VirtualBox

Ticket #4427 (reopened defect)

Opened 8 months ago

Last modified 2 months ago

active FTP doesn't work with NAT

Reported by: bqbauer Assigned to:
Priority: minor Component: network/NAT
Version: VirtualBox 3.0.0 Keywords:
Cc: Guest type: Windows
Host type: Solaris

Description

This is with a 64-bit OpenSolaris? host (2009.06). It happens with all tested guests (XP, Ubuntu, OpenSolaris?, Solaris 10), both with NAT and bridged networking. The problem did not exist prior to 3.0.0, and has been confirmed both with pre-existing guests and newly created guests.

When you open an FTP session from the guest to the OpenSolaris? host, the host returns an error like this one from a NAT guest:

Jun 21 19:50:21 fnog ftpd[1902]: [ID 227848 daemon.warning] refused PORT 10.0.2.15,60783 from fnog [192.168.99.22]

192.168.99.22 is the host IP.

If you do the same with VB 2.2.4 on the same host, ftpd logs no errors and successfully connects the guest. This has been tested on two different hosts. Both tested installations of the host OS use an unmodified default ftp configuration.

With FTP servers on the Internet, VB guests connect, but are unable to list files or directories on the FTP server using either the 'ls' or 'dir' commands. The same FTP servers interact normally with computers that are not VB guests. One tested example would be ftp.sunfreeware.com.

Shared folders and SSH/SCP/SFTP exhibit no observed problems from guest to host, but are slower for large transfers and for network testing.

I will be attaching a log file soon.

Change History

2009-07-08 11:01:16 changed by frank

Actually this sounds like a duplicate of #4343.

2009-07-15 02:48:17 changed by bqbauer

Not fixed in 3.0.2, and I don't know if that means it's a different problem or not. I never attached the file because of the above comment, so is that needed since 4343 is reopened, do we wait and see?

2009-07-15 11:09:25 changed by Hachiman

  • owner changed.
  • component changed from network to network/NAT.

2009-07-15 13:04:45 changed by Hachiman

Doest it change anything if you switch ftp client to passive mode?

2009-07-16 05:59:14 changed by Hachiman

Have send test build for verification.

(follow-up: ↓ 7 ) 2009-07-16 07:31:26 changed by bqbauer

Passive does not work with 3.0.2, and XP clients do not have a passive option at the command line. Regarding bridged networking, it appears I was in error with the initial report, or that 3.0.2 fixed this problem for bridged network interfaces.

Passive mode works with 3.0.3 on a UNIX client to the host. HOWEVER, NAT networking beyond the host is virtually useless as described in bug #4343. This includes XP and OpenSolaris? guests.

To reiterate, none of this was a problem with 2.2.4, and passive mode was never required prior to 3.0, and not all clients can enter passive mode.

(in reply to: ↑ 6 ) 2009-07-16 08:22:44 changed by Hachiman

Replying to bqbauer:

Passive does not work with 3.0.2, and XP clients do not have a passive option at the command line. Regarding bridged networking, it appears I was in error with the initial report, or that 3.0.2 fixed this problem for bridged network interfaces.

Windows clients are switched with passive command

Passive mode works with 3.0.3 on a UNIX client to the host. HOWEVER, NAT networking beyond the host is virtually useless as described in bug #4343. This includes XP and OpenSolaris? guests. To reiterate, none of this was a problem with 2.2.4, and passive mode was never required prior to 3.0, and not all clients can enter passive mode.

The real NAT and firewalls require access via passive. Old ability to access via active connection was able because emulation of FW punching.

2009-07-16 08:35:55 changed by Hachiman

I'd recommend you to open new bug about active ftp connection with closing this bug.

(follow-up: ↓ 10 ) 2009-07-16 08:44:28 changed by bqbauer

Clarification: XP does not support passive from its command line.

What do you mean "Windows clients are switched with passive command"? I don't understand.

This bug is about the FTP problem, so why open a new bug about the same problem?

(in reply to: ↑ 9 ) 2009-07-16 10:00:31 changed by Hachiman

Replying to bqbauer:

Clarification: XP does not support passive from its command line. What do you mean "Windows clients are switched with passive command"? I don't understand.

Some years ago for Windows ftp.exe clients used following formula 

# ftp ftp.netbsd.org
> user anonymous
> password: asd@asd.com
> quote pasv

but it seems doesn't work for modern ftp.exe. workaround could be ncftp

This bug is about the FTP problem, so why open a new bug about the same problem?

It isn't the same problem the problem was for accessing host in passive mode (which is recommended on forums). and this problem is fixed. active accessing is different. your guest open listening socket and server connects to it.

