL;TLS-P;
Wingate FTP-Server FTP 61 Response: HOST
Wingate FTP-Server FTP 91 Response: SIZE
FTP-Server Wingate TCP 54 62192 > 21 [ACK] Seq=37 Ack=138 Win=65536 Len=0
FTP-Server Wingate TCP 54 62192 > 21 [ACK] Seq=37 Ack=198 Win=65280 Len=0
FTP-Server Wingate FTP 68 Request: OPTS UTF8 ON
Wingate FTP-Server FTP 112 Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
FTP-Server Wingate FTP 62 Request: TYPE A
Wingate FTP-Server FTP 74 Response: 200 Type set to A.
FTP-Server Wingate FTP 60 Request: SYST
Wingate FTP-Server FTP 70 Response: 215 Windows_NT
FTP-Server Wingate FTP 62 Request: TYPE A
Wingate FTP-Server FTP 74 Response: 200 Type set to A.
FTP-Server Wingate FTP 60 Request: PASV
Wingate FTP-Server FTP 107 Response: 227 Entering Passive Mode (x,x,x,52,192,229).
FTP-Server Wingate FTP 60 Request: NLST
FTP-Server Wingate TCP 66 62194 > 49381 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
Wingate FTP-Server TCP 66 49381 > 62194 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
Wingate FTP-Server FTP 95 Response: 150 Opening ASCII mode data connection. <---------------------------------------------
FTP-Server Wingate TCP 54 62194 > 49381 [ACK] Seq=1 Ack=1 Win=65536 Len=0
Wingate FTP-Server FTP-DATA 517 FTP Data: 463 bytes
Wingate FTP-Server TCP 60 49381 > 62194 [FIN, ACK] Seq=464 Ack=1 Win=65536 Len=0
Wingate FTP-Server FTP 78 Response: 226 Transfer complete.
FTP-Server Wingate TCP 54 62194 > 49381 [ACK] Seq=1 Ack=465 Win=65024 Len=0
FTP-Server Wingate TCP 54 62192 > 21 [ACK] Seq=85 Ack=467 Win=65024 Len=0
FTP-Server Wingate TCP 54 62194 > 49381 [FIN, ACK] Seq=1 Ack=465 Win=65024 Len=0
Wingate FTP-Server TCP 60 49381 > 62194 [ACK] Seq=465 Ack=2 Win=65536 Len=0
FTP-Server Wingate FTP 60 Request: QUIT
Wingate FTP-Server FTP 68 Response: 221 Goodbye.
Wingate FTP-Server TCP 60 21 > 62192 [FIN, ACK] Seq=481 Ack=91 Win=65536 Len=0
FTP-Server Wingate TCP 54 62192 > 21 [ACK] Seq=91 Ack=482 Win=65024 Len=0
FTP-Server Wingate TCP 54 62192 > 21 [FIN, ACK] Seq=91 Ack=482 Win=65024 Len=0
Wingate FTP-Server TCP 60 21 > 62192 [ACK] Seq=482 Ack=92 Win=65536 Len=0
Here is a transcript of a “bad” session:
- Code: Select all
FTP-Server Wingate TCP 66 62184 > 21 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
Wingate FTP-Server TCP 66 21 > 62184 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
FTP-Server Wingate TCP 54 62184 > 21 [ACK] Seq=1 Ack=1 Win=65536 Len=0
Wingate FTP-Server FTP 81 Response: 220 Microsoft FTP Service
FTP-Server Wingate FTP 69 Request: USER testuser
Wingate FTP-Server FTP 91 Response: 331 Password required for testuser.
FTP-Server Wingate FTP 69 Request: PASS xxxx
Wingate FTP-Server FTP 75 Response: 230 User logged in.
FTP-Server Wingate FTP 60 Request: FEAT
Wingate FTP-Server FTP 88 Response: 211-Extended features supported:
Wingate FTP-Server FTP 72 Response: LANG EN*
Wingate FTP-Server FTP 107 Response: AUTH TLS;TLS-C;SSL;TLS-P;
Wingate FTP-Server FTP 61 Response: HOST
Wingate FTP-Server FTP 91 Response: SIZE
FTP-Server Wingate TCP 54 62184 > 21 [ACK] Seq=37 Ack=138 Win=65536 Len=0
FTP-Server Wingate TCP 54 62184 > 21 [ACK] Seq=37 Ack=198 Win=65280 Len=0
FTP-Server Wingate FTP 68 Request: OPTS UTF8 ON
Wingate FTP-Server FTP 112 Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
FTP-Server Wingate FTP 62 Request: TYPE A
Wingate FTP-Server FTP 74 Response: 200 Type set to A.
FTP-Server Wingate FTP 60 Request: SYST
Wingate FTP-Server FTP 70 Response: 215 Windows_NT
FTP-Server Wingate FTP 62 Request: TYPE A
Wingate FTP-Server FTP 74 Response: 200 Type set to A.
FTP-Server Wingate FTP 60 Request: PASV
Wingate FTP-Server FTP 107 Response: 227 Entering Passive Mode (x,x,x,52,192,228).
FTP-Server Wingate TCP 66 62186 > 49380 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
Wingate FTP-Server TCP 66 49380 > 62186 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
FTP-Server Wingate TCP 54 62186 > 49380 [ACK] Seq=1 Ack=1 Win=65536 Len=0
FTP-Server Wingate FTP 60 Request: NLST
Wingate FTP-Server FTP 108 Response: 125 Data connection already open; Transfer starting. <---------------------------------------------
Wingate FTP-Server FTP-DATA 517 FTP Data: 463 bytes
Wingate FTP-Server TCP 60 49380 > 62186 [FIN, ACK] Seq=464 Ack=1 Win=65536 Len=0
Wingate FTP-Server FTP 78 Response: 226 Transfer complete.
FTP-Server Wingate TCP 54 62186 > 49380 [ACK] Seq=1 Ack=465 Win=65024 Len=0
FTP-Server Wingate TCP 54 62184 > 21 [ACK] Seq=85 Ack=480 Win=65024 Len=0
FTP-Server Wingate TCP 54 62186 > 49380 [FIN, ACK] Seq=1 Ack=465 Win=65024 Len=0
Wingate FTP-Server TCP 60 49380 > 62186 [ACK] Seq=465 Ack=2 Win=65536 Len=0
FTP-Server Wingate FTP 60 Request: QUIT
Wingate FTP-Server FTP 68 Response: 221 Goodbye.
Wingate FTP-Server TCP 60 21 > 62184 [FIN, ACK] Seq=494 Ack=91 Win=65536 Len=0
FTP-Server Wingate TCP 54 62184 > 21 [ACK] Seq=91 Ack=495 Win=65024 Len=0
FTP-Server Wingate TCP 54 62184 > 21 [FIN, ACK] Seq=91 Ack=495 Win=65024 Len=0
Wingate FTP-Server TCP 60 21 > 62184 [ACK] Seq=495 Ack=92 Win=65536 Len=0
Have a nice day.