climberboy
asked on
How can I get this server to allow FTP connections again?
This is a bit complicated. Here is the setup.
1) Server - running FileZilla FTP Server and running GREAT.
2) Client 1 - running ftp.exe to connect through the web via a batch file and running GREAT.
3) Client 2 - running ftp.exe to connect through the web via a batch file and running GREAT.
4) Client 3 - Cannot connect via ftp.exe
I inherited the machine in question from a security nut who ONLY wanted files coming to and from the server (Client 3 is running a ColdFusion app) via shared drives in remote desktop. I think he has tried to completely block FTP usage in OR out from that machine. It is running Windows 2003 Standard Edition with SP1.
Unfortunately, the ColdFusion application has gotten WAY to big to manage with the unreliable connection provided by RDC. It's slow as well, but I can live with that. What I CAN'T live with is the fact that if it fails during any part of a file copy it gives the same stupid error as when copying files in windows, and just stops where it is. It is now taking 4-5 one hour tries to get everything.
So, the solution (and this is IMPORTANT becuase the machine is ancient and I need backups of the SQL server data) is to schedule a .bat file that zips up the needed data and FTP's it off site. BUT, no ftp client will connect from the server in either active or passive mode.
The FTP server is running in active mode, and only has port 21 open to it. Both of the other machines I am running this process on (which I built) are humming right along, but this one fails every time.
Here is what I am doing:
Command Line:
FTP
Open [servername]
[username]
[password]
DIR
The server acknowledged the connection, and shows me as being logged in, but I cannot LIST or change directories or get or put files.
I also cannot find any Symantec or Norton or other firewall that would be blocking stuff and Windows Firewall is disable for now, so I am suspicious that the registry holds the answer, but obvously uncertain, or why post this.
I have also tried several windows command line clients. Cannot connect via FTP to ANY server successfully and get so muich as a DIR or LIST to work. Forget about GET and PUT.
Any help MUCH appreciated. This is low-level difficult stuff, so high points.
Thanks Experts!
1) Server - running FileZilla FTP Server and running GREAT.
2) Client 1 - running ftp.exe to connect through the web via a batch file and running GREAT.
3) Client 2 - running ftp.exe to connect through the web via a batch file and running GREAT.
4) Client 3 - Cannot connect via ftp.exe
I inherited the machine in question from a security nut who ONLY wanted files coming to and from the server (Client 3 is running a ColdFusion app) via shared drives in remote desktop. I think he has tried to completely block FTP usage in OR out from that machine. It is running Windows 2003 Standard Edition with SP1.
Unfortunately, the ColdFusion application has gotten WAY to big to manage with the unreliable connection provided by RDC. It's slow as well, but I can live with that. What I CAN'T live with is the fact that if it fails during any part of a file copy it gives the same stupid error as when copying files in windows, and just stops where it is. It is now taking 4-5 one hour tries to get everything.
So, the solution (and this is IMPORTANT becuase the machine is ancient and I need backups of the SQL server data) is to schedule a .bat file that zips up the needed data and FTP's it off site. BUT, no ftp client will connect from the server in either active or passive mode.
The FTP server is running in active mode, and only has port 21 open to it. Both of the other machines I am running this process on (which I built) are humming right along, but this one fails every time.
Here is what I am doing:
Command Line:
FTP
Open [servername]
[username]
[password]
DIR
The server acknowledged the connection, and shows me as being logged in, but I cannot LIST or change directories or get or put files.
I also cannot find any Symantec or Norton or other firewall that would be blocking stuff and Windows Firewall is disable for now, so I am suspicious that the registry holds the answer, but obvously uncertain, or why post this.
I have also tried several windows command line clients. Cannot connect via FTP to ANY server successfully and get so muich as a DIR or LIST to work. Forget about GET and PUT.
Any help MUCH appreciated. This is low-level difficult stuff, so high points.
Thanks Experts!
ASKER
I appreciate the detailed information buzzle74. However, I must state the two other machines, both outside my network, are working perfectly with the same client. Therefore, the problem must be on the 3rd client machine. This FTP server has been up and running as is for a very long time, with no issues whatsoever until now.
My opinion is that the person in charge of the 3rd client before me (2+ years ago now) must have excluded FTP traffic somehow. I am looking for clues along those lines.
Thanks,
Eric.
My opinion is that the person in charge of the 3rd client before me (2+ years ago now) must have excluded FTP traffic somehow. I am looking for clues along those lines.
Thanks,
Eric.
ASKER
Sorry, I commented before I read the whole post. The Security Configuration Wizard is not where it should be, under administrative tools. Also, the windir\security\msscw folder containing the command line wizard is missing.
