Solved

Unusual FTP problem

Posted on 2004-04-30
8
224 Views
Last Modified: 2013-11-29
I have just set up a website for a colleague of mine and have encountered a very difficult problem regarding connecting to a hosting providers web server with FTP.

My colleague is unable to FTP to the server from his office, yet I can access it from my office, no problem. When he trys (using IE6) he gets the following error message: "Windows cannot access this folder, make sure you typed the file name correctly and that you have permission to access this folder" Followed by "220-This computer system is for authorised users only. Individuals using this sytem without authority are subject to having all their activities on this system monitored etc. etc. etc."

We have disabled all firewalls (including ICF in Windows) and he is connecting directly to his ISP (Freola) via an ADSL modem and a laptop computer running windows XP, but still he gets this error message.

Here's the really strange bit. When he takes the same laptop home and connects to the same ISP on his Home connection, he can access his FTP server no problem.

We appear to be going round in circles trying to sort this out. Could anyone offer any possible suggestions?

Thanks in anticipation

Rob    
0
Comment
Question by:Rob7676
  • 2
  • 2
  • 2
8 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
ID: 10961210
Try switching between active and Passive FTP :)

Passive and Active FTP

There are two types of FTP (File Transfer Protocol) these are Active and Passive

Active FTP

Pros (good for network administrators)
Cons (not so good for the client)

The FTP server will try and make a connection on a lot of high port numbers (these could well be blocked on the clients side Firewall)


Passive FTP

Pros (good for the client)
Cons (Not good for the network administrators)

The client makes the connection to the FTP server, and one will be a high port number that will almost certainly be blocked by the network firewall (server side)


Solution

To strike a happy medium, administrators can make their FTP servers available to many clients by supporting passive FTP; reserving a range of port numbers does this, in this way all other ports can be firewalled, thus decreasing the security risk

Luckily, there is somewhat of a compromise. Since administrators running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. Specifying a limited port range for the FTP server to use can minimize the exposure of high-level ports on the server. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously. See Appendix 1 for more information.

*****Links*****
http://slacksite.com/other/ftp.html
http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac199/about_cisco_ipj_archive_article09186a00800c85a7.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10961218
1. Open IE, go to Tools | Internet Options and click the Advanced tab.

2. Place a check beside the option Use Passive FTP.

3. Remove the check beside the option Enable Folder View For FTP Sites.

4. Click OK.
0
 
LVL 2

Assisted Solution

by:TheBrothaULuv2H8
TheBrothaULuv2H8 earned 125 total points
ID: 10961557
I agree with the passive FTP suggestions.  Also try using an FTP client like WS_FTP or CuteFTP.  Also disable any software based FWs for testing like (ZoneAlarm)
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10961863
Is it possible that the ftp server is configured to deny connections from certain IP addreses, like the subnet your friend uses at work?
0
 
LVL 2

Expert Comment

by:TheBrothaULuv2H8
ID: 10962028
I think the last post in another good direction to investigate, to add to that, could it also be that the location where your friend can't access the site could it be that the site doesn't permit OUTBOUND FTP CONNECTIONS this is common in some corporate enviornments.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10962185
One thing your friend could try is to make a command line ftp connection to the site. for example if the URL in your IE window is ftp://ftp.company.com then at a DOS prompt type ftp ftp.company.com.

If he gets a login prompt, then outbound ftp is at least working. If it hangs, it's not. If he's refused then the hosting site may be doing something.

One more thing- some ftp servers do a "reverse DNS lookup." This means that the server sees your IP address and then uses DNS to try to resolve it to a host name. If it doesn't resolve, it will bounce you out. If this is the case, your friend needs to have his network administrator set up reverse DNS entries for inside addresses. They can even use a "wildcard" entry.

You can actually check this out your self- get your friend's office IP address (the public IP if he's on a private network) and look it up using nslookup at a DOS prompt. Have your friend do the same with your public IP address. If his doesn't resolve but yours does, that is very likely the problem.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Firewall setup within a managed office 8 69
IP Calculator 10 53
Vlan to Vlan communication 9 71
Hyper-V VM not connected 1 75
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now