Cannot access Microsoft 4.0 FTP server via proxy

ericvolness

2004-10-21 22:20:01

All:

I have tried a number of sites that use the MS 4.0 FTP service and I simply cannot connect using Smart FTP.

We connect via a Netcache Proxy, PASV mode, through a firewall, but nearly all other FTP server types work fine.

Any configuration ideas? This MS FTP site is critical for business use and currently does not work at all:

System environment:

+- System -----------------------------

Microsoft Windows XP Professional
Service Pack 1 (Build 2600)

CPU Speed : 1129 MHz
Total Memory : 523736 KB
Free Memory : 127820 KB

+- SmartFTP ---------------------------

Version : 1.0.983.3
Time Stamp : 2004-10-15 05:36:54
Language ID : 0x0409
Language File : ResEng.dll

+- Application DLL --------------------

controls.dll : 1.6.983.3
ftpapi.dll : 2.0.983.3
language.dll : 1.0.983.3
reseng.dll : 1.3.983.3
smarthook.dll : 1.0.2.1

+- System DLL -------------------------

unicows.dll : 1.0.4018.0
shell32.dll : 6.00.2800.1556 (xpsp2_gdr.040517-1325)
shlwapi.dll : 6.00.2800.1552
comctl32.dll : 6.0 (xpsp2.040410-0905)
riched20.dll : 5.30.23.1211
schannel.dll : 5.1.2600.1347 (xpsp2.040109-1800)

+- Internet Explorer ------------------

Version : 6.0.2800.1106

+- Winsock ----------------------------

Winsock : 2.2

ianhoyle

2004-10-21 22:52:44

Hi,

I work at the same company as Eric (corporate license ID: 200000003).

The behaviour can be observed just by going to ftp.microsoft.com

##
SmartFTP v1.0.983.3
Resolving host name proxysyd.apac.ent.bhpbilliton.net...
Resolving host name ftp.microsoft.com...
Connecting to Proxy (proxysyd.apac.ent.bhpbilliton.net) -> IP: x.x.x.x PORT: 21
Connected to Proxy (proxysyd.apac.ent.bhpbilliton.net) -> Time = 0ms
Socket connected waiting for login sequence.
220 equsyd-pxy01.apac.ent.bhpbilliton.net (NetCache) Thu, 21 Oct 2004 22:42:06 GMT
USER anonymous@ftp.microsoft.com
331-Microsoft FTP Service
331 Anonymous access allowed, send identity (e-mail name) as password.
PASS (hidden)
230-This is FTP.Microsoft.Com
230 Anonymous user logged in.
SYST
215 Windows_NT
FEAT
211-FEAT
SIZE
MDTM
211 END
REST 100
350 Restart accepted, proceed with tranfer command.
REST 0
350 Restart accepted, proceed with tranfer command.
PWD
257 "/" is current directory.
TYPE A
200 Type set to A.
PASV
227 Entering Passive Mode (x,x,x,x,128,239)
Opening data connection IP: x,x,x,x,128,239 PORT: 33007.
LIST
Connection closed. Server timeout.
##

So, no data is received after the LIST command and the server closes the connection.

In the config file for the line-mode ftp client lftp, there are some comments related to "broken servers and the need to set synchronous mode":

## synchronous mode for broken servers and/or routers
set sync-mode/ftp.idsoftware.com on
set sync-mode/ftp.microsoft.com on
set sync-mode/sunsolve.sun.com on
## extended regex to match first server message for automatic sync-mode.
set auto-sync-mode "icrosoft FTP Service|MadGoat"

Is that a hint as to the possible problem - that the MIcrosoft FTP server doesn't behave like others?

Ian

ianhoyle

2004-10-21 23:02:51

These guys

http://www.weonlydo.com/index.asp?showf ... X&rnotes=1

needed to do some kind of fix for:

"1.0.0.4 November 8, 2002
* Fix for blocking mode problems in Connect method
* Fix for hangup in ListDir with MS FTP servers"

Hmmm, a generic problem?

2004-10-21 23:17:50

Hello ...

We need access (=ability to connect through the netcache) to the proxy server to investigate this problem.

Regards,
-Mat

ianhoyle

2004-10-21 23:40:19

mb wrote:Hello ...

We need access (=ability to connect through the netcache) to the proxy server to investigate this problem.

Regards,
-Mat

That's not possible I'm afraid

This seems to be a systemic problem with MS FTP server though (the lftp comments above). Exacerbated through using PASV mode???

Ian

ianhoyle

2004-10-22 02:39:49

OK, I *think* I have the answer.

In this Microsoft support doc:

http://support.microsoft.com/?kbid=323446

it states that "Microsoft Internet Information Server (IIS) 4.0 and IIS 5.0 use the default ephemeral port range of 1024 through 5000,"

The problem is, in the example shown at the top of this thread, the PASV data request has been intiated on port 33007. This probably blows up on the ftp.microsoft.com server as documented in:

http://support.microsoft.com/kb/196271/EN-US/

This requires a registry change on the FTP server so that it can use a port higher than the default limit of 5000.

So, is the ephemeral port which is to be used for the data transfer set at the server end, which would mean a server change, or is it set by the client, in which case SmartFTP should be able to be configured to use a port under 5000 for this kind of situation?????

Phew, I think that is right

ian

ianhoyle

2004-10-22 04:15:25

The server sets the port.

http://www.phoneboy.com/bin/view.pl/FAQ ... veFTPWorks

So, in the above example, 128 * 256 + 239 = 33007 !!!

2004-10-22 11:23:24

Hmm if theres some way we can reproduce the problem we can also fix it, otherwise I don't see much of chance. If we experience the same problem with a different proxy software that would help a lot too. But with all ftp proxies I have tested it, there was no problem connecting to the MS FTP server.

ianhoyle

2004-10-25 01:07:36

Just using SmartFTP direct to the internet with no proxy, I can't connect to ftp.microsoft.com if I have PASV mode set.

Do you see that same behaviour at your end?? Makes me think that the problem is at the MS end?

Ian

2004-10-25 05:32:31

Yep I can confirm that.
PASV mode doesn't work with ftp.microsoft.com at all. I've tested it with other FTP clients as well.

Regards,
-Mat