[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2257
  • Last Modified:

FTP Command question

I am trying to set up a connection to a secure FTP server for the first time, and cannot transfer files.

My preferred FTP client is a job scheduler that includes a basic FTP interface; it also includes "custom commands", where if I need more functionality than the interface provides, I can use an FTP command in conjunction with the interface.  I also have access to IPswitch WS-FTP Pro, which I can use to test an FTP connection - but the goal is to be able to upload the file from the job scheduler's built-in FTP client.

When I upload a file to that server, using WS-FTP Pro, I have to use a checkbox:

"Force passive connections to use host address."

part of the output is as follows:

PASV Entering passive mode (<their private IP address - not their public IP address we established the connection with>
connecting data channel to <private IP address>
Substituting connection address <public IP address that we established the connection with> for private address <private IP address> from PASV
...and we are able to upload a file to the FTP server.

If I use the job scheduler, which does not have a comparable checkbox, I see the following:

PASV Entering passive mode (<private IP address).
LIST
Opening data connection.
QUIT

And the file transfer fails.

I think what is happening, is something along these lines. Their FTP server is probably behind something that provides natting.  When our FTP client enters passive mode, their server returns their private IP address.  The WS-FTP Pro FTP client, with that checkbox, is able to force itself back to the public IP address that we should be communicating with.  The FTP client in the job scheduler attempts to respond back to the private  

Back to the job scheduler FTP client; it does not have a comparable checkbox, so I need to find a command equivalent that will work with their FTP server.

I did some research; to me it sounds like "EPSV" may be an equivalent command.  When I attempted to use it in conjunction with the FTP upload in the job scheduler, I get the message:
"EPSV command not understood", so it seems that their server does not support that command.

I'm thinking that that may not actually be the underlying command for the WS-FTP Pro switch, since presumably if it were, the WS-FTP Pro file transfer wouldn't work either.  Also, I don't see EPSV in the output from the WS-FTP Pro session.

The simple solution would be to ask the client what command might work at their FTP server, or one suggestion I have had is to ask them for our FTP session log, and we would be able to identify the command from that.  However, in this particular case, they want to make us use their FTP client - if we want to use our preferred FTP client, then we are on our own - they won't provide any support.

Below is the full FTP session output:

FTP session with WS-FTP Pro, "Force passive connections to use host address." selected:

"Force passive connections to use host address."

Connecting to <public IP>:5555
Connected to <public IP>:5555 in 0.031250 seconds, Waiting for Server Response
Initializing SSL Session ...
220 CONNECT:Enterprise Gateway 2.0.02. FTP Server ready...
AUTH TLS
234 AUTH: command accepted. Securing command channel ...
SSL session NOT set for reuse
SSL Session Started.
Host type (1): CONNECT:Enterprise
USER UID
331 Password required for UID.
PASS (hidden)
230 User UID logged in. Session Id: 82528.
Host type (I): CONNECT:Enterprise
PBSZ 0
200 PBSZ command accepted.
PROT P
200 PROT command accepted. Data transactions will be secured.
PWD
257 "UID" is the current working Mailbox ID.
TYPE A200 TYPE set to A.
PASV
227 PASV Entering passive mode (<private IP>,51).
connecting data channel to <private IP>,51(55603)
Substituting connection address <public IP> for private address <private IP> from PASV
data channel connected to <public IP>:217,51(55603)
LIST
150 Opening data connection.
transferred 376 bytes in < 0.001 seconds, 2937.500 Kbps ( 367.188 Kbps), transfer succeeded.
226 List complete. Closing data connection. 4 batches listed.
Starting request
TYPE I
200 TYPE set to I.

227 PASV Entering passive mode PASV
connecting data channel to <private IP>,53(55605)
Substituting connection address <public IP> for private address  <private IP> from PASV
data channel connected to <public IP>:,53(55605)
STOR test.tst
150 Opening data connection.
226 Transfer complete. 'test.tst', batch number 0436940 9 bytes.
transferred 9 bytes in 0.500 seconds, 144.000 Bps ( 18.000 Bps), transfer succeeded.
Transfer request completed with status: Finished
TYPE A
200 TYPE set to A.
PASV
227 PASV Entering passive mode ( <private IP>,55).
connecting data channel to  <private IP>,55(55607)
Substituting connection address <public IP> for private address  <private IP> from PASV
data channel connected to <public IP>:,55(55607)
LIST
150 Opening data connection.
transferred 470 bytes in < 0.001 seconds, 3671.875 Kbps ( 458.984 Kbps), transfer succeeded.
226 List complete. Closing data connection. 5 batches listed.

