Jump to content
AllanF

TFTPServer on Port forwarded machine not working

Recommended Posts

Hi,

 

I am running TFTPServer (Delphi Seattle) on a machine that is visible to FtpClients across the WAN (port forwarding). I have used the OnPasvIpAddr event to set APasvIpAddr to the public IP. This works fine for one send from my FtpClient (one send from FtpClient involves few other operations like GetFileSize , PUT & RenameFile). During the second Send the Clients gets error at the Rename. Kindly note that I connect from client only once for both the Sends.

Using FileZilla FTP Server (with setting external IP) client works fine.

TFTPServer works fine too on LAN and on a machine with Public IP machine (VPS).

 

Please advice the correct way to use PasvIpAddr.

 

procedure Tform_FtpServer.FtpServer1PasvIpAddr(Sender: TObject;Client: TFtpCtrlSocket; var APasvIpAddr: TFtpString;var SetPasvIpAddr: Boolean);
begin
  if (sysPasvAddress='') then exit ;  // sysPasvAddress = my variable suggesting that external address is required 

  SetPasvIpAddr:=True ;
  APasvIpAddr:=sysPasvAddress ;
end;

Regards

Allan

 

Share this post


Link to post

Unfortunately the use of PasvIpAddr in the FTP server is undocumented and the developer that added and used those options is no longer able to answer questions about them.   You'll need to examine your server and client logs and compare them with FileZilla to so what is wrong. 

 

I have an ICS FTP server behind a NAT router that works fine without any special settings except PasvPortRangeStart=21001 and PasvPortRangeSize=997, but I'm aware different NAT routers have varying abilities to cope with FTP. 

 

Angus

 

 

Share this post


Link to post

Just did a test with my FTP behind a NAT router, it currently fails to download files.  It used to work with my old Sonicwall router which was intelligent enough to manipulate the FTP protocol to change the IP address, but no longer works with my current Draytek Vigor router which apparently does not understand FTP (but does work with IPv6 which the Sonicwall did not).  Or maybe I've not configured something in the Draytek.  It's probably PasvIpAddr would fix it, but I'd have to change my FTP server and I don't have time as the moment - I have three other public FTP servers so not a priority, sorry.

 

Angus

Share this post


Link to post

I have put in over two years of effort on my backup application and your TFtpserver is one of the important component behind it. It has performed very well in all sorts of environments. Currently I have installed it for trial at a customer's place. Please help me out of this one. 

Share this post


Link to post

Hi,

Of the Below four files three got copied properly. The fourth gave a problem.


When copying a file I copy it as Filename~$~ and then check if copied size is correct and Rename it back to FileName.

DB10008104_001700001FCr.DSC~$~
DB10008104_001700001FCr.DSB~$~
DB10008104_001800001FCr.DSC~$~
DB10008104_001800001FCr.DSB~$~

Below error comes while Renaming the file after copy is completed on Client side.

<Connect_Ftp2>
<DllDate>Dec 13 2012</DllDate>
<UnlockPrefix>xxxxxx</UnlockPrefix>
<Username>AF:SYSTEM</Username>
<Architecture>Little Endian; 32-bit</Architecture>
<Language>C++ Builder XE2</Language>
<VerboseLogging>1</VerboseLogging>
<error>Asynchronous FTP operation already in progress.</error>
</Connect_Ftp2>
</ChilkatLog>


