Solved

FTP cannot be access from other LANs

Posted on 2004-09-29
11
160 Views
Last Modified: 2010-03-18
Hi.. I have set up an FTP server in a Windows server 2k3 machine in my company. this server is behind a cisco pix firewall and we use adsl router for the internet connection. everything had been set up properly from the FTP site itself to the configuration of the pix firewall to redirect any FTP request to that win server 2k3 machine.

the FTP works ok internally in our LAN (we just type ftp://win2k3server-hostname). but for public access, it works ok only if we use dial-up as the internet connection, or if we use broadband from home (we use router, but the FTP connection can still be done). The problem comes when we try to access the FTP site from another LAN. My colleague tried to access it during one of his stays at some hotel.  He used the hotel's broadband connection but can't get in the FTP site. we also tried to use wireless internet connection in one of the airports, but can't get into the FTP site as well.

what is the cause of this and how to rectify it?

thanks in advance!!

-blue
0
Comment
Question by:bluefile
  • 6
  • 5
11 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12189444
IS your server using passive or active FTP?  If passive, it's possible that the firewalls governing the ftp client networks have ports blocked.  Try changing the ftp server to active mode and see if that helps.
0
 

Author Comment

by:bluefile
ID: 12189689
how do i check whether it is passive or active?
thanks!
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12189955
actually it is usually the client that determines whether the session is active or passive... sorry.  Don't know where my head is this morning:

You can read this:
http://slacksite.com/other/ftp.html

Excerpt:
The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.


If you are using IE, instruct your client to use passive mode by selecting Tools - Internet Options - Advanced
and then check "use passive ftp"

if this works then it is the firewalls on the client side.
0
 

Author Comment

by:bluefile
ID: 12197325
so you mean there's nothing to do with the server side? the connection failure is due to the client-side's firewall??
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12199699
It would seem that way.  Your ability to access it from multiple internet locations is a very good indication that you are setup correctly.  what error messages are you getting when you try to connect from the LAN?  can he check the firewall logs for that LAN?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:bluefile
ID: 12211062
hmm.. usually there's no error message.. what my colleagues told me was usually when they try to connect using IE, they will just get the folder and flash light icon at the middle of the page (as if it is searching for something), then usually the error message is something like 'cannot find the folder... bla bla..' i'm not sure about the exact words.

the problem is all the while the LAN that they use when the connection failed is a public LAN like those in airports (wireless LAN) or those broadband connection they have in hotel rooms.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12212596
try using the ftp command line tool.

"ftp ftp.whatever.com"

this should give you a better indication of the error.
0
 

Author Comment

by:bluefile
ID: 12222863
hi..
sorry for the delay.. my colleague has not replied to me. so give me 1-2 days and i'll get back to you again. thanks!
0
 

Author Comment

by:bluefile
ID: 12255100
hi..
i'm very sorry.. we can't seem to get the problem now.. it's now ok..so i guess no problem for the time being.

however, can you let me know some other ways to track/investigate what's happenning ? just in case the problem happens again. i mean for debugging, what else can i do besides those you have told me?

thanks!
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 100 total points
ID: 12258287
well the command line tool mentioned above I find alot easier to use in troubleshooting.  All the errors it gives you are searchable online to determine what the problem is.
0
 

Author Comment

by:bluefile
ID: 12268715
hm.. alright then.. not to delay any further..
thanks for your replies!!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now