Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FTP Troubles

Posted on 2004-10-21
18
Medium Priority
?
418 Views
Last Modified: 2010-04-21
I am having problems with ftp

Our customer is able to login to our site from a unix server but they can't get the file, the process just hangs until they terminate it. The same thing happens if they try a dir, they don't get any data returned.

They can get the file if they do it from a windows pc, through FTP DOS and Internet Explorer

Maybe it could be port translation that is causing the problem ?

Our firewall is open for port 21 only for our ftp server.

Does this ring any bells with anyone ?

Thanks
Steve
0
Comment
Question by:stevendunne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +3
18 Comments
 
LVL 4

Accepted Solution

by:
brunomsilva earned 536 total points
ID: 12370383
try setting passive mode, run PASV before getting the file
0
 

Author Comment

by:stevendunne
ID: 12370408
We put a new firewall in last weekend and the problems have only occurred from Monday.

However if they can retrieve the file through ftp DOS & Internet Explorer, what does this mean ?  

I think maybe a unix issue ?
0
 
LVL 4

Expert Comment

by:brunomsilva
ID: 12370537
have you tried what i said? after the login type pasv at the ftp prompt
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:stevendunne
ID: 12370927
They have just tried it in passive/active mode, but when they dont run it in this mode they can connect but cant download ?
0
 
LVL 62

Expert Comment

by:gheist
ID: 12373048
Just what is FTP DOS ????

If you open only port 21 to your server, no FTP mode will work by protocol design
0
 
LVL 48

Expert Comment

by:Tintin
ID: 12374227
When you say:

"They have just tried it in passive/active mode, but when they dont run it in this mode they can connect but cant download ?"

Does that mean they can download in passive mode or not?
0
 
LVL 62

Expert Comment

by:gheist
ID: 12375534
:-)
when port 21 is open they can connect but cannot do anything else.
the problem is in firewall, it interferes with normal operation, please ask people maintaining firewall to pass ftp in adequate manner.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 12375630
For reference,  http://slacksite.com/other/ftp.html is an excellent page describing in detail the mechanics of FTP.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 12376972
port 21 have to open for both onbond and outbond for normal FTP client!

0
 
LVL 48

Expert Comment

by:Tintin
ID: 12377038
Most firewalls recognise this.
0
 
LVL 62

Expert Comment

by:gheist
ID: 12378797
Name one please
0
 

Author Comment

by:stevendunne
ID: 12378993
This is the current situation

We have moved to a new FW and have opened this for port 21 for the ftp server, just like we did on the old firewall.

From home I'm able to login to our ftp site retrieving the files through windows dos, using the ftp commands etc.  I can also retrieve the files via internet explorer

I've even dialled up at worked using a dial up account and can view and retrieve the files from windows dos and through internet explorer.

I've even asked a guy at another site to test from his LAN through his firewall and it fine.

One of my customers cannot connect & download the files using windows dos or internet explorer.  The other customer cannot retrieve the files via UNIX, it connects but just hangs on trying to retrieve the files.

A very very odd one !

:-(
0
 
LVL 62

Expert Comment

by:gheist
ID: 12382231
Excuse me, but wtf is "Windows DoS" ???
0
 
LVL 38

Assisted Solution

by:wesly_chen
wesly_chen earned 532 total points
ID: 12383337
I think the "Windows DOS" mean "command prompt in Windows".

FTP need port 21 to make the connection and port 20 for data transfer.

However, if the author can do it from his home and dial-up, then I think the firewall on your site is not the issue.

I suggest you might need to work with your customer to troubleshooting this issue.
There are some clues to trace down the issue:
1. Firewall change on customer site recently change?
2. On Windows systems, any firewall enable/installed recently? (Such XP SP2)
3. PASV on Unix side setting. If this customer can not retrieve file through Windows command prompt, then check the firewall.

A lot of companies block the ftp outgoing to protect their credical data. They may implement some proxy server...
So for FTP issue, the issues are not always on your side.

Good luck,

Wesly
0
 

Author Comment

by:stevendunne
ID: 12409272
I've managed to resolve this now for the 2-3 customers who were affected.  Basically on the firewall on advanced options not access rules, I enabled "Force inbound & outbound FTP to default to port 20"

However we send a file into one of our customer sites via one of our pc's, before it was setup that this particular pc was published on the internet with tcp\high-ports open the firewall to that pc.  Now I've enabled the "Force inbound & outbound FTP to default to port 20" this longer works for this particular customer.

What have they done at there to make this so tricky ?  Or is it me ?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 532 total points
ID: 12409334
basically binding to port 20/tcp requires ftpd to be run as root user, which may open security holes on host, but let us hope that firewall reasonably intercepts ftp connections.
Another is passive mode, that prefers connecting from client to high ports of server, so for this mode you may need to enable inbound high port connections (some range synced on server and firewall) or disable PASV and EPSV commands on server, but keep in mind that some firewalls of your customers may allow only passive FTP mostly for simplicity ( no need to configure inbound data channel for ftp, same trick that MSIE does under "firewall and cable" advanced checkmark)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question