Below are the corresponding TFTPServer logs 

InfoMemo
! Server started
OneTimePw (c) 1997-2012 F. Piette V8.00
Using:
    TWSocket (c) 1996-2017 Francois Piette V8.43 
    TFtpServer (c) 1998-2016 F. Piette V8.37 
    Winsock:
        Version 2.2
        WinSock 2.0
        Running
! Server started
OneTimePw (c) 1997-2012 F. Piette V8.00
Using:
    TWSocket (c) 1996-2017 Francois Piette V8.43 
    TFtpServer (c) 1998-2016 F. Piette V8.37 
    Winsock:
        Version 2.2
        WinSock 2.0
        Running
! 223.182.185.15 [1] connected
< 223.182.185.15=(Not yet Logged On) USER XYZ
> 223.182.185.15;AF [0ms] 331 Password required for XYZ.
< 223.182.185.15;AF PASS ABC
! 223.182.185.15;AF User 'XYZ' is authenticated and logged on locally to Windows
! 223.182.185.15;AF Home Directory: C:\Program Files\DB5\
> 223.182.185.15;AF [0ms] 230 User XYZ logged in.
< 223.182.185.15;AF TYPE I
> 223.182.185.15;AF [0ms] 200 Type set to I.
< 223.182.185.15;AF SYST 
> 223.182.185.15;AF [0ms] 215 UNIX Type: L8 Internet Component Suite
< 223.182.185.15;AF FEAT 
> 223.182.185.15;AF [0ms] 211-Extensions supported:
 HOST
 SIZE
 REST STREAM
 MDTM
 MDTM YYYYMMDDHHMMSS[+-TZ] filename
 MLST size*;type*;perm*;create*;modify*;
 MFMT
 MD5
 XCRC "filename" start end
 XMD5 "filename" start end
 CLNT
 SITE INDEX;ZONE;MSG;EXEC;PSWD;CMLSD;DMLSD
 XCMLSD
 XDMLSD
211 END
< 223.182.185.15;AF FEAT 
> 223.182.185.15;AF [0ms] 211-Extensions supported:
 HOST
 SIZE
 REST STREAM
 MDTM
 MDTM YYYYMMDDHHMMSS[+-TZ] filename
 MLST size*;type*;perm*;create*;modify*;
 MFMT
 MD5
 XCRC "filename" start end
 XMD5 "filename" start end
 CLNT
 SITE INDEX;ZONE;MSG;EXEC;PSWD;CMLSD;DMLSD
 XCMLSD
 XDMLSD
211 END
< 223.182.185.15;AF CWD /
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/" is current directory.
< 223.182.185.15;AF CWD C:\Backup
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup" is current directory.
< 223.182.185.15;AF CWD system
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup/system" is current directory.
< 223.182.185.15;AF CWD ExtWrk
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup/system/ExtWrk" is current directory.
< 223.182.185.15;AF PASV 
> 223.182.185.15;AF [0ms] 227 Entering Passive Mode (27,111,15,222,191,205).
< 223.182.185.15;AF STOR DB10008104_001700001FCr.DSC~$~
> 223.182.185.15;AF [0ms] 150 Opening data connection for DB10008104_001700001FCr.DSC~$~.
! 223.182.185.15;AF C:\Backup\system\ExtWrk\DB10008104_001700001FCr.DSC~$~ 4.15Kbytes received in 47 milliseconds
> 223.182.185.15;AF [94ms] 226 File received ok
< 223.182.185.15;AF SIZE DB10008104_001700001FCr.DSC~$~
> 223.182.185.15;AF [15ms] 213 4248
< 223.182.185.15;AF SIZE DB10008104_001700001FCr.DSC
> 223.182.185.15;AF [0ms] 550 Command failed: File not found.
< 223.182.185.15;AF RNFR DB10008104_001700001FCr.DSC~$~
> 223.182.185.15;AF [0ms] 350 File exists, ready for destination name.
< 223.182.185.15;AF RNTO DB10008104_001700001FCr.DSC
> 223.182.185.15;AF [16ms] 250 File '/C:/Backup/system/ExtWrk/DB10008104_001700001FCr.DSC~$~' renamed to '/C:/Backup/system/ExtWrk/DB10008104_001700001FCr.DSC'.
< 223.182.185.15;AF CWD /
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/" is current directory.
< 223.182.185.15;AF CWD C:\Backup
> 223.182.185.15;AF [16ms] 250 CWD command successful. "/C:/Backup" is current directory.
< 223.182.185.15;AF CWD system
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup/system" is current directory.
< 223.182.185.15;AF CWD ExtWrk
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup/system/ExtWrk" is current directory.
< 223.182.185.15;AF PASV 
> 223.182.185.15;AF [0ms] 227 Entering Passive Mode (27,111,15,222,191,206).
< 223.182.185.15;AF STOR DB10008104_001700001FCr.DSB~$~
> 223.182.185.15;AF [0ms] 150 Opening data connection for DB10008104_001700001FCr.DSB~$~.
! 223.182.185.15;AF C:\Backup\system\ExtWrk\DB10008104_001700001FCr.DSB~$~ 106Mbytes received in 218 seconds (497Kbytes/sec)
> 223.182.185.15;AF [218375ms] 226 File received ok
< 223.182.185.15;AF SIZE DB10008104_001700001FCr.DSB~$~
> 223.182.185.15;AF [0ms] 213 111340889
< 223.182.185.15;AF SIZE DB10008104_001700001FCr.DSB
