The first part of the trace looks normal enough, (frames 1 thru 20). My client port is 47473 and it is going to the FTP port on host AAA.BBB.146.1. I get connected and login. I then issue the "dir" command (see figure 2) which triggers frames 22, 24, and 25. The port command looks normal. The listening port is identified as 47474 (185 * 256 + 114) in the port command in frame 22.
It is this next part which is strange (frames 26 thru 32). The FTP data connection is directed to the correct port, 47474; but is not coming from AAA.BBB.146.1. Instead it is coming from CC.DD.24.166. My firewall is objecting to this sudden change in IP addresses. Both IP addresses are registered to the same hosting service.
Finally in frame 33 the timeout error messages comes back from the original AAA.BBB.146.1 address.
I suspect that it has something to do with multiple IP addresses on the host. The FTP daemon is not binding its socket to the same IP address that accepted the client's connection before sending its connection back to the client. The host therefore uses what amounts to the default IP address to create the connection back to the client. That however is a guess. The support person told me that it has to do with using "grid hosting" and that the host has multiple IP addresses, so I think my guess is a good bet. I did try looking at the Pure-FTPd web site but could find nothing about this.
No. Time Source Destination Protocol Info 1 0.000000 EE.FFF.136.184 AAA.BBB.146.1 47473 > ftp [SYN] . . . 2 0.035669 AAA.BBB.146.1 EE.FFF.136.184 ftp > 47473 [SYN, ACK] . . . 4 0.076676 AAA.BBB.146.1 EE.FFF.136.184 Response: 220 . . . 6 3.633510 EE.FFF.136.184 AAA.BBB.146.1 Request: USER . . . 16 46.306715 AAA.BBB.146.1 EE.FFF.136.184 Response: 331 . . . Password required 18 50.219261 EE.FFF.136.184 AAA.BBB.146.1 Request: PASS . . . 20 50.324619 AAA.BBB.146.1 EE.FFF.136.184 Response: 230-User . . . 22 80.653287 EE.FFF.136.184 AAA.BBB.146.1 Request: PORT 68,105,136,184,185,114 24 80.686086 AAA.BBB.146.1 EE.FFF.136.184 Response: 200 PORT command successful 25 80.690159 EE.FFF.136.184 AAA.BBB.146.1 Request: LIST 26 80.727791 CC.DD.24.166 EE.FFF.136.184 ftp-data > 47474 [SYN] . . . 28 83.726623 CC.DD.24.166 EE.FFF.136.184 ftp-data > 47474 [SYN] . . . 29 89.726896 CC.DD.24.166 EE.FFF.136.184 ftp-data > 47474 [SYN] . . . 30 101.728315 CC.DD.24.166 EE.FFF.136.184 ftp-data > 47474 [SYN] . . . 31 125.729301 CC.DD.24.166 EE.FFF.136.184 ftp-data > 47474 [SYN] . . . 32 173.731012 CC.DD.24.166 EE.FFF.136.184 ftp-data > 47474 [SYN] . . . 33 269.735197 AAA.BBB.146.1 EE.FFF.136.184 Response: 425 Could not open data connection to port 47474: Connection timed out |
L:\>ftp XXXXX Connected to XXXXX. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 20 of 500 allowed. 220-Local time is now 14:36. Server port: 21. 220-This is a private system - No anonymous login 220 You will be disconnected after 3 minutes of inactivity. User (XXXXX:(none)): ABCDE 331 User ABCDE OK. Password required Password: 230-User ABCDE has group access to: inetuser 230 OK. Current restricted directory is / ftp> dir 200 PORT command successful 425 Could not open data connection to port 47474: Connection timed out ftp> |