Wingate 5.2.2 892, NAT only on static DSL line, users assumed by IP addresses.
The problem: if the guest user is disabled, none of the clients can connect to FTP servers. Well, they connect, but you can't see directory listing etc., because packets coming from FTP server somehow are adressed to local IP, but with guest user assumed. It looks like this:
Object: Authentication
Time: 03-Jan-2004 18:27:45
Message ID: 0301
Description: Authentication failed - user Guest on 212.122.64.13 requested NAT: TCP Connection to 192.168.7.60:3172
212... is FTP address, 192... is my local IP.
However, if clients enable passive mode, everything's OK.
Never had problems like these in deerfield's releases of Wingate.
FTP and disabled guest bug
Moderator: Qbik Staff
4 posts
• Page 1 of 1
by erwin » Jan 08 04 4:21 pm
Hi there
This problem only occurs when the Guest account is disabled and assumed users by Ip is being used.
The problem lies in the difference between the way that Active vs Passive mode ftp works.
Basically whenever Active mode ftp is used, after the FTP client connects to the FTP Server, and tells the server which port it is listening to receive data on when it makes a request. The FTP server (not the user) then initiates the the data transaction.
This inturn looks to WinGate NAT as though a Guest is trying a TCP connection to the FTP client machine behind WinGate. Of course because the guest account is disabled in your scenario and users are assumed you will see the same failure.
When Passive mode ftp is used the client initiates the data transaction as well, and so everything will work fine. This difference between Active and Psv Ftp is quite a well known problem with NAT and Firewalls, however both modes will work fine with WinGate if the guest account is enabled.
Thanks for highlighting this for us and its definitely something we will look into, however using Passive mode ftp seems to be the best solution for you at the moment.
Regards
Erwin
This problem only occurs when the Guest account is disabled and assumed users by Ip is being used.
The problem lies in the difference between the way that Active vs Passive mode ftp works.
Basically whenever Active mode ftp is used, after the FTP client connects to the FTP Server, and tells the server which port it is listening to receive data on when it makes a request. The FTP server (not the user) then initiates the the data transaction.
This inturn looks to WinGate NAT as though a Guest is trying a TCP connection to the FTP client machine behind WinGate. Of course because the guest account is disabled in your scenario and users are assumed you will see the same failure.
When Passive mode ftp is used the client initiates the data transaction as well, and so everything will work fine. This difference between Active and Psv Ftp is quite a well known problem with NAT and Firewalls, however both modes will work fine with WinGate if the guest account is enabled.
Thanks for highlighting this for us and its definitely something we will look into, however using Passive mode ftp seems to be the best solution for you at the moment.
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by adrien » Feb 29 04 7:55 pm
Hi
This seems to be a bug. Previous versions of the ENS driver (versions 5.0.7 and earlier which were released by us through Deerfield) would associate the data connection coming back from the server as part of the FTP session, and deem it to be in the user context of the client who had access.
Looks like the change in driver from 5.0.8 onwards broke this. It should be a fairly simple fix.
If you wish, you should be able to use the ENS driver from 5.0.7 with the latest engine etc in the interim.
Adrien
This seems to be a bug. Previous versions of the ENS driver (versions 5.0.7 and earlier which were released by us through Deerfield) would associate the data connection coming back from the server as part of the FTP session, and deem it to be in the user context of the client who had access.
Looks like the change in driver from 5.0.8 onwards broke this. It should be a fairly simple fix.
If you wish, you should be able to use the ENS driver from 5.0.7 with the latest engine etc in the interim.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest