I am unable to connect to some FTP sites via Firefox, IE, or CMD when I am using the Astaro FTP Proxy and "Transparent" mode is selected. As soon as I change it to non-transparent mode, everything works fine.

Why exactly is this? Is there a security risk when not using it in Transparent mode? If I leave it in non-trans mode, does the virus scan and everything still work?

I have ASG320-7.306 (i know it needs updating)

In command line FTP, the client shows: "421 FTP server is sending you rubbish! Closing connection.
Connection closed by remote host."


The FTP log on the Astaro shows:
2009:06:30-09:35:41 (none) frox[4733]: Reloading configuration
2009:06:30-09:35:41 (none) frox[22048]: Connect from INTERNAL CLIENT IP
2009:06:30-09:35:41 (none) frox[22048]: ... to EXTERNAL SERVER IP()
2009:06:30-09:35:50 (none) frox[22048]: Server is sending us a badly formed control stream.
2009:06:30-09:35:50 (none) frox[22048]: Closing session

Also, when setting FTP Proxy to non-Transparent mode, nothing is logged when successful.

thanks, I appreciate the help and effort!

In transparent mode, the FTP proxy captures ftp traffic and A-V scans the traffic. If you change the mode to non-transparent, the proxy "listens" on port 2121 instead, so, if you didn't make that change to your client's configuration, the non-transparent proxy doesn't handle your FTP traffic.

Probably, in non-transparent mode, the traffic is passing because you have a packet filter rule like 'Internal (Network) -> Any -> Any : Allow'.

Try putting the proxy back into transparent mode and looking at the packet filter log. If there's no indication there, look at the IPS log. If you see nothing in either one, try creating an A-V exception for one of the sites with which you are having a problem.

When you discover the fix, please post it.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

BAlfson,

thank you for replying and doing it so quickly

Yes I see a dedicated PF rule to allow ftp = internal network >> ftp >> any

In reference to the information below, I turned OFF the above packet filter rule for FTP


-Whiel in Trans mode, FTP to the desired site still fails with "421 FTP server is sending you rubbish!"
-When looking at the live packet filter log while IN Transparent mode: I see no record of the connection attempt or a denial
-FTP connection fails to connect while in non-transparent mode (because i disabled the FTP packet filter rule above)
-I see no records in IPS live log when FTP connection fails
-I have turned off FTP Proxy Anti-Virus system wide temporarily, still doesn't connect while in Transparent Mode
-I also created an Exception for the destination FTP site and Client exempting it from all traffic checking -- still get the same problem while in Transparent Mode

checked FTP Proxy log, still getting:
Reloading configuration
Connect from INTERNAL CLIENT IP
... to EXTERNAL SERVER IP()
Server is sending us a badly formed control stream.
Closing session

Try also allowing FTP control port (I believe TCP port 20 from memory).

__________________
Simon Shaw
Systems Manager
Micromine PL

Intel 2.66GHz Quad Core, 4GB (2 x 2GB) PC-6400 800Mhz 4-4-4-12, WD 300GB 10K RPM VelociRaptor, Intel Pro/1000 Quad Port PCI-X
http://www.sputcorp.com/

Simon,

thanks for the assistance. I have tried that. No dice :-(

And you saw nothing in either the PF or IPS log?

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

No definitely didn't see anything in the IPS log.

There is nothing in the Packet filter log either because when Astaro's FTP proxy service is on, the Packet Filter rules are not consulted for FTP outbound. Only when I disable the Astaro FTP proxy do I then see records in the packet filter's live log.

But all that aside, I have determined that it IS a problem with this one particular FTP site. When the FTP proxy is on, the Astaro froxy returns "421 FTP server is sending you rubbish!". When the Astaro froxy is off AND there is an FTP allow packet filter rule, connection to this particular FTP site functions fine through the Astaro.

I setup a test FTP site and I am able to connect when the Astaro froxy is enabled, so it is definitely something special about this one particular remote FTP server. I just have no idea what that special quality is and I am not disabling the Astaro froxy because of one site. The Astaro FTP proxy just seems to not be able to function properly with this remote FTP server.

lol, any ideas?

That was why I was curious about the PF log - some other port that this particular server is trying to use to do something unanticipated in a standard FTP conversation. The FTP Proxy is not going to see such a thing.

Cheers - Bob
PS A thought... Have you enabled the FTP 'Connection tracking helper' on the 'Advanced' tab of 'Network Security >> Packet Filter'?

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

BAlfson,

Thanks for continuing to try and help. Yes, FTP connection tracking is enabled for NAT passthrough.


....still stumped. Unfortunately I don't know anything about froxy and what this other server is doing that it doesn't like. It works fine when connecting to it via normal FTP and not going through froxy.

Oops, I meant "that was why I was curious about the IPS log."

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!