Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Unusual FTP problem

Posted on 2004-04-30
8
231 Views
Last Modified: 2013-11-29
I have just set up a website for a colleague of mine and have encountered a very difficult problem regarding connecting to a hosting providers web server with FTP.

My colleague is unable to FTP to the server from his office, yet I can access it from my office, no problem. When he trys (using IE6) he gets the following error message: "Windows cannot access this folder, make sure you typed the file name correctly and that you have permission to access this folder" Followed by "220-This computer system is for authorised users only. Individuals using this sytem without authority are subject to having all their activities on this system monitored etc. etc. etc."

We have disabled all firewalls (including ICF in Windows) and he is connecting directly to his ISP (Freola) via an ADSL modem and a laptop computer running windows XP, but still he gets this error message.

Here's the really strange bit. When he takes the same laptop home and connects to the same ISP on his Home connection, he can access his FTP server no problem.

We appear to be going round in circles trying to sort this out. Could anyone offer any possible suggestions?

Thanks in anticipation

Rob    
0
Comment
Question by:Rob7676
  • 2
  • 2
  • 2
8 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
ID: 10961210
Try switching between active and Passive FTP :)

Passive and Active FTP

There are two types of FTP (File Transfer Protocol) these are Active and Passive

Active FTP

Pros (good for network administrators)
Cons (not so good for the client)

The FTP server will try and make a connection on a lot of high port numbers (these could well be blocked on the clients side Firewall)


Passive FTP

Pros (good for the client)
Cons (Not good for the network administrators)

The client makes the connection to the FTP server, and one will be a high port number that will almost certainly be blocked by the network firewall (server side)


Solution

To strike a happy medium, administrators can make their FTP servers available to many clients by supporting passive FTP; reserving a range of port numbers does this, in this way all other ports can be firewalled, thus decreasing the security risk

Luckily, there is somewhat of a compromise. Since administrators running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. Specifying a limited port range for the FTP server to use can minimize the exposure of high-level ports on the server. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously. See Appendix 1 for more information.

*****Links*****
http://slacksite.com/other/ftp.html
http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac199/about_cisco_ipj_archive_article09186a00800c85a7.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10961218
1. Open IE, go to Tools | Internet Options and click the Advanced tab.

2. Place a check beside the option Use Passive FTP.

3. Remove the check beside the option Enable Folder View For FTP Sites.

4. Click OK.
0
 
LVL 2

Assisted Solution

by:TheBrothaULuv2H8
TheBrothaULuv2H8 earned 125 total points
ID: 10961557
I agree with the passive FTP suggestions.  Also try using an FTP client like WS_FTP or CuteFTP.  Also disable any software based FWs for testing like (ZoneAlarm)
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10961863
Is it possible that the ftp server is configured to deny connections from certain IP addreses, like the subnet your friend uses at work?
0
 
LVL 2

Expert Comment

by:TheBrothaULuv2H8
ID: 10962028
I think the last post in another good direction to investigate, to add to that, could it also be that the location where your friend can't access the site could it be that the site doesn't permit OUTBOUND FTP CONNECTIONS this is common in some corporate enviornments.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10962185
One thing your friend could try is to make a command line ftp connection to the site. for example if the URL in your IE window is ftp://ftp.company.com then at a DOS prompt type ftp ftp.company.com.

If he gets a login prompt, then outbound ftp is at least working. If it hangs, it's not. If he's refused then the hosting site may be doing something.

One more thing- some ftp servers do a "reverse DNS lookup." This means that the server sees your IP address and then uses DNS to try to resolve it to a host name. If it doesn't resolve, it will bounce you out. If this is the case, your friend needs to have his network administrator set up reverse DNS entries for inside addresses. They can even use a "wildcard" entry.

You can actually check this out your self- get your friend's office IP address (the public IP if he's on a private network) and look it up using nslookup at a DOS prompt. Have your friend do the same with your public IP address. If his doesn't resolve but yours does, that is very likely the problem.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question