Solved

Unusual FTP problem

Posted on 2004-04-30
8
220 Views
Last Modified: 2013-11-29
I have just set up a website for a colleague of mine and have encountered a very difficult problem regarding connecting to a hosting providers web server with FTP.

My colleague is unable to FTP to the server from his office, yet I can access it from my office, no problem. When he trys (using IE6) he gets the following error message: "Windows cannot access this folder, make sure you typed the file name correctly and that you have permission to access this folder" Followed by "220-This computer system is for authorised users only. Individuals using this sytem without authority are subject to having all their activities on this system monitored etc. etc. etc."

We have disabled all firewalls (including ICF in Windows) and he is connecting directly to his ISP (Freola) via an ADSL modem and a laptop computer running windows XP, but still he gets this error message.

Here's the really strange bit. When he takes the same laptop home and connects to the same ISP on his Home connection, he can access his FTP server no problem.

We appear to be going round in circles trying to sort this out. Could anyone offer any possible suggestions?

Thanks in anticipation

Rob    
0
Comment
Question by:Rob7676
  • 2
  • 2
  • 2
8 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
ID: 10961210
Try switching between active and Passive FTP :)

Passive and Active FTP

There are two types of FTP (File Transfer Protocol) these are Active and Passive

Active FTP

Pros (good for network administrators)
Cons (not so good for the client)

The FTP server will try and make a connection on a lot of high port numbers (these could well be blocked on the clients side Firewall)


Passive FTP

Pros (good for the client)
Cons (Not good for the network administrators)

The client makes the connection to the FTP server, and one will be a high port number that will almost certainly be blocked by the network firewall (server side)


Solution

To strike a happy medium, administrators can make their FTP servers available to many clients by supporting passive FTP; reserving a range of port numbers does this, in this way all other ports can be firewalled, thus decreasing the security risk

Luckily, there is somewhat of a compromise. Since administrators running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. Specifying a limited port range for the FTP server to use can minimize the exposure of high-level ports on the server. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously. See Appendix 1 for more information.

*****Links*****
http://slacksite.com/other/ftp.html
http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac199/about_cisco_ipj_archive_article09186a00800c85a7.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10961218
1. Open IE, go to Tools | Internet Options and click the Advanced tab.

2. Place a check beside the option Use Passive FTP.

3. Remove the check beside the option Enable Folder View For FTP Sites.

4. Click OK.
0
 
LVL 2

Assisted Solution

by:TheBrothaULuv2H8
TheBrothaULuv2H8 earned 125 total points
ID: 10961557
I agree with the passive FTP suggestions.  Also try using an FTP client like WS_FTP or CuteFTP.  Also disable any software based FWs for testing like (ZoneAlarm)
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10961863
Is it possible that the ftp server is configured to deny connections from certain IP addreses, like the subnet your friend uses at work?
0
 
LVL 2

Expert Comment

by:TheBrothaULuv2H8
ID: 10962028
I think the last post in another good direction to investigate, to add to that, could it also be that the location where your friend can't access the site could it be that the site doesn't permit OUTBOUND FTP CONNECTIONS this is common in some corporate enviornments.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10962185
One thing your friend could try is to make a command line ftp connection to the site. for example if the URL in your IE window is ftp://ftp.company.com then at a DOS prompt type ftp ftp.company.com.

If he gets a login prompt, then outbound ftp is at least working. If it hangs, it's not. If he's refused then the hosting site may be doing something.

One more thing- some ftp servers do a "reverse DNS lookup." This means that the server sees your IP address and then uses DNS to try to resolve it to a host name. If it doesn't resolve, it will bounce you out. If this is the case, your friend needs to have his network administrator set up reverse DNS entries for inside addresses. They can even use a "wildcard" entry.

You can actually check this out your self- get your friend's office IP address (the public IP if he's on a private network) and look it up using nslookup at a DOS prompt. Have your friend do the same with your public IP address. If his doesn't resolve but yours does, that is very likely the problem.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now