Win7 "XP Mode" - command line FTP client can't list directory contents!

[Ichinisan]

Cliffs:
Virtual XP Mode is supposed to be the ultimate compatibility solution in Win7 Ultimate. The command line FTP client is crippled by some glitch that would probably affect other software too.

I want my XP Mode virtual machine to be as clean as possible. Out of habit, I always get the latest version of Firefox without ever launching Internet Explorer.

Normally, I'd do this:

1. [Win]+[R] keyboard shortcut to access the Run menu
2. Type cmd [Enter]
3. Type ftp ftp.mozilla.org [Enter] (or "releases.mozilla.org")
4. Type Anonymous [Enter] [Enter]
5. Type cd /pub/mozilla.org/firefox/releases/latest/win32/en-US/ [Enter]
6. Type ls [Enter] (or "dir") to list directory contents and see the exact file name.
7. Type get "Firefox Setup 3.x.x.exe" [Enter]
8. While it downloads, I type bye [Enter] exit [Enter] start . [Enter]

...as soon as the download completes, the FTP client quits, the command window closes, and the user folder pops-up with my downloaded file.

The problem is in step 6, when I type "ls" or "dir" to list directory contents. Most systems will pop-up the Windows Firewall at that point and give me the option to Block/Allow the command line FTP client. I actually don't understand why the Windows Firewall bothers to ask. Internet Explorer and Windows Explorer don't generate the prompt when they are used as FTP clients...so why is the Windows Firewall so particular about the command line FTP client? Even so, it's operating as a CLIENT, not a SERVER...what's so damn suspicious about that?

...but I digress. There's something REALLY wrong with Virtual XP Mode. Typing "ls" or "dir" immediately disconnects me from the FTP server. There is no "Block/Allow?" prompt. I had originally disabled the Windows Firewall in the virtual XP machine AND on the host Win7 Ultimate 64-bit OS. I tried turning the firewall back on and it still disconnects immediately when I try to list the contents of a directory.

These work just fine and even shows the contents as I browse through FTP folders:
Start > Run >
"explorer ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/latest/win32/en-US/"
"iexplore ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/latest/win32/en-US/"

Any idea what's causing this?

 

[seepy83]

I've never used it, but I'd start by trying "ftp -d" to enable debugging...not that I really trust microsoft to give you useful debugging info, but it's worth a shot.

 

[imagoon]

Windows XP's firewall is application aware and explorer and iexplorer are exceptioned by default. The command line FTP program is likely not. Also. I am pretty sure the command line doesn't use "PASV" by default like explorer and iexplore would so you might be seeing the the inbound data reply from the server triggering the firewall.

This explains it:
http://slacksite.com/other/ftp.html

To answer your other question, by default XP mode is Natted behind the win7 nic. You are likely seeing dual NAT issues that break active FTP connections. Try bridging the network card so XP mode gets its IP from the DHCP server on your network.

 

[Emulex]

xp mode nat doesn't have an ftp connection tracker?

 

[RebateMonger]

On my Win7 Ultimate PC, both native Win7 AND XP Mode in Win7 give firewall block alerts when performing your exact steps at the "LS" command. The one in XP Mode is an XP-Firewall formatted message and the one in Win7 is a Win7-formatted message.

The first time I tried the XP ftp connection, the ftp server dropped the connection after I told XP firewall to "Unblock" the connection. The second time I tried it (after having "allowed" the connection the first time), the connection stayed up.

 

[imagoon]

On my Win7 Ultimate PC, both native Win7 AND XP Mode in Win7 give firewall block alerts when performing your exact steps at the "LS" command. The one in XP Mode is an XP-Firewall formatted message and the one in Win7 is a Win7-formatted message.

The first time I tried the XP ftp connection, the ftp server dropped the connection after I told XP firewall to "Unblock" the connection. The second time I tried it (after having "allowed" the connection the first time), the connection stayed up.

Did you try doing that with passive FTP instead?

When you "ls" in active mode the FTP server opens the data connection rather the client opening the data connection. The server's reply is likely getting lost behind the double NAT and the connection drops.

The key thing to remember here is that the data connection is separate from the control connection. It is this that breaks most NAT devices and the main reason the "PASV" command was implemented.

 

[Ichinisan]

On my Win7 Ultimate PC, both native Win7 AND XP Mode in Win7 give firewall block alerts when performing your exact steps at the "LS" command. The one in XP Mode is an XP-Firewall formatted message and the one in Win7 is a Win7-formatted message.

The first time I tried the XP ftp connection, the ftp server dropped the connection after I told XP firewall to "Unblock" the connection. The second time I tried it (after having "allowed" the connection the first time), the connection stayed up.

How can it be? I have the firewall COMPLETELY DISABLED in the virtual OS and the host OS.

My router is a WRT54G v4 running DD-WRT.

 

[Ichinisan]

Did you try doing that with passive FTP instead?

When you "ls" in active mode the FTP server opens the data connection rather the client opening the data connection. The server's reply is likely getting lost behind the double NAT and the connection drops.

The key thing to remember here is that the data connection is separate from the control connection. It is this that breaks most NAT devices and the main reason the "PASV" command was implemented.

For some reason, the PASV command is invalid.

I *know* I've used it before.

 

[Ichinisan]

I've never used it, but I'd start by trying "ftp -d" to enable debugging...not that I really trust microsoft to give you useful debugging info, but it's worth a shot.

Ran using ftp -d, then open ftp.mozilla.org...

ftp> ls
---> PORT 192,168,131,65,4,95
Connection closed by remote host.

I'm not sure what to make of it. The LAN IP of the virtual machine is 192.168.131.65 .

 

[Ichinisan]

I changed the networking type on the virtual machine so it gets DHCP directly from my Linksys DD-WRT router. Now it works.

Two things need to be explained:
1. Why would this "super-compatibility" feature use a default setting that breaks functionality and hurts compatibility?
2. Why did it work for RebateMonger without changing the networking type for the VM?

 

[imagoon]

I changed the networking type on the virtual machine so it gets DHCP directly from my Linksys DD-WRT router. Now it works.

Two things need to be explained:
1. Why would this "super-compatibility" feature use a default setting that breaks functionality and hurts compatibility?
2. Why did it work for RebateMonger without changing the networking type for the VM?

You client told the remote server "connect to 192,168,131,65,4,95" which fails because that is not a valid IP / port on the open internet and is behind a NAT device. Like I said before... this is a long known issue active FTP connections. The client tells the server where to connect which is an invalid address. PASV was the fix. FTP was not natively NAT aware, but some clients handle it along with the NAT devices. Dual NAT however would kill those techniques also.

ftp> ls
---> PORT 192,168,131,65,4,95
Connection closed by remote host.

 

[Ichinisan]

You client told the remote server "connect to 192,168,131,65,4,95" which fails because that is not a valid IP / port on the open internet and is behind a NAT device. Like I said before... this is a long known issue active FTP connections. The client tells the server where to connect which is an invalid address. PASV was the fix. FTP was not natively NAT aware, but some clients handle it along with the NAT devices. Dual NAT however would kill those techniques also.

ftp> ls
---> PORT 192,168,131,65,4,95
Connection closed by remote host.

I just don't understand how RebateMonger was able to do it with the double-NAT situation.

 

[Nothinman]

I just don't understand how RebateMonger was able to do it with the double-NAT situation.

The most likely guess is that it's probably just a difference in the router/firewall that you and he are using and how it handle's fixing up FTP commands.

 

[imagoon]

The most likely guess is that it's probably just a difference in the router/firewall that you and he are using and how it handle's fixing up FTP commands.

Also the server daemon itself can have an affect.