I want to connect to an FTP server from my local network, which is behind a NAT.
The gateway is a Win 2008 server, configured with routing and remote services / Nat enabled. The problem exists from XP, Vista sp1, and Vista sp2 computers.
Here's what I get (using the default DOS ftp client, but I get the same thing using FileZilla)
ftp> open ftp.foo.com
Connected to ftp.foo.com.
220-
[here I wait for 30s before getting the following line]
Connection closed by remote host.
ftp>
As you can see I'm disconnected before the login process, so I don't have the opportunity to use PASSV.
Here's what works :
- everything else (ie, every non-ftp related connection)
- connection to this specific server from my NAT gateway
- connection on other servers from my behind-nat computer
- direct internet connection to this specific ftp server from my computer (ie, without using the NAT server)
The company providing the ftp says the problem is not on their end, since I can connect from my NAT server. The same reasoning leads to the problem not being on my side neither (I can connect on other ftp servers)
What should I check ?
EDIT : here's what I get when I sniff the connection on the gateway while attempting to connect from my behind-the-nat computer :
On the Internet facing interface :
No. Time Source Destination Protocol Info
1312 320.576218 213.186.xx.xxx 192.168.1.1 FTP Response: 220-
1313 320.576602 213.186.xx.xxx 192.168.1.1 FTP Response: 220-Bienvenue,
1315 320.610911 213.186.xx.xxx 192.168.1.1 FTP Response: 220-
And on my internal LAN interface :
No. Time Source Destination Protocol Info
9288 118.698920 213.186.xx.xx 192.168.0.100 FTP Response: 220-
9293 118.890406 213.186.xx.xx 192.168.0.100 FTP Response: 220-Bienvenue,
Frame 9293 (166 bytes on wire, 166 bytes captured)
Ethernet II, Src: Tp-LinkT_c6:e2:3f (00:21:27:c6:e2:3f), Dst: Giga-Byt_22:b0:99 (00:1f:d0:22:b0:99)
Internet Protocol, Src: 213.186.xx.xx(213.186.xx.xx), Dst: 192.168.0.100 (192.168.0.100)
Transmission Control Protocol, Src Port: ftp (21), Dst Port: jini-discovery (4160), Seq: 7, Ack: 1, Len: 112
Source port: ftp (21)
Destination port: jini-discovery (4160)
Sequence number: 7 (relative sequence number)
[Next sequence number: 119 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65536 (scaled)
Checksum: 0xa5bc [incorrect, should be 0x96cb (maybe caused by "TCP checksum offload"?)]
[SEQ/ACK analysis]
File Transfer Protocol (FTP)
9306 119.187327 213.186.xx.xx 192.168.0.100 FTP [TCP Retransmission] Response: 220-Bienvenue,
9326 119.787350 213.186.xx.xx 192.168.0.100 FTP [TCP Retransmission] Response: 220-Bienvenue,
No. Time Source Destination Protocol Info
9373 120.987450 213.186.xx.xx 192.168.0.100 FTP [TCP Retransmission] Response: 220-Bienvenue,
Any idea of why this CRC problem might be happening ?
btw, here are my mtu settings (on the gateway)and they are identical on my computer.
C:\Windows\system32>netsh interface ipv4 show interfaces
Idx Met MTU State Name
--- --- ----- ----------- -------------------
1 50 4294967295 connected Loopback Pseudo-Interface 1
10 30 1500 connected Local Area Connection
13 20 1500 connected Local Area Connection 2
And here's some MTU analysis on my computer :
Pinging 192.168.0.1 with 1472 bytes of data:
Reply from 192.168.0.1: bytes=1472 time<1ms TTL=128
Pinging 192.168.0.1 with 1473 bytes of data:
Packet needs to be fragmented but DF set.
Here's what I get if I try to connect using telnet :
220-
Connection to host lost.
Press any key to continue...
Best Answer
The little-bit-of-text that does get through suggests it might be some sort of MTU problem. The best way to move forward is to install Wireshark on the gateway and capture all the traffic involved in the FTP connection. If you see a large packet being sent multiple times, it's MTU. Otherwise, paste the trace somewhere and someone can interpret it for you, if it isn't clear to you.