There is no physical firewall running and Windows firewall is disabled. There are no KNOWN other firewalls, but I'd be open to looking for them if I knew where to start.
Any other ideas?
There is no physical firewall running and Windows firewall is disabled. There are no KNOWN other firewalls, but I'd be open to looking for them if I knew where to start.
Any other ideas?
OK, i guess it depends where this 3rd machine is in relation to the server and whats in between.
Most clients on the web cant access non-passive FTP servers
as even most standard home ADSL modem routers block incoming FTP connections by default
Couple things I would try from the 3rd machine would be to
- find out if there is a router in front of it before it reaches the internet
- try to connect to other ftp sites, see if you have the same prob
- check tcp/ip properties-advanced-option
Most clients on the web cant access non-passive FTP servers
as even most standard home ADSL modem routers block incoming FTP connections by default
Couple things I would try from the 3rd machine would be to
- find out if there is a router in front of it before it reaches the internet
- try to connect to other ftp sites, see if you have the same prob
- check tcp/ip properties-advanced-option
ASKER
Let's see here... All three client machines are on the internet. In fact, all three of them are in a colocation at NeoSpire in Dallas, TX. Each of them has a free and clear internet connection with no router in between them and the web. NeoSpire does not use firewalls... you have to provide your own, and we do not use a hardware firewall. As I mentioned before, Windows Firewall is turned off for troubleshooting, so really, there should not be any firewall, unless there is hidden software on the server that I do not know about.
I CAN connect to one other FTP server at a client's office, but only with a Win32 client... not with ftp.exe. It has the same problem. However, that same Win32 app CANNOT connect to the server in question, regardless of whether I turn passive mode on or off. I have checked all the settings countless times. They are correct.
Under TCP/IP Properties --> Internet Protocol Properties --> Advacned TCP/IP Settings --> Options tab --> TCP/IP Filtering all ports (TCP, UDP, and IP Protocols) are set to permit all. Also, the "Enable TCP/IP Filtering (All Adapters) check box is unchecked.
So the other client is new. I have tried tons of servers with it, and just happened across one that worked. Seems I can transfer files up/down as well as list directory conents. Regardless, I still cannot do anything useful on that server with ftp.exe... just connect and timeout on LIST, just like all other servers.
Also, that Win32 client cannot connect to the server in question, even though EVERYTHING works from any other box. Even my machine at home on FIOS works with that one in any way, shape, or form I can throw at it, and from any client.
WEIRD.
I CAN connect to one other FTP server at a client's office, but only with a Win32 client... not with ftp.exe. It has the same problem. However, that same Win32 app CANNOT connect to the server in question, regardless of whether I turn passive mode on or off. I have checked all the settings countless times. They are correct.
Under TCP/IP Properties --> Internet Protocol Properties --> Advacned TCP/IP Settings --> Options tab --> TCP/IP Filtering all ports (TCP, UDP, and IP Protocols) are set to permit all. Also, the "Enable TCP/IP Filtering (All Adapters) check box is unchecked.
So the other client is new. I have tried tons of servers with it, and just happened across one that worked. Seems I can transfer files up/down as well as list directory conents. Regardless, I still cannot do anything useful on that server with ftp.exe... just connect and timeout on LIST, just like all other servers.
Also, that Win32 client cannot connect to the server in question, even though EVERYTHING works from any other box. Even my machine at home on FIOS works with that one in any way, shape, or form I can throw at it, and from any client.
WEIRD.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Nothing has worked so far. Any other things to try?
ASKER
Nothing worked, and no further help from anyone. Points go to buzzle74 for the effort.
From memory FTP requires either the Server or the client to allow incoming connections on ports above 1024. This is because port 21 is only used for the initial connection and FTP command. Data transfer occurs on an additional connection between server and client on a port somewhere above port 1024.
If the server is to support passive mode from clients then it should be configured to allow incoming connections on ports above 1024. Passive mode returns the risk of opening ports above 1024 back to the server. If the server does not support passive then it expects to be able to connect back to the client on ports above 1024 to transfer data. Either way incoming connections on ports above 1024 need to be open on either the server or the client for the FTP connection to work.
if you research FTP ports on the net you will find some nice diagrams to give you a better idea of how the ftp process works. It can get complicated when you have source and destination ports as well as the direction of traffic to consider so it might take a little while to get your head around it.
Judging your situation the server does not support passive therefore the client is not allowing connections back to ports above 1024. It has to be a firewall somewhere blocking this for the client. Also check the Win2k3 security configuration wizard as there may be a policy applied through it filtering connections