PASV Mode returns wrong IP in nested NAT?

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
keeeeymann
500 Command not understood
Posts: 1
Joined: 2017-10-18 15:55

PASV Mode returns wrong IP in nested NAT?

#1 Post by keeeeymann » 2017-10-18 16:42

Server: FileZilla Server 0.9.60
Client: FileZilla Client 3.28.0

I'm having problems setting up a FTP server (192.168.1.200) behind a NAT (naming A, 192.168.1.0/24) exposing to a larger network (B, 172.18.xxx.0/>24). I forward port 21, 990 and PASV 60000-60050 on IP 172.18.232.134, and the options in "Passive Mode Settings" are all set. I ticked the box "Don't use external IP in local connection" because there are connections from network A.
With all these settings I cannot get file lists from network B (login is fine):
425 Can't open data connection for transfer of "[path]"
And I notice the server is returning its local (A) Address in PASV response:
keyman (172.18.123.86)> 227 Entering Passive Mode (192,168,1,200,234,129)
FileZilla Client somehow don't correct the unrouteble address and it end up failing.

If I turn off "Don't use external IP in local connection", this problem is solved; but connections from network A (same network as server) will trigger the IP consistency security (control session from A, data session from B following PASV response) and I have to turn off security too.

What frustrate me the most is that why the server is returning net A address while I'm in net B? Or have I done something wrong with the networking? Thanks!

Here is a full log of an attempt of listing "/keyman" folder from network B:
(000092)2017/10/18 22:44:39 - (not logged in) (172.18.123.86)> Connected on port 21, sending welcome message...
(000092)2017/10/18 22:44:39 - (not logged in) (172.18.123.86)> USER keyman
(000092)2017/10/18 22:44:39 - (not logged in) (172.18.123.86)> 331 Password required for keyman
(000092)2017/10/18 22:44:39 - (not logged in) (172.18.123.86)> PASS **********
(000092)2017/10/18 22:44:39 - keyman (172.18.123.86)> 230 Logged on
(000092)2017/10/18 22:44:45 - keyman (172.18.123.86)> CWD /keyman
(000092)2017/10/18 22:44:45 - keyman (172.18.123.86)> 250 CWD successful. "/keyman" is current directory.
(000092)2017/10/18 22:44:45 - keyman (172.18.123.86)> PWD
(000092)2017/10/18 22:44:45 - keyman (172.18.123.86)> 257 "/keyman" is current directory.
(000092)2017/10/18 22:44:45 - keyman (172.18.123.86)> TYPE I
(000092)2017/10/18 22:44:45 - keyman (172.18.123.86)> 200 Type set to I
(000092)2017/10/18 22:44:45 - keyman (172.18.123.86)> PASV
(000092)2017/10/18 22:44:45 - keyman (172.18.123.86)> 227 Entering Passive Mode (192,168,1,200,234,129)
(000092)2017/10/18 22:44:45 - keyman (172.18.123.86)> MLSD
(000092)2017/10/18 22:44:55 - keyman (172.18.123.86)> 425 Can't open data connection for transfer of "/keyman"
(000092)2017/10/18 22:46:55 - keyman (172.18.123.86)> 421 Connection timed out.
(000092)2017/10/18 22:46:55 - keyman (172.18.123.86)> disconnected.
Top
User avatar
botg
Site Admin
Posts: 35555
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: PASV Mode returns wrong IP in nested NAT?

#2 Post by botg » 2017-10-18 18:02

Don't nest NAT, that's not a supported use-case.

There's never a reason to nest NAT. If you have so many computers that 10.0.0.0/8 isn't sufficient (do you work for Google, Microsoft or Apple by chance?) for your particular use-case switch to IPv6, it's supported by FileZilla Server.
Top
Post Reply

Return to “FileZilla Server Support”