Solved

How can I get this server to allow FTP connections again?

Posted on 2008-10-14
8
444 Views
Last Modified: 2013-12-09
This is a bit complicated.  Here is the setup.

1) Server - running FileZilla FTP Server and running GREAT.
2) Client 1 - running ftp.exe to connect through the web via a batch file and running GREAT.
3) Client 2 - running ftp.exe to connect through the web via a batch file and running GREAT.
4) Client 3 - Cannot connect via ftp.exe

I inherited the machine in question from a security nut who ONLY wanted files coming to and from the server (Client 3 is running a ColdFusion app) via shared drives in remote desktop.  I think he has tried to completely block FTP usage in OR out from that machine.  It is running Windows 2003 Standard Edition with SP1.

Unfortunately, the ColdFusion application has gotten WAY to big to manage with the unreliable connection provided by RDC.  It's slow as well, but I can live with that.  What I CAN'T live with is the fact that if it fails during any part of a file copy it gives the same stupid error as when copying files in windows, and just stops where it is.  It is now taking 4-5 one hour tries to get everything.

So, the solution (and this is IMPORTANT becuase the machine is ancient and I need backups of the SQL server data) is to schedule a .bat file that zips up the needed data and FTP's it off site.  BUT, no ftp client will connect from the server in either active or passive mode.

The FTP server is running in active mode, and only has port 21 open to it.  Both of the other machines I am running this process on (which I built) are humming right along, but this one fails every time.

Here is what I am doing:

Command Line:
FTP
Open [servername]
[username]
[password]
DIR

The server acknowledged the connection, and shows me as being logged in, but I cannot LIST or change directories or get or put files.

I also cannot find any Symantec or Norton or other firewall that would be blocking stuff and Windows Firewall is disable for now, so I am suspicious that the registry holds the answer, but obvously uncertain, or why post this.

I have also tried several windows command line clients.  Cannot connect via FTP to ANY server successfully and get so muich as a DIR or LIST to work.  Forget about GET and PUT.

Any help MUCH appreciated.  This is low-level difficult stuff, so high points.

Thanks Experts!
0
Comment
Question by:climberboy
  • 5
  • 3
8 Comments
 
LVL 1

Expert Comment

by:buzzle74
ID: 22717684
FTP is generally a pain in arse protocol that doesnt really run on only port 21.
From memory FTP requires either the Server or the client to allow incoming connections on ports above 1024. This is because port 21 is only used for the initial connection and FTP command. Data transfer occurs on an additional connection between server and client on a port somewhere above port 1024.

If the server is to support passive mode from clients then it should be configured to allow incoming connections on ports above 1024. Passive mode returns the risk of opening ports above 1024 back to the server. If the server does not support passive then it expects to be able to connect back to the client on ports above 1024 to transfer data. Either way incoming connections on ports above 1024 need to be open on either the server or the client for the FTP connection to work.

if you research FTP ports on the net you will find some nice diagrams to give you a better idea of how the ftp process works. It can get complicated when you have source and destination ports as well as the direction of traffic to consider so it might take a little while to get your head around it.

Judging your situation the server does not support passive therefore the client is not allowing connections back to ports above 1024.  It has to be a firewall somewhere blocking this for the client. Also check the Win2k3 security configuration wizard as there may be a policy applied through it filtering connections


 
0
 

Author Comment

by:climberboy
ID: 22717737
I appreciate the detailed information buzzle74.  However, I must state the two other machines, both outside my network, are working perfectly with the same client.  Therefore, the problem must be on the 3rd client machine.  This FTP server has been up and running as is for a very long time, with no issues whatsoever until now.

My opinion is that the person in charge of the 3rd client before me (2+ years ago now)  must have excluded FTP traffic somehow.  I am looking for clues along those lines.

Thanks,

Eric.
0
 

Author Comment

by:climberboy
ID: 22717775
Sorry, I commented before I read the whole post.  The Security Configuration Wizard is not where it should be, under administrative tools.  Also, the windir\security\msscw folder containing the command line wizard is missing.

There is no physical firewall running and Windows firewall is disabled.  There are no KNOWN other firewalls, but I'd be open to looking for them if I knew where to start.

Any other ideas?
0
 
LVL 1

Expert Comment

by:buzzle74
ID: 22718164
OK, i guess it depends where this 3rd machine is in relation to the server and whats in between.
Most clients on the web cant access non-passive FTP servers
as even most standard home ADSL modem routers block incoming FTP connections by default
Couple things I would try from the 3rd machine would be to

- find out if there is a router in front of it before it reaches the internet
- try to connect to other ftp sites, see if you have the same prob
- check tcp/ip properties-advanced-options-tcp/ip filtering.. to see if any filters are in place.

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:climberboy
ID: 22718217
Let's see here...  All three client machines are on the internet.  In fact, all three of them are in a colocation at NeoSpire in Dallas, TX.  Each of them has a free and clear internet connection with no router in between them and the web.  NeoSpire does not use firewalls... you have to provide your own, and we do not use a hardware firewall.  As I mentioned before, Windows Firewall is turned off for troubleshooting, so really, there should not be any firewall, unless there is hidden software on the server that I do not know about.

I CAN connect to one other FTP server at a client's office, but only with a Win32 client... not with ftp.exe.  It has the same problem.  However, that same Win32 app CANNOT connect to the server in question, regardless of whether I turn passive mode on or off.  I have checked all the settings countless times.  They are correct.

Under TCP/IP Properties --> Internet Protocol Properties --> Advacned TCP/IP Settings --> Options tab --> TCP/IP Filtering all ports (TCP, UDP, and IP Protocols) are set to permit all.  Also, the "Enable TCP/IP Filtering (All Adapters) check box is unchecked.

So the other client is new.  I have tried tons of servers with it, and just happened across one that worked.  Seems I can transfer files up/down as well as list directory conents.  Regardless, I still cannot do anything useful on that server with ftp.exe... just connect and timeout on LIST, just like all other servers.

Also, that Win32 client cannot connect to the server in question, even though EVERYTHING works from any other box.  Even my machine at home on FIOS works with that one in any way, shape, or form I can throw at it, and from any client.

WEIRD.
0
 
LVL 1

Accepted Solution

by:
buzzle74 earned 500 total points
ID: 22736150
I guess u could try

https://www.grc.com/x/ne.dll?bh0bkyd2

 to test that its internet address is actually what u think it should be and also what ports are visible from the internet.

0
 

Author Comment

by:climberboy
ID: 22779136
Nothing has worked so far.  Any other things to try?
0
 

Author Comment

by:climberboy
ID: 22831995
Nothing worked, and no further help from anyone.  Points go to buzzle74 for the effort.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How can I increase the cpu to the virtual machines? 5 81
For loop to add numbers 3 60
how to roll into all sub dirs 7 44
Windows 2003 SID Regeneration in ESXi 6.0 5 64
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now