> 223.182.185.15;AF [0ms] 550 Command failed: File not found.
< 223.182.185.15;AF RNFR DB10008104_001700001FCr.DSB~$~
> 223.182.185.15;AF [0ms] 350 File exists, ready for destination name.
< 223.182.185.15;AF RNTO DB10008104_001700001FCr.DSB
> 223.182.185.15;AF [0ms] 250 File '/C:/Backup/system/ExtWrk/DB10008104_001700001FCr.DSB~$~' renamed to '/C:/Backup/system/ExtWrk/DB10008104_001700001FCr.DSB'.
< 223.182.185.15;AF QUIT 
> 223.182.185.15;AF [0ms] 221 Goodbye.
! 223.182.185.15;AF disconnected after 222 secs, total recv 106M, total xmit 2.18K
! 223.182.185.15 [2] connected
< 223.182.185.15=(Not yet Logged On) USER XYZ
> 223.182.185.15;AF [0ms] 331 Password required for XYZ.
< 223.182.185.15;AF PASS ABC
! 223.182.185.15;AF User 'XYZ' is authenticated and logged on locally to Windows
! 223.182.185.15;AF Home Directory: C:\Program Files\DB5\
> 223.182.185.15;AF [0ms] 230 User XYZ logged in.
< 223.182.185.15;AF TYPE I
> 223.182.185.15;AF [0ms] 200 Type set to I.
< 223.182.185.15;AF SYST 
> 223.182.185.15;AF [0ms] 215 UNIX Type: L8 Internet Component Suite
< 223.182.185.15;AF FEAT 
> 223.182.185.15;AF [0ms] 211-Extensions supported:
 HOST
 SIZE
 REST STREAM
 MDTM
 MDTM YYYYMMDDHHMMSS[+-TZ] filename
 MLST size*;type*;perm*;create*;modify*;
 MFMT
 MD5
 XCRC "filename" start end
 XMD5 "filename" start end
 CLNT
 SITE INDEX;ZONE;MSG;EXEC;PSWD;CMLSD;DMLSD
 XCMLSD
 XDMLSD
211 END
< 223.182.185.15;AF FEAT 
> 223.182.185.15;AF [0ms] 211-Extensions supported:
 HOST
 SIZE
 REST STREAM
 MDTM
 MDTM YYYYMMDDHHMMSS[+-TZ] filename
 MLST size*;type*;perm*;create*;modify*;
 MFMT
 MD5
 XCRC "filename" start end
 XMD5 "filename" start end
 CLNT
 SITE INDEX;ZONE;MSG;EXEC;PSWD;CMLSD;DMLSD
 XCMLSD
 XDMLSD
211 END
< 223.182.185.15;AF CWD /
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/" is current directory.
< 223.182.185.15;AF CWD C:\Backup
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup" is current directory.
< 223.182.185.15;AF CWD system
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup/system" is current directory.
< 223.182.185.15;AF CWD ExtWrk
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup/system/ExtWrk" is current directory.
< 223.182.185.15;AF PASV 
> 223.182.185.15;AF [0ms] 227 Entering Passive Mode (27,111,15,222,191,207).
< 223.182.185.15;AF STOR DB10008104_001800001FCr.DSC~$~
> 223.182.185.15;AF [0ms] 150 Opening data connection for DB10008104_001800001FCr.DSC~$~.
! 223.182.185.15;AF C:\Backup\system\ExtWrk\DB10008104_001800001FCr.DSC~$~ 4.16Kbytes received in 94 milliseconds
> 223.182.185.15;AF [94ms] 226 File received ok
< 223.182.185.15;AF SIZE DB10008104_001800001FCr.DSC~$~
> 223.182.185.15;AF [0ms] 213 4255
< 223.182.185.15;AF SIZE DB10008104_001800001FCr.DSC
> 223.182.185.15;AF [0ms] 550 Command failed: File not found.
< 223.182.185.15;AF RNFR DB10008104_001800001FCr.DSC~$~
> 223.182.185.15;AF [0ms] 350 File exists, ready for destination name.
< 223.182.185.15;AF RNTO DB10008104_001800001FCr.DSC
> 223.182.185.15;AF [0ms] 250 File '/C:/Backup/system/ExtWrk/DB10008104_001800001FCr.DSC~$~' renamed to '/C:/Backup/system/ExtWrk/DB10008104_001800001FCr.DSC'.
< 223.182.185.15;AF CWD /
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/" is current directory.
< 223.182.185.15;AF CWD C:\Backup
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup" is current directory.
< 223.182.185.15;AF CWD system
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup/system" is current directory.
< 223.182.185.15;AF CWD ExtWrk
> 223.182.185.15;AF [0ms] 250 CWD command successful. "/C:/Backup/system/ExtWrk" is current directory.
< 223.182.185.15;AF PASV 
> 223.182.185.15;AF [0ms] 227 Entering Passive Mode (27,111,15,222,191,208).
< 223.182.185.15;AF STOR DB10008104_001800001FCr.DSB~$~
> 223.182.185.15;AF [0ms] 150 Opening data connection for DB10008104_001800001FCr.DSB~$~.
! 223.182.185.15;AF C:\Backup\system\ExtWrk\DB10008104_001800001FCr.DSB~$~ 106Mbytes received in 311 seconds (348Kbytes/sec)
> 223.182.185.15;AF [311906ms] 226 File received ok
! 223.182.185.15;AF disconnected after 338 secs, total recv 106M, total xmit 1.93K
 

