Solved

FTP Troubles

Posted on 2004-10-21
416 Views
Last Modified: 2010-04-21
I am having problems with ftp

Our customer is able to login to our site from a unix server but they can't get the file, the process just hangs until they terminate it. The same thing happens if they try a dir, they don't get any data returned.

They can get the file if they do it from a windows pc, through FTP DOS and Internet Explorer

Maybe it could be port translation that is causing the problem ?

Our firewall is open for port 21 only for our ftp server.

Does this ring any bells with anyone ?

Thanks
Steve
0
Question by:stevendunne
    16 Comments
     
    LVL 4

    Accepted Solution

    by:
    try setting passive mode, run PASV before getting the file
    0
     

    Author Comment

    by:stevendunne
    We put a new firewall in last weekend and the problems have only occurred from Monday.

    However if they can retrieve the file through ftp DOS & Internet Explorer, what does this mean ?  

    I think maybe a unix issue ?
    0
     
    LVL 4

    Expert Comment

    by:brunomsilva
    have you tried what i said? after the login type pasv at the ftp prompt
    0
     

    Author Comment

    by:stevendunne
    They have just tried it in passive/active mode, but when they dont run it in this mode they can connect but cant download ?
    0
     
    LVL 60

    Expert Comment

    by:gheist
    Just what is FTP DOS ????

    If you open only port 21 to your server, no FTP mode will work by protocol design
    0
     
    LVL 48

    Expert Comment

    by:Tintin
    When you say:

    "They have just tried it in passive/active mode, but when they dont run it in this mode they can connect but cant download ?"

    Does that mean they can download in passive mode or not?
    0
     
    LVL 60

    Expert Comment

    by:gheist
    :-)
    when port 21 is open they can connect but cannot do anything else.
    the problem is in firewall, it interferes with normal operation, please ask people maintaining firewall to pass ftp in adequate manner.
    0
     
    LVL 48

    Expert Comment

    by:Tintin
    For reference,  http://slacksite.com/other/ftp.html is an excellent page describing in detail the mechanics of FTP.
    0
     
    LVL 38

    Expert Comment

    by:yuzh
    port 21 have to open for both onbond and outbond for normal FTP client!

    0
     
    LVL 48

    Expert Comment

    by:Tintin
    Most firewalls recognise this.
    0
     
    LVL 60

    Expert Comment

    by:gheist
    Name one please
    0
     

    Author Comment

    by:stevendunne
    This is the current situation

    We have moved to a new FW and have opened this for port 21 for the ftp server, just like we did on the old firewall.

    From home I'm able to login to our ftp site retrieving the files through windows dos, using the ftp commands etc.  I can also retrieve the files via internet explorer

    I've even dialled up at worked using a dial up account and can view and retrieve the files from windows dos and through internet explorer.

    I've even asked a guy at another site to test from his LAN through his firewall and it fine.

    One of my customers cannot connect & download the files using windows dos or internet explorer.  The other customer cannot retrieve the files via UNIX, it connects but just hangs on trying to retrieve the files.

    A very very odd one !

    :-(
    0
     
    LVL 60

    Expert Comment

    by:gheist
    Excuse me, but wtf is "Windows DoS" ???
    0
     
    LVL 38

    Assisted Solution

    by:wesly_chen
    I think the "Windows DOS" mean "command prompt in Windows".

    FTP need port 21 to make the connection and port 20 for data transfer.

    However, if the author can do it from his home and dial-up, then I think the firewall on your site is not the issue.

    I suggest you might need to work with your customer to troubleshooting this issue.
    There are some clues to trace down the issue:
    1. Firewall change on customer site recently change?
    2. On Windows systems, any firewall enable/installed recently? (Such XP SP2)
    3. PASV on Unix side setting. If this customer can not retrieve file through Windows command prompt, then check the firewall.

    A lot of companies block the ftp outgoing to protect their credical data. They may implement some proxy server...
    So for FTP issue, the issues are not always on your side.

    Good luck,

    Wesly
    0
     

    Author Comment

    by:stevendunne
    I've managed to resolve this now for the 2-3 customers who were affected.  Basically on the firewall on advanced options not access rules, I enabled "Force inbound & outbound FTP to default to port 20"

    However we send a file into one of our customer sites via one of our pc's, before it was setup that this particular pc was published on the internet with tcp\high-ports open the firewall to that pc.  Now I've enabled the "Force inbound & outbound FTP to default to port 20" this longer works for this particular customer.

    What have they done at there to make this so tricky ?  Or is it me ?
    0
     
    LVL 60

    Assisted Solution

    by:gheist
    basically binding to port 20/tcp requires ftpd to be run as root user, which may open security holes on host, but let us hope that firewall reasonably intercepts ftp connections.
    Another is passive mode, that prefers connecting from client to high ports of server, so for this mode you may need to enable inbound high port connections (some range synced on server and firewall) or disable PASV and EPSV commands on server, but keep in mind that some firewalls of your customers may allow only passive FTP mostly for simplicity ( no need to configure inbound data channel for ftp, same trick that MSIE does under "firewall and cable" advanced checkmark)
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
    Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Video by: Phil
    This video goes over how to configure and start a jail in FreeBSD.  This video is meant to supplement the following article: http://www.experts-exchange.com/OS/Unix/A_17455-HOWTO-FreeBSD-Jails.html

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now