(follow-up: ↓ 14 ) 2009-07-16 22:05:56 changed by nixtrian

this is vsftpd log, when succesfully connected from vbox 2.2.4 

Wed Jul 15 00:33:14 2009 [pid 2808] [ftp] FTP response: Client "192.168.1.3", "230 Login successful."
Wed Jul 15 00:33:14 2009 [pid 2808] [ftp] FTP command: Client "192.168.1.3", "SYST"
Wed Jul 15 00:33:14 2009 [pid 2808] [ftp] FTP response: Client "192.168.1.3", "215 UNIX Type: L8"
Wed Jul 15 00:33:20 2009 [pid 2808] [ftp] FTP command: Client "192.168.1.3", "PORT 192,168,1,3,159,233"
Wed Jul 15 00:33:20 2009 [pid 2808] [ftp] FTP response: Client "192.168.1.3", "200 PORT command successful. Consider using PASV."

this is vsftpd log when PORT command fails: 

Tue Jul 14 22:04:09 2009 [pid 7747] FTP command: Client "192.168.1.3", "USER anonymous"
Tue Jul 14 22:04:09 2009 [pid 7746] [ftp] OK LOGIN: Client "192.168.1.3", anon password "<no_password>"
Tue Jul 14 22:04:09 2009 [pid 7752] [ftp] FTP response: Client "192.168.1.3", "230 Login successful."
Tue Jul 14 22:04:14 2009 [pid 7752] [ftp] FTP command: Client "192.168.1.3", "PORT 10,0,2,15,19,137"
Tue Jul 14 22:04:14 2009 [pid 7752] [ftp] FTP response: Client "192.168.1.3", "500 Illegal PORT command."

clearly, the extarnal vbox-NAT IP is wrong

(follow-up: ↓ 13 ) 2009-07-16 22:08:28 changed by nixtrian

this is not only on solaris host. my host type is archlinux

(in reply to: ↑ 12 ) 2009-07-17 04:58:08 changed by Hachiman

Replying to nixtrian:

this is not only on solaris host. my host type is archlinux

The passive ftp fixed will be available in 3.0.4

(in reply to: ↑ 11 ) 2009-07-17 05:00:51 changed by Hachiman

Replying to nixtrian:

this is vsftpd log, when succesfully connected from vbox 2.2.4 {{{ Wed Jul 15 00:33:14 2009 [pid 2808] [ftp] FTP response: Client "192.168.1.3", "230 Login successful." Wed Jul 15 00:33:14 2009 [pid 2808] [ftp] FTP command: Client "192.168.1.3", "SYST" Wed Jul 15 00:33:14 2009 [pid 2808] [ftp] FTP response: Client "192.168.1.3", "215 UNIX Type: L8" Wed Jul 15 00:33:20 2009 [pid 2808] [ftp] FTP command: Client "192.168.1.3", "PORT 192,168,1,3,159,233" Wed Jul 15 00:33:20 2009 [pid 2808] [ftp] FTP response: Client "192.168.1.3", "200 PORT command successful. Consider using PASV." }}} this is vsftpd log when PORT command fails: {{{ Tue Jul 14 22:04:09 2009 [pid 7747] FTP command: Client "192.168.1.3", "USER anonymous" Tue Jul 14 22:04:09 2009 [pid 7746] [ftp] OK LOGIN: Client "192.168.1.3", anon password "<no_password>" Tue Jul 14 22:04:09 2009 [pid 7752] [ftp] FTP response: Client "192.168.1.3", "230 Login successful." Tue Jul 14 22:04:14 2009 [pid 7752] [ftp] FTP command: Client "192.168.1.3", "PORT 10,0,2,15,19,137" Tue Jul 14 22:04:14 2009 [pid 7752] [ftp] FTP response: Client "192.168.1.3", "500 Illegal PORT command." }}} clearly, the extarnal vbox-NAT IP is wrong

PORT is active ftp (not supposed to work over NAT) mode and I'm currently working on it.

2009-08-04 04:57:12 changed by Hachiman

  • summary changed from FTP from guest to host returns error on host to active FTP doesn't work with NAT.

2009-08-05 09:44:46 changed by sandervl73

  • status changed from new to closed.
  • resolution set to fixed.

2009-08-12 05:30:25 changed by Hachiman

  • status changed from closed to reopened.
  • resolution deleted.

2009-11-12 19:52:14 changed by jrmayfield

I see the same problem running VirtualBox 3.0.10_54097_fedora 11. My wireshark logs are very similar to the vsftpd logs that nixtrian posted on 2009-07-16.

2010-01-07 16:45:19 changed by daumas77

I see the exact same problem:

Test:

Run netshark on the host machine to capture the 10.x incoming-outgoing packets seen on the host side Connect from an ftp client within the client o/s (WinXP) to ANY external ftp server in active mode.

Result:

Outgoing connection works fine (N > 1023, client port N -> connects to ftp server port 21) Client sends to ftp server the reverse data connection port as N+1 Server attempts to connect back to client port N+1, which fails, causing a 'hang' in the client

One can analyze the netshark packets and see the attempt from the FTP server connect back to port N+1 on the client

Version: VirtualBox-3.1-3.1.2_56127_openSUSE111-1.x86_64 Host: openSUSE 11.2 Client: Windows XP SP3

(note: I ported this VM over to VMware Server 2.0.2 and found VMware's active FTP capability to work just fine there.)

The VB NAT implementation should detect and allow the reverse active FTP data connection. This doesn't appear to be implemented.


ContactPrivacy policy