Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Unusual FTP problem

Posted on 2004-04-30
8
Medium Priority
?
243 Views
Last Modified: 2013-11-29
I have just set up a website for a colleague of mine and have encountered a very difficult problem regarding connecting to a hosting providers web server with FTP.

My colleague is unable to FTP to the server from his office, yet I can access it from my office, no problem. When he trys (using IE6) he gets the following error message: "Windows cannot access this folder, make sure you typed the file name correctly and that you have permission to access this folder" Followed by "220-This computer system is for authorised users only. Individuals using this sytem without authority are subject to having all their activities on this system monitored etc. etc. etc."

We have disabled all firewalls (including ICF in Windows) and he is connecting directly to his ISP (Freola) via an ADSL modem and a laptop computer running windows XP, but still he gets this error message.

Here's the really strange bit. When he takes the same laptop home and connects to the same ISP on his Home connection, he can access his FTP server no problem.

We appear to be going round in circles trying to sort this out. Could anyone offer any possible suggestions?

Thanks in anticipation

Rob    
0
Comment
Question by:Rob7676
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
8 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 10961210
Try switching between active and Passive FTP :)

Passive and Active FTP

There are two types of FTP (File Transfer Protocol) these are Active and Passive

Active FTP

Pros (good for network administrators)
Cons (not so good for the client)

The FTP server will try and make a connection on a lot of high port numbers (these could well be blocked on the clients side Firewall)


Passive FTP

Pros (good for the client)
Cons (Not good for the network administrators)

The client makes the connection to the FTP server, and one will be a high port number that will almost certainly be blocked by the network firewall (server side)


Solution

To strike a happy medium, administrators can make their FTP servers available to many clients by supporting passive FTP; reserving a range of port numbers does this, in this way all other ports can be firewalled, thus decreasing the security risk

Luckily, there is somewhat of a compromise. Since administrators running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. Specifying a limited port range for the FTP server to use can minimize the exposure of high-level ports on the server. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously. See Appendix 1 for more information.

*****Links*****
http://slacksite.com/other/ftp.html
http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac199/about_cisco_ipj_archive_article09186a00800c85a7.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10961218
1. Open IE, go to Tools | Internet Options and click the Advanced tab.

2. Place a check beside the option Use Passive FTP.

3. Remove the check beside the option Enable Folder View For FTP Sites.

4. Click OK.
0
 
LVL 2

Assisted Solution

by:TheBrothaULuv2H8
TheBrothaULuv2H8 earned 500 total points
ID: 10961557
I agree with the passive FTP suggestions.  Also try using an FTP client like WS_FTP or CuteFTP.  Also disable any software based FWs for testing like (ZoneAlarm)
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10961863
Is it possible that the ftp server is configured to deny connections from certain IP addreses, like the subnet your friend uses at work?
0
 
LVL 2

Expert Comment

by:TheBrothaULuv2H8
ID: 10962028
I think the last post in another good direction to investigate, to add to that, could it also be that the location where your friend can't access the site could it be that the site doesn't permit OUTBOUND FTP CONNECTIONS this is common in some corporate enviornments.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10962185
One thing your friend could try is to make a command line ftp connection to the site. for example if the URL in your IE window is ftp://ftp.company.com then at a DOS prompt type ftp ftp.company.com.

If he gets a login prompt, then outbound ftp is at least working. If it hangs, it's not. If he's refused then the hosting site may be doing something.

One more thing- some ftp servers do a "reverse DNS lookup." This means that the server sees your IP address and then uses DNS to try to resolve it to a host name. If it doesn't resolve, it will bounce you out. If this is the case, your friend needs to have his network administrator set up reverse DNS entries for inside addresses. They can even use a "wildcard" entry.

You can actually check this out your self- get your friend's office IP address (the public IP if he's on a private network) and look it up using nslookup at a DOS prompt. Have your friend do the same with your public IP address. If his doesn't resolve but yours does, that is very likely the problem.
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question