Solved

FTP Connection forcibly closed when using FTP.exe at client site

Posted on 2008-06-10
13
967 Views
Last Modified: 2013-12-09
There is an application at the client that executes a bat file that calls the built-in windows XP ftp.exe at the command line. The FTP client can log in and change directories, but it cannot list directories or download files. The FTP client freezes and then the connection is closed.

If the user uses a gui like FileZilla, they can do all operations. This problem has been reproduced on 2 other machines within the network. This FTP server can be accessed from other network locations without a problem. The FTP server location uses IP address filtering for security, and they have claimed that our IP address is white-listed.

No software firewalls on turned on, windows XP firewall is off, and the linksys router has been checked an no strange settings or restrictions are on it.

Why would FileZilla work and not FTP.exe. Is it the passive feature? Is there a way to toggle this in the command line? We do not want to change the way the application works because of this network issue.
0
Comment
Question by:Walt-the-IT-Guy
  • 6
  • 3
  • 3
  • +1
13 Comments
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
check on the remote firewall if ports 20and 21 are allowed.
0
 
LVL 1

Author Comment

by:Walt-the-IT-Guy
Comment Utility
All of their other customers are connecting to it fine, I can also connect from another network location that is white-listed using FTP.exe.

I did a port scan from my network that is working, and only 21 shows as open. I do not have access to their equipment, but could ask them to try things.
0
 
LVL 6

Expert Comment

by:Iced-evil
Comment Utility
I believe the problem commes from ftp.exe not being able to use passive mode.
You will need to use a different ftp client (command line based) that does support Passive mode.

Hope this helps
0
 
LVL 1

Author Comment

by:Walt-the-IT-Guy
Comment Utility
This worked before however at the clients old location, it wasn't a problem until they moved to a new location.

Furthermore, this works from my location as well with no problems.

If it works at 2 locations without being passive, why will it not work at this one.
0
 
LVL 6

Assisted Solution

by:Iced-evil
Iced-evil earned 100 total points
Comment Utility
There is a big difference between active and passive mode.
To know more about passiv and active mode see http://slacksite.com/other/ftp.html.
It is the network (router/firewall) that makes that active mode might not work and that passive mode is needed.
So if it doesn't work from the new location it is probably due to the new network at the new location and furthers my believe that the issue is related to active mode.

maybe give ncFTP a try
ftp://ftp.ncftp.com/ncftp/binaries/ncftp-3.2.1-win32.exe
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Iced-evil is correct.  The problem is dealing with active vs. passive ftp data connections.  MS ftp client can only do active.  Filezilla does passive by default.

Different locations have different firewalls.  Active ftp is considered "dangerous" because when using active ftp the server actually initiates the data connection to the client.  The server uses source port 20 to  a random port the client provides in the PORT command.
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 1

Author Comment

by:Walt-the-IT-Guy
Comment Utility
both locations i tested from are using the same linksys router
one location works and the other does not

your solution does not explain this behavior
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Just because they are using the same type/model router, does not mean they are configured the same.

As I don't know how each site is setup, I don't know if they are the same.  That is:

   1) Are both linksys routers configured as much as they can be exactly the same?
   2) Do both sites have the same type of firewall?
   3) Are these firewalls configured exactly (as much as possible) the same?
   4) Is the firewall at the site where the FTP server is at configured to allow the same access from both of the remote sites?
   5) Do both client computers you tested with have the same personal firewall installed and enabled?
   6) Is the personal firewall on the client the computers configured exactly the same.

The symptoms you describe indicate that active ftp is being blocked someplace.  That is the ftp server initiating a outbound connection from port 20 to the port that the client said to use in the port command.  Someplace there is a difference, you just need to track it down.
0
 
LVL 1

Author Comment

by:Walt-the-IT-Guy
Comment Utility
Yes I believe this needs to be troulehooted at a lower level than the application layer.

I stepped through both firewall setups and everything is the same, its mainly the default setup, there isn't any special port triggering/forwarding happening, its just an outgoing FTP connection. Once the FTP connect request leaves the network, I don't think the firewalls have much to do with it. Its more a question of why the firewall at the host is forcing the connection closed.

Personal firewalls are completley disabled and the service for it is turned off.

What troubleshooting can we do from our network regarding network tests, I do not have access to the host's network.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 150 total points
Comment Utility
The only thing you can do from your end, if possible, it to capture packets on the outbound side of the last piece of equipment in your network.

When doing active FTP you should see your ftp client send out the ftp command "PORT a,b,c,d,e,f" where a,b,c,d is the IP address of the ftp client and e,f is a magic number that represents the port the client is listening on.

The next thing you should see is a TCP SYN request coming from the server with the source port of 20 and the destination port of "X" where X = (e*256)+f.

If you do not see a TCP SYN request coming from the server, then something on the server side is blocking.
0
 
LVL 6

Expert Comment

by:Iced-evil
Comment Utility
Another possibility is that the internet provider is blocking the inbound connection.
As it is working from other sites it is unlikely that the problem is on the server side.
0
 
LVL 1

Author Comment

by:Walt-the-IT-Guy
Comment Utility
The client is unreachable at the moment to do any more testing, so I'm waiting to hear back from them on their progress from the vendor.
0
 
LVL 1

Author Closing Comment

by:Walt-the-IT-Guy
Comment Utility
The client changed ftp programs. However, no one was able to explain the erratic behavior using the xp client.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
With the withdrawal of support for Windows Server 2003 this summer, many clients face the issue of moving away from their 2003 installs. There are a few options out there that many people/companies are selling. But the clients I have, haven't wanted…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now