Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FTP Connection forcibly closed when using FTP.exe at client site

Posted on 2008-06-10
13
Medium Priority
?
977 Views
Last Modified: 2013-12-09
There is an application at the client that executes a bat file that calls the built-in windows XP ftp.exe at the command line. The FTP client can log in and change directories, but it cannot list directories or download files. The FTP client freezes and then the connection is closed.

If the user uses a gui like FileZilla, they can do all operations. This problem has been reproduced on 2 other machines within the network. This FTP server can be accessed from other network locations without a problem. The FTP server location uses IP address filtering for security, and they have claimed that our IP address is white-listed.

No software firewalls on turned on, windows XP firewall is off, and the linksys router has been checked an no strange settings or restrictions are on it.

Why would FileZilla work and not FTP.exe. Is it the passive feature? Is there a way to toggle this in the command line? We do not want to change the way the application works because of this network issue.
0
Comment
Question by:Walt-the-IT-Guy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
  • +1
13 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 21752345
check on the remote firewall if ports 20and 21 are allowed.
0
 
LVL 1

Author Comment

by:Walt-the-IT-Guy
ID: 21752386
All of their other customers are connecting to it fine, I can also connect from another network location that is white-listed using FTP.exe.

I did a port scan from my network that is working, and only 21 shows as open. I do not have access to their equipment, but could ask them to try things.
0
 
LVL 6

Expert Comment

by:Iced-evil
ID: 21752392
I believe the problem commes from ftp.exe not being able to use passive mode.
You will need to use a different ftp client (command line based) that does support Passive mode.

Hope this helps
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 
LVL 1

Author Comment

by:Walt-the-IT-Guy
ID: 21752410
This worked before however at the clients old location, it wasn't a problem until they moved to a new location.

Furthermore, this works from my location as well with no problems.

If it works at 2 locations without being passive, why will it not work at this one.
0
 
LVL 6

Assisted Solution

by:Iced-evil
Iced-evil earned 300 total points
ID: 21752471
There is a big difference between active and passive mode.
To know more about passiv and active mode see http://slacksite.com/other/ftp.html.
It is the network (router/firewall) that makes that active mode might not work and that passive mode is needed.
So if it doesn't work from the new location it is probably due to the new network at the new location and furthers my believe that the issue is related to active mode.

maybe give ncFTP a try
ftp://ftp.ncftp.com/ncftp/binaries/ncftp-3.2.1-win32.exe
0
 
LVL 57

Expert Comment

by:giltjr
ID: 21783701
Iced-evil is correct.  The problem is dealing with active vs. passive ftp data connections.  MS ftp client can only do active.  Filezilla does passive by default.

Different locations have different firewalls.  Active ftp is considered "dangerous" because when using active ftp the server actually initiates the data connection to the client.  The server uses source port 20 to  a random port the client provides in the PORT command.
0
 
LVL 1

Author Comment

by:Walt-the-IT-Guy
ID: 21793393
both locations i tested from are using the same linksys router
one location works and the other does not

your solution does not explain this behavior
0
 
LVL 57

Expert Comment

by:giltjr
ID: 21793675
Just because they are using the same type/model router, does not mean they are configured the same.

As I don't know how each site is setup, I don't know if they are the same.  That is:

   1) Are both linksys routers configured as much as they can be exactly the same?
   2) Do both sites have the same type of firewall?
   3) Are these firewalls configured exactly (as much as possible) the same?
   4) Is the firewall at the site where the FTP server is at configured to allow the same access from both of the remote sites?
   5) Do both client computers you tested with have the same personal firewall installed and enabled?
   6) Is the personal firewall on the client the computers configured exactly the same.

The symptoms you describe indicate that active ftp is being blocked someplace.  That is the ftp server initiating a outbound connection from port 20 to the port that the client said to use in the port command.  Someplace there is a difference, you just need to track it down.
0
 
LVL 1

Author Comment

by:Walt-the-IT-Guy
ID: 21793720
Yes I believe this needs to be troulehooted at a lower level than the application layer.

I stepped through both firewall setups and everything is the same, its mainly the default setup, there isn't any special port triggering/forwarding happening, its just an outgoing FTP connection. Once the FTP connect request leaves the network, I don't think the firewalls have much to do with it. Its more a question of why the firewall at the host is forcing the connection closed.

Personal firewalls are completley disabled and the service for it is turned off.

What troubleshooting can we do from our network regarding network tests, I do not have access to the host's network.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 450 total points
ID: 21795892
The only thing you can do from your end, if possible, it to capture packets on the outbound side of the last piece of equipment in your network.

When doing active FTP you should see your ftp client send out the ftp command "PORT a,b,c,d,e,f" where a,b,c,d is the IP address of the ftp client and e,f is a magic number that represents the port the client is listening on.

The next thing you should see is a TCP SYN request coming from the server with the source port of 20 and the destination port of "X" where X = (e*256)+f.

If you do not see a TCP SYN request coming from the server, then something on the server side is blocking.
0
 
LVL 6

Expert Comment

by:Iced-evil
ID: 21799012
Another possibility is that the internet provider is blocking the inbound connection.
As it is working from other sites it is unlikely that the problem is on the server side.
0
 
LVL 1

Author Comment

by:Walt-the-IT-Guy
ID: 21802572
The client is unreachable at the moment to do any more testing, so I'm waiting to hear back from them on their progress from the vendor.
0
 
LVL 1

Author Closing Comment

by:Walt-the-IT-Guy
ID: 31465778
The client changed ftp programs. However, no one was able to explain the erratic behavior using the xp client.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction People like FTP.  It's a solid, stable, robust protocol for quickly transferring files between two hosts using TCP/IP.  In most cases it's much faster than SMB or CIFS, and certainly much easier to set up between organizations.  This…
Over the past decade, as Internet security has become a chief concern of IT professionals, one of the most common questions administrators and users ask is, “Which is more secure, SFTP or FTPS?” In short, both file transfer protocols offer a high…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question