GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: static route for port 21 [7:45682] posted 06/03/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Although I can't answer your question, I can tell you how FTP works and 
maybe that will help. I can believe that it has problems in your situation!
;-)

FTP does not use both TCP and UDP. It does, however, open multiple TCP 
connections.

Assuming you are using Active (non-passive, aka PORT mode), here's what 
happens:

1. The client sends a TCP SYN to the well-known FTP control port (port 21) 
on the server. The client uses an ephemeral (short-lived, not well-known, 
greater than 1024) port as its source port.
2. The server sends the client a SYN ACK from port 21 to the ephemeral port 
on the client.
3. The client sends an ACK. The client uses this connection to send FTP 
commands and the server uses this connection to send FTP replies.
4. When the user requests a directory listing or initiates the sending or 
receiving of a file, the client software sends a PORT command that includes 
an ephemeral port number that the client wishes the server to use when 
opening the data connection. The PORT command also includes an IP address, 
which is usually the client's own IP address, although FTP also supports a 
third-party mode where a client can tell a server to send a file to a 
different host. (Third-party mode is rarely used.)
5. The server sends a SYN from port 20 to the client's ephemeral port 
number, which was provided to the server in the client's PORT command.
6. The client sends a SYN ACK from its ephemeral port to port 20.
7. The server sends an ACK.
8. The host that is sending data uses this new connection to send the data 
in TCP segments, which the other host ACKs. (With some commands, such as 
STOR, the client sends data. With other commands, such as RETR, the server 
sends data.)
9. After the data transfer is complete, the host sending data closes the 
data connection with a FIN, which the other host ACKs. The other host also 
sends its own FIN, which the sending host ACKs.
10. The client can send more commands on the control connection, which may 
cause additional data connections to be opened and then closed. At some 
point, when the user is finished, the client closes the control connection 
with a FIN. The server ACKs the client's FIN. The server also sends its own 
FIN, which the client ACKs.

Notice that an additional command (DIR, in your example) opens another data 
connection. (In Active mode, these data connections come from the server's 
port 20.)

Now, if you're using Passive mode, the client opens the data connection, 
from an ephemeral port to an ephemeral port on the server. Here are the
steps:

1. The client sends a TCP SYN to the well-known FTP control port (port 21) 
on the server. The client uses an ephemeral port as the source port.
2. The server sends the client a SYN ACK from port 21 to the ephemeral port 
on the client.
3. The client sends an ACK. The client uses this connection to send FTP 
commands and the server uses the connection to send FTP replies.
4. When the user requests a directory listing or initiates the sending or 
receiving of a file, the client software sends a PASV command to the server 
indicating the desire to enter passive mode.
5. The server replies. The reply includes the IP address of the server and 
an ephemeral port number that the client should use when opening the 
connection for data transfer.
6. The client sends a SYN from a client-selected ephemeral port to the 
server's ephemeral port number, which was provided to the client in the 
reply to the client's PASV command.
7. The server sends a SYN ACK from its ephemeral port to the client's 
ephemeral port.
8. The client sends an ACK.
9. The host that is sending data uses this new connection to send the data 
in TCP segments, which the other host ACKs. (With some commands, such as 
STOR, the client sends data. With other commands, such as RETR, the server 
sends data.)
10. After the data transfer is complete, the host sending data closes the 
data connection with a FIN, which the other host ACKs. The other host also 
sends its own FIN, which the sending host ACKs.
11. The client can send more commands on the control session, which may 
cause additional data connections to be opened and then closed. At some 
point, when the user is finished, the client closes the control connection 
with a FIN. The server ACKs the client's FIN. The server also sends its own 
FIN, which the client ACKs.


The gist of your problem is these multiple connections that happen. I 
assume that HTTP works fine. That's probably because it opens only one 
connection.

So, is there some more advanced configuration you can do to make FTP work? 
That's the question.....

As far as your idea of fixing the problem with a static route, I'm afraid 
that won't work because static routes don't let you specify a port number. 
Would policy routing work? It's going to be tricky, though, because of 
those ephemeral ports.

Maybe you could just pull one of the connections when you do FTP! ;-)

HTH

Priscilla


At 01:06 PM 6/3/02, question cisco wrote:
>i have a question regarding static routing and ports.  i have a 2621 router
>with two dsl lines going to two different dsl providers, and one line going
>into my network.  using the "extendable" feature of nating, i'm able to use
>both dsl line together to load balance traffic.  the problem i run into,
>however, is when i try to ftp.  since the router is forwarding packets in a
>"per packet" fashion, ie one goes out dsl 1, the other dsl2, etc, etc...when
>i connect to an ftp server outside my network i often run into problems.  i
>can connect to the ftp site, but usually the second command (such as dir)
>responds saying that there is no ftp connection.  from what i gather, the
>problem lies in the fact that ftp sends out both tcp and udp packets, and
>since my router is forwarding on a per packet basis, they're going out
>different dsl lines and causing the problem.
>
>how can i solve this?  i was wondering if there is a way that i can set a
>static route, something like...ip static 0.0.0.0 :21 blah blah, where all of
>my port 21 (ftp) traffic goes out one dsl line.
>
>thanks.
________________________

Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45685&t=45682
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx