ftp working with linux clients but not windows clients.

[The JoJo]

I just put pure-ftpd as a server running on my linux. It uses a non standard port, and I need to give it my real IP, as I'm behind my ISP's NAT. I'm using only passive mode, as ports below 200 are not open (ISP).

When people log in from a windows client (say ws_ftp as program), they can connect (not sure if they can give the username and password) but after that nothing happens.

If the same person tries the same thing from a linux host, everything goes as smooth as silk.

I don't get it. What could it be? Reverse dns is working.

Any ideas?

 

[blakerwry]

what's the IPort, can you setup a test user/pass? what ports in pure FTP are defined for use with PASV. Have these ports been forwarded to your server?

 

[i]

I just put pure-ftpd as a server running on my linux. It uses a non standard port, and I need to give it my real IP, as I'm behind my ISP's NAT. I'm using only passive mode, as ports below 200 are not open (ISP).

When people log in from a windows client (say ws_ftp as program), they can connect (not sure if they can give the username and password) but after that nothing happens.

If the same person tries the same thing from a linux host, everything goes as smooth as silk.

I don't get it. What could it be? Reverse dns is working.

Any ideas?

Ok, you're using passive ftp on your server, but are your clients setting WS-FTP to use passive transfers? I forget where the setting is in WS-FTP, but there's a box you have to check under one of the tabs you see when you're initially looking to connect somewhere.

 

[The JoJo]

Yup, both clients put the use passive stuff on in wsftp.

I'll look into putting a test account for you tonight.

Any other ideas?

 

[blakerwry]

what ports in pure FTP are defined for use with PASV. Have these ports been forwarded to your server?

I think that's a biggie, another thing I was thinking, but did not have time for.

In the linux world it is common for a password protected server to deny access if it is not given a correct username and or user/pass combination and not re-prompt for a user/pass. While this shouldnt be a problem with a real FTP client like ws_ftp, it is often a problem when using something like IE as an FTP client.

IE will often try to send an anonymous user/pass and if it does not get access assumes the server will reprompt for a user/pass ant which time you'll recieve a password prompt. To get around this simply specify your user/pass in the address bar of IE.

ex: ftp://user:pass@ftp.mysite.net



since you're saying you're using a real FTP client I doubt this is the problem(I assume your users are smart enough to enter the user/pass before trying to login to the server).

Also, I believe ws_ftp LE uses PASV by default.




btw, I run a pureFTP server using PASV... and have set up a no PASV pureFTP server in the past... One of the compelling reasons is because of the reletively easy to follow documentation. The help file might be a good start. The other compelling reason was that Honold recomended it.

 

[The JoJo]

I've used pure-ftpd for a few years, and been quite content with it.

Sorry I omitted your question there (very important one, as you mentioned) , I was in such a hurry.

Yup, all ports are by default forwarded to my server. No problems uploading and downloading from the linux clients.

And thankfully no one of the users is dumb enough to use IE for ftp
Wasn't it so that IE used 2 ports when logging in? Anyway...

Weird stuff. I'll see about that account when I get home in about 7 hours...

btw, the topology looks like this at the moment. server-switch-nat/router/firewall-router(my adsl box)-ISP network-internet.

 

[Howell]

Did you get this worked out?

 

[The JoJo]

After many hours of tcpdumping, and tests from windows and linux clients, some peculiar differences came up.
From linux clients, a normal tcp handshake was done. Syn -> syn ack -> ack. From windows clients, it looked like this : syn -> syn ack (from my computer) -> syn ack from my computer, and so on...as if my computer couldn't see/get the ack. Weird.

So then a winXP was used and the windows sizes, ttl's etc were changed to mimic linux more, but no help.

I had the latest driver from Asus for this 3com integrated nic. Which of course wasn't original 3com, but something 3com seems to have bought from syskonnekt (chip and drivers just labeled as 3com) . And finally from syskonnekt I found a more recent driver, about a month old.
Upgrading to this driver helped solve my problem.

After the driver update, blakewry did some very thorough testing with IE, ws ftp and others, and submitted me with a very detailed report about what worked and what not. Thanks B!

PS After making the driver, depmod -a screams about the driver. But it works. Haven't gone into this further at the moment

PPS pure-ftpd seems to have some -N (natmode) switch, which I haven't tried yet. Blakewry, have you used it? Gotta google for it...

Thanks for everyone for their help!

 

[The JoJo]

PPPS this upgrade did not make my speed on the gige network any better, I'm still howering at 10+MB. I haven't tried a crossover cable (don't have one at the moment !!!! :eekers: ) .

One possibility is the zyxel gs-105 switch, maybe it's not so hot? Is it the same as netgears 105? Looks so....Anyone know?

 

[blakerwry]

gige doesn't use crossover


did you ever run the netperf benchmarking program? i know I got a really awesome 98MBit/sec over my 100baseT connection, however most SAMBA transfers only go about 6 MB/sec... more random data slows this down to between 2 and 4MB/sec... I have, however, seen the server push out a consistant 9MB/sec at times.

I noticed that disabling the webclient service in winXP increased my downloads from my samba server by as much as 20%, you might want to give it a try.


oh, ... no I have never used the Nat switch (i dont think) on pureFTP... but you could give it a shot and see what happens.

 

[The JoJo]

I'll try that webclient thing immediately.

Good point about netperf, I haven't run it after the driver upgrade.

 

[bitg]

I am having the same problem.

I am having the same problem. FPT from windows clients is not working, but Linux clients works fine.

I am running Redhat 8 and the latest pure ftp server. I can connect to it just find from another machine in my network. Yet when trying to connect from the outside world, I get "Failed to establish a data socket" error. This happens when I connect in PASV mode. When I use PORT" mode to connect, it just times out with no explanation. The FTP Client software I am using is CuteFTP. I even tried it from a friend's house and got the same thing.

The wierd thing is when I connect to it from my linux machine at my office (using a command line ftp connection) it works just fine. I am lost here.

I have Pure FTP setup in it's default configuration and as far as I know nothing has changed. It was working at one time.

I am just confused here. I am no master of Linux.

ideas?

 

[bitg]

Currently, when I type "/etc/rc.d/init.d/pure-ftpd start" it prints the following on my screen. Maybe this will help.



Starting pure-config.pl: Running: /usr/local/sbin/pure-ftpd --daemonize -A -c50 -B -C8 -D -fftp -H -I15 -L2000:8 -m4 -p30000:50000 -P192.168.0.1 -s -U133:022 -u100 -w -k99 -Z

 

[The JoJo]

After a quick glance, -S OUTSIDE-IP, seems to be missing. That is needed when you are behind a NAT.

 

[The JoJo]

I can post my script when I get home tonight, that should work ok for you also.

Hmm, I haven't used the -N (or is it -n) myself, but that should also help if one has problems with NAT.


....hmmm..you say the connection was working once?

What happens when you telnet to that port? Do you get in?

 

[The JoJo]

As to my speed with the GIGe network at home, linux to linux with NFS tcp gives me about 22MB at the moment. SMB gives me about half of that from windows to linux.

 

[The JoJo]

...looking at the other thread, I seem to remember falsely the -S switch, I think I'm using the -P OUTSIDE-IP at home. Can't check it right now.