FTP Troubles

I am having problems with ftp

Our customer is able to login to our site from a unix server but they can't get the file, the process just hangs until they terminate it. The same thing happens if they try a dir, they don't get any data returned.

They can get the file if they do it from a windows pc, through FTP DOS and Internet Explorer

Maybe it could be port translation that is causing the problem ?

Our firewall is open for port 21 only for our ftp server.

Does this ring any bells with anyone ?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

try setting passive mode, run PASV before getting the file

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
stevendunneAuthor Commented:
We put a new firewall in last weekend and the problems have only occurred from Monday.

However if they can retrieve the file through ftp DOS & Internet Explorer, what does this mean ?  

I think maybe a unix issue ?
have you tried what i said? after the login type pasv at the ftp prompt
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

stevendunneAuthor Commented:
They have just tried it in passive/active mode, but when they dont run it in this mode they can connect but cant download ?
Just what is FTP DOS ????

If you open only port 21 to your server, no FTP mode will work by protocol design
When you say:

"They have just tried it in passive/active mode, but when they dont run it in this mode they can connect but cant download ?"

Does that mean they can download in passive mode or not?
when port 21 is open they can connect but cannot do anything else.
the problem is in firewall, it interferes with normal operation, please ask people maintaining firewall to pass ftp in adequate manner.
For reference,  http://slacksite.com/other/ftp.html is an excellent page describing in detail the mechanics of FTP.
port 21 have to open for both onbond and outbond for normal FTP client!

Most firewalls recognise this.
Name one please
stevendunneAuthor Commented:
This is the current situation

We have moved to a new FW and have opened this for port 21 for the ftp server, just like we did on the old firewall.

From home I'm able to login to our ftp site retrieving the files through windows dos, using the ftp commands etc.  I can also retrieve the files via internet explorer

I've even dialled up at worked using a dial up account and can view and retrieve the files from windows dos and through internet explorer.

I've even asked a guy at another site to test from his LAN through his firewall and it fine.

One of my customers cannot connect & download the files using windows dos or internet explorer.  The other customer cannot retrieve the files via UNIX, it connects but just hangs on trying to retrieve the files.

A very very odd one !

Excuse me, but wtf is "Windows DoS" ???
I think the "Windows DOS" mean "command prompt in Windows".

FTP need port 21 to make the connection and port 20 for data transfer.

However, if the author can do it from his home and dial-up, then I think the firewall on your site is not the issue.

I suggest you might need to work with your customer to troubleshooting this issue.
There are some clues to trace down the issue:
1. Firewall change on customer site recently change?
2. On Windows systems, any firewall enable/installed recently? (Such XP SP2)
3. PASV on Unix side setting. If this customer can not retrieve file through Windows command prompt, then check the firewall.

A lot of companies block the ftp outgoing to protect their credical data. They may implement some proxy server...
So for FTP issue, the issues are not always on your side.

Good luck,

stevendunneAuthor Commented:
I've managed to resolve this now for the 2-3 customers who were affected.  Basically on the firewall on advanced options not access rules, I enabled "Force inbound & outbound FTP to default to port 20"

However we send a file into one of our customer sites via one of our pc's, before it was setup that this particular pc was published on the internet with tcp\high-ports open the firewall to that pc.  Now I've enabled the "Force inbound & outbound FTP to default to port 20" this longer works for this particular customer.

What have they done at there to make this so tricky ?  Or is it me ?
basically binding to port 20/tcp requires ftpd to be run as root user, which may open security holes on host, but let us hope that firewall reasonably intercepts ftp connections.
Another is passive mode, that prefers connecting from client to high ports of server, so for this mode you may need to enable inbound high port connections (some range synced on server and firewall) or disable PASV and EPSV commands on server, but keep in mind that some firewalls of your customers may allow only passive FTP mostly for simplicity ( no need to configure inbound data channel for ftp, same trick that MSIE does under "firewall and cable" advanced checkmark)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.