[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 980
  • Last Modified:

FTP Connection forcibly closed when using FTP.exe at client site

There is an application at the client that executes a bat file that calls the built-in windows XP ftp.exe at the command line. The FTP client can log in and change directories, but it cannot list directories or download files. The FTP client freezes and then the connection is closed.

If the user uses a gui like FileZilla, they can do all operations. This problem has been reproduced on 2 other machines within the network. This FTP server can be accessed from other network locations without a problem. The FTP server location uses IP address filtering for security, and they have claimed that our IP address is white-listed.

No software firewalls on turned on, windows XP firewall is off, and the linksys router has been checked an no strange settings or restrictions are on it.

Why would FileZilla work and not FTP.exe. Is it the passive feature? Is there a way to toggle this in the command line? We do not want to change the way the application works because of this network issue.
0
Walt-the-IT-Guy
Asked:
Walt-the-IT-Guy
  • 6
  • 3
  • 3
  • +1
2 Solutions
 
omarfaridCommented:
check on the remote firewall if ports 20and 21 are allowed.
0
 
Walt-the-IT-GuyAuthor Commented:
All of their other customers are connecting to it fine, I can also connect from another network location that is white-listed using FTP.exe.

I did a port scan from my network that is working, and only 21 shows as open. I do not have access to their equipment, but could ask them to try things.
0
 
Iced-evilCommented:
I believe the problem commes from ftp.exe not being able to use passive mode.
You will need to use a different ftp client (command line based) that does support Passive mode.

Hope this helps
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
Walt-the-IT-GuyAuthor Commented:
This worked before however at the clients old location, it wasn't a problem until they moved to a new location.

Furthermore, this works from my location as well with no problems.

If it works at 2 locations without being passive, why will it not work at this one.
0
 
Iced-evilCommented:
There is a big difference between active and passive mode.
To know more about passiv and active mode see http://slacksite.com/other/ftp.html.
It is the network (router/firewall) that makes that active mode might not work and that passive mode is needed.
So if it doesn't work from the new location it is probably due to the new network at the new location and furthers my believe that the issue is related to active mode.

maybe give ncFTP a try
ftp://ftp.ncftp.com/ncftp/binaries/ncftp-3.2.1-win32.exe
0
 
giltjrCommented:
Iced-evil is correct.  The problem is dealing with active vs. passive ftp data connections.  MS ftp client can only do active.  Filezilla does passive by default.

Different locations have different firewalls.  Active ftp is considered "dangerous" because when using active ftp the server actually initiates the data connection to the client.  The server uses source port 20 to  a random port the client provides in the PORT command.
0
 
Walt-the-IT-GuyAuthor Commented:
both locations i tested from are using the same linksys router
one location works and the other does not

your solution does not explain this behavior
0
 
giltjrCommented:
Just because they are using the same type/model router, does not mean they are configured the same.

As I don't know how each site is setup, I don't know if they are the same.  That is:

   1) Are both linksys routers configured as much as they can be exactly the same?
   2) Do both sites have the same type of firewall?
   3) Are these firewalls configured exactly (as much as possible) the same?
   4) Is the firewall at the site where the FTP server is at configured to allow the same access from both of the remote sites?
   5) Do both client computers you tested with have the same personal firewall installed and enabled?
   6) Is the personal firewall on the client the computers configured exactly the same.

The symptoms you describe indicate that active ftp is being blocked someplace.  That is the ftp server initiating a outbound connection from port 20 to the port that the client said to use in the port command.  Someplace there is a difference, you just need to track it down.
0
 
Walt-the-IT-GuyAuthor Commented:
Yes I believe this needs to be troulehooted at a lower level than the application layer.

I stepped through both firewall setups and everything is the same, its mainly the default setup, there isn't any special port triggering/forwarding happening, its just an outgoing FTP connection. Once the FTP connect request leaves the network, I don't think the firewalls have much to do with it. Its more a question of why the firewall at the host is forcing the connection closed.

Personal firewalls are completley disabled and the service for it is turned off.

What troubleshooting can we do from our network regarding network tests, I do not have access to the host's network.
0
 
giltjrCommented:
The only thing you can do from your end, if possible, it to capture packets on the outbound side of the last piece of equipment in your network.

When doing active FTP you should see your ftp client send out the ftp command "PORT a,b,c,d,e,f" where a,b,c,d is the IP address of the ftp client and e,f is a magic number that represents the port the client is listening on.

The next thing you should see is a TCP SYN request coming from the server with the source port of 20 and the destination port of "X" where X = (e*256)+f.

If you do not see a TCP SYN request coming from the server, then something on the server side is blocking.
0
 
Iced-evilCommented:
Another possibility is that the internet provider is blocking the inbound connection.
As it is working from other sites it is unlikely that the problem is on the server side.
0
 
Walt-the-IT-GuyAuthor Commented:
The client is unreachable at the moment to do any more testing, so I'm waiting to hear back from them on their progress from the vendor.
0
 
Walt-the-IT-GuyAuthor Commented:
The client changed ftp programs. However, no one was able to explain the erratic behavior using the xp client.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 6
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now