Solved

Unusual FTP problem

Posted on 2004-04-30
8
241 Views
Last Modified: 2013-11-29
I have just set up a website for a colleague of mine and have encountered a very difficult problem regarding connecting to a hosting providers web server with FTP.

My colleague is unable to FTP to the server from his office, yet I can access it from my office, no problem. When he trys (using IE6) he gets the following error message: "Windows cannot access this folder, make sure you typed the file name correctly and that you have permission to access this folder" Followed by "220-This computer system is for authorised users only. Individuals using this sytem without authority are subject to having all their activities on this system monitored etc. etc. etc."

We have disabled all firewalls (including ICF in Windows) and he is connecting directly to his ISP (Freola) via an ADSL modem and a laptop computer running windows XP, but still he gets this error message.

Here's the really strange bit. When he takes the same laptop home and connects to the same ISP on his Home connection, he can access his FTP server no problem.

We appear to be going round in circles trying to sort this out. Could anyone offer any possible suggestions?

Thanks in anticipation

Rob    
0
Comment
Question by:Rob7676
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
8 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
ID: 10961210
Try switching between active and Passive FTP :)

Passive and Active FTP

There are two types of FTP (File Transfer Protocol) these are Active and Passive

Active FTP

Pros (good for network administrators)
Cons (not so good for the client)

The FTP server will try and make a connection on a lot of high port numbers (these could well be blocked on the clients side Firewall)


Passive FTP

Pros (good for the client)
Cons (Not good for the network administrators)

The client makes the connection to the FTP server, and one will be a high port number that will almost certainly be blocked by the network firewall (server side)


Solution

To strike a happy medium, administrators can make their FTP servers available to many clients by supporting passive FTP; reserving a range of port numbers does this, in this way all other ports can be firewalled, thus decreasing the security risk

Luckily, there is somewhat of a compromise. Since administrators running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. Specifying a limited port range for the FTP server to use can minimize the exposure of high-level ports on the server. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously. See Appendix 1 for more information.

*****Links*****
http://slacksite.com/other/ftp.html
http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac199/about_cisco_ipj_archive_article09186a00800c85a7.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10961218
1. Open IE, go to Tools | Internet Options and click the Advanced tab.

2. Place a check beside the option Use Passive FTP.

3. Remove the check beside the option Enable Folder View For FTP Sites.

4. Click OK.
0
 
LVL 2

Assisted Solution

by:TheBrothaULuv2H8
TheBrothaULuv2H8 earned 125 total points
ID: 10961557
I agree with the passive FTP suggestions.  Also try using an FTP client like WS_FTP or CuteFTP.  Also disable any software based FWs for testing like (ZoneAlarm)
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10961863
Is it possible that the ftp server is configured to deny connections from certain IP addreses, like the subnet your friend uses at work?
0
 
LVL 2

Expert Comment

by:TheBrothaULuv2H8
ID: 10962028
I think the last post in another good direction to investigate, to add to that, could it also be that the location where your friend can't access the site could it be that the site doesn't permit OUTBOUND FTP CONNECTIONS this is common in some corporate enviornments.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10962185
One thing your friend could try is to make a command line ftp connection to the site. for example if the URL in your IE window is ftp://ftp.company.com then at a DOS prompt type ftp ftp.company.com.

If he gets a login prompt, then outbound ftp is at least working. If it hangs, it's not. If he's refused then the hosting site may be doing something.

One more thing- some ftp servers do a "reverse DNS lookup." This means that the server sees your IP address and then uses DNS to try to resolve it to a host name. If it doesn't resolve, it will bounce you out. If this is the case, your friend needs to have his network administrator set up reverse DNS entries for inside addresses. They can even use a "wildcard" entry.

You can actually check this out your self- get your friend's office IP address (the public IP if he's on a private network) and look it up using nslookup at a DOS prompt. Have your friend do the same with your public IP address. If his doesn't resolve but yours does, that is very likely the problem.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question