0

Background / Network Structure

The are two layers of routers. The router at the outer layer has public Internet IP 123.123.123.123 (fake as example) and private IP 192.168.11.1. The router at the inner layer, which is also a client of the outer router, has public IP 192.168.11.2 and private IP 192.168.1.1. A computer of Windows 7 Enterprise with FileZilla Server is a client of the inner router with IP 192.168.1.48. All IPs are static.

I have been using Windows Remote Desktop from the other side of the Internet connecting to the Win7 machine for months. So I think that my port forward rules in both routers are correct.

From the other side of the Internet, FTP connection is also fine. I have already

  1. Set the FileZilla Server FTP port to 21
  2. Set the FileZilla Server implicit FTP over TLS port to 990
  3. Set the FileZilla Server Passive mode custom port range to 50000-65000
  4. Allowed those ports in Windows Firewall Inbound Rules
  5. Forwarded those ports (TCP) to IP 192.168.1.48 at the inner router
  6. Forwarded those ports (TCP) to IP 192.168.11.2 at the outer router

Problem

As you can see below is the FileZilla FTP Server log. After the server is online, it keeps getting (dummy) connections from 192.168.11.1 around every 30 seconds. I believe this is not normal.

While the server is busy receiving these connections, normal login and file transfer from the other side of the Internet works normally. But these (dummy) connections from 192.168.11.1 never stop, even after FTP users are logged in. It stops only after the server is offline.

Creating listen socket on port 21...
Creating listen socket on port 990...
Server online
(000696)11/05/2017 11:18:45 - (not logged in) (192.168.11.1)> Connected on port 21, sending welcome message...
(000696)11/05/2017 11:18:45 - (not logged in) (192.168.11.1)> 220-FileZilla Server 0.9.60 beta
(000696)11/05/2017 11:18:45 - (not logged in) (192.168.11.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000696)11/05/2017 11:18:45 - (not logged in) (192.168.11.1)> 220 Please visit https://filezilla-project.org/
(000696)11/05/2017 11:18:45 - (not logged in) (192.168.11.1)> disconnected.
(000697)11/05/2017 11:19:10 - (not logged in) (192.168.11.1)> Connected on port 21, sending welcome message...
(000697)11/05/2017 11:19:10 - (not logged in) (192.168.11.1)> 220-FileZilla Server 0.9.60 beta
(000697)11/05/2017 11:19:10 - (not logged in) (192.168.11.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000697)11/05/2017 11:19:10 - (not logged in) (192.168.11.1)> 220 Please visit https://filezilla-project.org/
(000697)11/05/2017 11:19:10 - (not logged in) (192.168.11.1)> disconnected.
(000698)11/05/2017 11:19:34 - (not logged in) (192.168.11.1)> Connected on port 21, sending welcome message...
(000698)11/05/2017 11:19:34 - (not logged in) (192.168.11.1)> 220-FileZilla Server 0.9.60 beta
(000698)11/05/2017 11:19:34 - (not logged in) (192.168.11.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000698)11/05/2017 11:19:34 - (not logged in) (192.168.11.1)> 220 Please visit https://filezilla-project.org/
(000698)11/05/2017 11:19:34 - (not logged in) (192.168.11.1)> disconnected.
(000699)11/05/2017 11:19:58 - (not logged in) (192.168.11.1)> Connected on port 21, sending welcome message...
(000699)11/05/2017 11:19:58 - (not logged in) (192.168.11.1)> 220-FileZilla Server 0.9.60 beta
(000699)11/05/2017 11:19:58 - (not logged in) (192.168.11.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000699)11/05/2017 11:19:58 - (not logged in) (192.168.11.1)> 220 Please visit https://filezilla-project.org/
(000699)11/05/2017 11:19:58 - (not logged in) (192.168.11.1)> disconnected.
(000700)11/05/2017 11:20:23 - (not logged in) (192.168.11.1)> Connected on port 21, sending welcome message...
(000700)11/05/2017 11:20:23 - (not logged in) (192.168.11.1)> 220-FileZilla Server 0.9.60 beta
(000700)11/05/2017 11:20:23 - (not logged in) (192.168.11.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000700)11/05/2017 11:20:23 - (not logged in) (192.168.11.1)> 220 Please visit https://filezilla-project.org/
(000700)11/05/2017 11:20:23 - (not logged in) (192.168.11.1)> disconnected.
(000701)11/05/2017 11:20:52 - (not logged in) (192.168.11.1)> Connected on port 21, sending welcome message...
(000701)11/05/2017 11:20:52 - (not logged in) (192.168.11.1)> 220-FileZilla Server 0.9.60 beta
(000701)11/05/2017 11:20:52 - (not logged in) (192.168.11.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000701)11/05/2017 11:20:52 - (not logged in) (192.168.11.1)> 220 Please visit https://filezilla-project.org/
(000701)11/05/2017 11:20:52 - (not logged in) (192.168.11.1)> disconnected.
Server is going offline...
Server offline.
midnite
  • 151
  • 5
  • It has been occurring all day long. Even after I have changed the port number, the router smartly keeps connecting to the new port! However, by now, there is no such connection now anymore (still do not know why though). – midnite May 11 '17 at 08:26
  • Is the inner router configured to perform any kind of "health check" on your server, to see that that server is up and running? Many routers/devices use simple TCP connections as health checks... – Castaglia May 11 '17 at 14:31
  • @Castaglia - Thanks for reply. I do not see any options about "health check" on both routers. Btw 192.168.11.1 is the LAN side IP of the outer router. I found something: I was mistakenly enabled VPN (PPTP) Server, which I do not need. I am not sure if this is the cause, but I do not get those connections since last comment anyway. – midnite May 11 '17 at 15:49
  • In fact I got another bigger problem. A client over the Internet can access the FTP server without any problems. A client of the inner router, in same sub-net with the server, can also access the FTP server without any problems. However, a client of the outer router, using ftps://192.168.11.2, can log into the FTP server, but cannot list the directories and files. I have used the same computer and phone tested on all three network places. Only fail when being a client of the outer router. But Windows RDP works on all three network places. – midnite May 11 '17 at 16:04
  • I had changed the listening port from 21 to 6xxxx. As mentioned I was still getting those phantom connections for sometimes. And it stopped. Just now I change back to port 21. The phantom connections come back again!! - Btw here is my bigger problem - https://serverfault.com/questions/849573/ - Please kindly have a look if you have time. Thanks a lot! – midnite May 11 '17 at 18:19

0 Answers0