This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

No [SYN, ACK] back from my IP address

0

I am using FileZilla on my PC. I never had a problem having people connecting to it. I had to move to another PC because of hardware problems. Now on the new machine I nor anyone can connect to FileZilla using my IP address. My ISP is Comcast and their second level people could not see any problems on their side of the SMC router/modem. I have looked at the wireshark trace and All I see is router sending one or two ftp [syn]'s. and I see no ftp [syn, ack].

I have tested with my windows 7 firewall down, Avira down and malwarebytes disabled. Any one have any ideas. Personally I think that comcast is doing something. I think that they want me to pay for a static IP address from then. They know I am using No-IP for my static IP address.

asked 04 Oct '12, 22:53

IchBin's gravatar image

IchBin
1112
accept rate: 0%


One Answer:

1

Well, it depends on some things:

  1. Where do you see the SYN packets? At the client side or at the server (FileZilla) side?

  2. Did it work with that IP address from Comcast before? Maybe they switched from individual IPs per customer to a NATed address. In that case, you cannot connect to your server anymore.

  3. Did you import that same FileZilla settings on the new server?

  4. Does FileZilla works if you connect from the local network?

  5. Silly, but anyway: Did you set the correct default route on your new server?

Regards
Kurt

answered 08 Oct '12, 11:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks for your reply.

Question 1:

External Address: 69.253.224.6

IPV4 Address: 10.1.10.147(Preferred)

Default Gateway & DHP Server: 10.1.10.1

10.1.10.147 208.67.222.222 DNS query with conical name

208.67.222.222 10.1.10.147 DNS Returns the IP 69.253.224.6

10.1.10.147 69.253.224.6 TCP ftp [SYN] Seg=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

10.1.10.147 69.253.224.6 TCP ftp [SYN] Seg=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1

10.1.10.147 69.253.224.6 TCP ftp [SYN] Seg=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1

Question 2:

Yes.. on a different PC. On the New PC. Initially I noticed that the ports where locked. Comcast second level fixed that problem. Before I called support I was able to ping my address 69.253.224.6 but after the first call I could not even ping it but the ports where open. They mentioned they would try to bridge the router and modem. Not sure I know enough info to reply to this question.

Question 3:

I did not import the settings. I changed by hand.

Question 4:

Yes no problem. In fact I test accounts first using local host

Question 5:

If you mean 'Port forwarding' I did on the router. Not sure what you mean by correct default route on your new server?

(08 Oct '12, 15:35) IchBin

regarding question 1:

I'm not quite sure if I understand the problem. Do you see an incoming SYN packet on your FileZilla Server, if you connect to 69.253.224.6?

If NO, then either your Port-Forwarding does not work, or the IP 69.253.224.6 is now natted and connections from the Internet are not forwarded to your router.

If yes, and you're not seeing a SYN/ACK, something your local PC blocks the requests (Firewall, Endpoint Protection, AV, etc.).

BTW: What is the dump you posted? Is 10.1.10.147 your FileZilla Server? If so, why do you try to connect to your own external address from that server?

Can you please add some more information, like:

internal IP of FileZilla Server, external IP address, Port Forwarding settings, etc.

Regards
Kurt

(09 Oct '12, 01:07) Kurt Knochner ♦

I did have the address you asked for but seems they are hard to see the way they were attached in last response to this thread. Sorry I typically do not get to this level of debugging.

  • External Address (WAN DHCP IP Address): 69.253.224.6
  • IPV4 Address: 10.1.10.147(Preferred)
  • Default Gateway & DHP Server: 10.1.10.1

My Port Forwarding rules ( they match FileZilla )

  • FileZilla - Port 20-21 (Public & Private) TCP IP Address 10.1.10.147
  • Passive - Ports 3850-3859 (Public & Private) TCP IP Address 10.1.10.147
  • FTPS - Ports 989-990 (Public & Private) TCP IP Address 10.1.10.147

Attaching the Wire shark capture when trying to connect to 69.253.224.6 my external IP address.

I am not seeing a Source 69.253.224.6 to 10.1.10.147 with a FTP [SYN, ACK]

Definitely not going to see the third [ACK] from 10.1.10.147 if I do not see the second handshake.

alt text

(09 Oct '12, 20:52) IchBin

O.K. from your description, I conclude, that 10.1.10.147 is your internal FileZilla server. So, in the screenshot (frame 6/7) we see a connection initiation (SYN) from 10.1.10.147 -> 69.253.224.6.

Sorry, but again: Why do you try to connect from the FileZilla server to it's own "mapped/NATed" address? That connection will be mapped back to the FileZilla server and that's probably not going to work, depending on the NAT configuration (source translation) of your router.

Reason:

10.1.10.147:* -> 69.253.224.6:21

will be translated (port forwarded) to this (at your router):

10.1.10.147:* -> 10.1.10.147:21

if no source translation takes place (at the router).

That will finally lead to problems at the FileZilla server (think about the 3-way handshake!). As that translated SYN request is not in your capture file, your either did not capture it (capture filter), or the router did not translate it.

Did you try to connect from the internet? Do you see incoming requests if someone connects to 69.253.224.6?

(09 Oct '12, 23:59) Kurt Knochner ♦