FTP session with job scheduler client:

CONNECT:Enterprise Gateway 2.0.02. FTP Server ready...
AUTH SSL
AUTH: command accepted. Securing command channel ...
PBSZ 0
PBSZ command accepted.
PROT P
PROT command accepted. Data transactions will be secured.
USER UID
Password required for UID.
PASS ****
User UID logged in. Session Id: 87085.
PROT P
PROT command accepted. Data transactions will be secured.
PWD
"UID" is the current working Mailbox ID.
PWD
"UID" is the current working Mailbox ID.
CWD /UID
CWD was successful. Current working Mailbox is "UID".
PWD
"UID" is the current working Mailbox ID.
TYPE A
TYPE set to A.
PASV
PASV Entering passive mode (<private IP>,5).
LIST
LIST failed. No batches found.
QUIT

Any idea as to what command equivalents might be available for the WS-FTP Pro option "Force passive connections to use host address." that might work with their FTP server?
0
chax8744
Asked:
chax8744
  • 3
  • 2
1 Solution
 
b0lsc0ttCommented:
Do you know what client this "job scheduler" actually uses?  If it is the command prompt and a Windows machine then you are probably out of luck.  That ftp client doesn't support passive ftp.  There really isn't another command or a way to go around this type of limitation.

I do have a suggestion though.  I am not sure this will help or do it but it can't hurt.  Try using the command "quote pasv".  You would probably need to do it right after the connection.  Definitely before the client tries to send the file because that is when the passive support is needed.

Let me know how it works or if you have a question.

bol
0
 
chax8744Author Commented:
Unfortunately, that did not help - it seems that their server does not accept the "QUOTE" command.

The FTP client, as far as I can tell, is simply some FTP functionality built-in to the scheduler.  There is an option to set up a connection with "PASV" or "PORT" (I've tried both - it is supposed to be a PASV connection.)  And we can set the port, and type of SSL (in this case, SSL-AUTH), among a few other things.

Unfortunately, the available settings in the client do not include the equivalent of the checkbox in WS-FTP Pro ""Force passive connections to use host address", which seems to be required for this connection to work for a file transfer.  Among the options of the client is the facility to send a command to the FTP server, that could help extend the functionality of what is provided in the interface settings - but, it seems to be a tall order to work out the correct command that will work with their server!

I am making an assumption - that that checkbox in WS-FTP Pro does in fact have an underlying FTP command that could be sent to the server from the client that we prefer to use...does that seem to be correct to you?  
0
 
b0lsc0ttCommented:
Thanks for trying the QUOTE command and letting me know the results.  It was something I read that sounded like it might have an effect but I was afraid the issue was the client and it wouldn't overcome that.
The checkbox is really related to an FTP command as much as it is related to that program supporting the passive "method" for FTP.  Of course commands are also a part of it but not all.  If the client doesn't support passive FTP (like the built in Windows FTP command on many OSs) sending the "PASV" command or getting it from the server will not be enough to get the file transfer to work.  If the server uses passive FTP and the client doesn't support it there is no way to overcome that limitation with commands, etc.  WS-FTP Pro does support passive FTP and that checkbox is the way to enable it for the connection.  It is more than just commands.
Let me know if you have a question about this.  Without details on the client the scheduler program uses I can't say how to enable its passive FTP option, if it even has one.  If the company that provides the sceduler can't provide these details or doesn't have an update for it then I don't see anything else you can do to make it work.
Since you do have WS-FTP Pro do you know it has a way to schedule and script your FTP "jobs"?  If you haven't considered it or known about these abilities then I just wanted to suggest it as an alternative.
Let me know if you have a question about any of this or need more info.
bol
0
 
chax8744Author Commented:
While the question, as posed, I think is probably insoluable without either an update to the FTP client in use, or some additional cooperation from the other party, I was able to get WS-FTP Pro to work with the scheduler and solve the problem.

0
 
b0lsc0ttCommented:
I'm glad I could help.  Thanks for the grade, the points and the fun question.
bol
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now