Edited by AllanF

Share this post


Link to post

The line that matters here relating to passive IP addresses is ; 227 Entering Passive Mode (27,316,15,428,191,207); which indicates a public address is being correctly advertised to the client, although you have not logged the server IP address so I'm guessing here.  You are also using a two year old version of ICS.  If even one file transfers correctly, that suggests the correct public IP address is being used.  You need to check the logs to make sure the same public IP is being sent for each file. 

 

Another possibility is the public IP changed during the session, while most of us have stable public IP addresses that stay the same for weeks or years, some ISPs (mobile in particular) use CNAT and the public IP address may change every few minutes. 

 

Angus

 

Edited by Angus Robertson

Share this post


Link to post

The IP of the server is constant over past few days. The IP is set in a database and I supply the same to the client each time. I observed that the sending works for multiple files if they are small (15 files of 21mb each) , it gives problem when file takes a few minutes to copy (150MB). Could it be that the FTP  control port is being closed by the firewall as it is not being used ? Can the Server keep the Control port alive ? I am trying to do it from the Client side too.

Edited by AllanF

Share this post


Link to post

The client and server logging should show if the control channel is closed prematurely.   If you not already using my old TMagFtp client component, I'd suggest you update your client to use the latest version which is now in ICS, TIcsFtpMulti which uses special directory commands when working with the ICS FTP server, and automatically retries transfers when they fail due to control channel closing or other errors.

 

Angus

 

Share this post


Link to post

Thanks Angus for the support you have given. Though this is not the most appropriate solution it should suffice for me.

 

Edited by AllanF

Share this post


Link to post

For completeness, I have now configured my port forwarded FTP server correctly, opened passive ports in the Draytek router, and it is now working correctly again for internal and external traffic. 

 

However the ftpsNoPasIpAddrInLAN and ftpsNoPasvIpAddrSameSubnet are not working as expected, it never uses a local IP address, which I need to investigate.  I suspect IPv6 may also be an issue on passive data connections, need to test that as well.  But you can get around the LAN issue by changing the Passive IP in the event.

 

Angus

 

Share this post


Link to post

The FTP server Options ftpsNoPasIpAddrInLAN and ftpsNoPasvIpAddrSameSubnetoptions were broken because the remote client IP was always returned as 0.0.0.0, now fixed, will be in SVN next week with other FTP changes.

 

Angus

 

  • Like 1

Share this post


Link to post

There are new versions of the FTP client and server in SVN and the overnight zip, fixing the FTP server options being ignored and improving passive mode on the client.  

 

I've added logging for both client and server IPv4 passive mode to log various IP addresses before the data connection is opened, to make it easier to debug why a connection fails.  

 

The FTP client also has a new  Option ftpFixPasvLanIP for when '227 Entering Passive Mode ()'  returns a LAN IP instead of a WAN IP, so use control IP instead. This fixes failed downloads if the FTP server is behind a NAT router and is not configured to present the external IP. An example log is:

 

> PASV
< 227 Entering Passive Mode (192,168,1,161,82,10).
! Passive connection requested to: 192.168.1.161:21002, control channel: 217.146.115.83
! Suspicious LAN IP changed to control channel address
> LIST
< 150 Opening data connection for directory list.
www3.magsys.co.uk SSL Connected OK with TLSv1.2
< 226 File sent ok
 

Note this example won't work now, I had to misconfigure the server to return the local IP address.

 

Angus

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×