Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ftp connection fails on command line

Posted on 2009-04-13
12
Medium Priority
?
825 Views
Last Modified: 2013-11-29
I cannot connect to an ftp host via command line or  filezilla, but connects fine with Firefox and IE6. I have played around with active / passive mode in filezilla and still fails to connect.

Anyone know what is the difference between the browser connection  and the command line ?
0
Comment
Question by:supeno
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 1600 total points
ID: 24129060
What error are you getting?

MS's ftp client uses active FTP.

Firefox uses passive FTP only and IE normally uses passive FTP, so although you state you have tried passive with Filezilla, I still bet that it is a passive issues.



0
 

Author Comment

by:supeno
ID: 24129230
The error is 425 (invalid address).

If I connect from home using MS's ftp client it connects.

Inside the office network I can connect from firefox and IE but not from MS's ftp client.

0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1600 total points
ID: 24129411
Typically 425 is a "can't open data connection."  This is either a firewall issue or a active vs. passive ftp issue.

It's unusual that from your home you can connect using MS client, but from within the office you can't.  Normally it is the other way around because normally.

Is there a firewall between your desktop and the ftp server inside the office.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:supeno
ID: 24129999
I believe my desktop and the server are behind the same firewall. Is it logical to be able to connect via a browser ?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1600 total points
ID: 24130272
If you can connect to the ftp server using a browser you should be able to connect in the same manner (active or passive) using any ftp client.  

The browsers do nothing special, they have ftp clients built into them.

What you may want to do is get something like Wireshark (http://www.wireshark.org) and get a packet capture.  Then you can compare what happens with a browser to what happens with a client.

For an active ftp data transfer the client should issue the command "PORT" followed by 6 number separated by commas.  For passive ftp the client should issue the command "PASV" and then the server will respond with "227" with 6 numbers separated by commas.
0
 

Author Comment

by:supeno
ID: 24165663
The firewall people say they have punched a hole for the ip concerned. We still get the 425 error.
They state that we should use active ftp and no proxy. I can find anything about MS ftp client and proxy. Is it possible to dictate a proxy for this client ?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 1600 total points
ID: 24167657
There is no way to configure the ftp client to use a proxy that I am aware of.  You would need to manually connect to the ftp proxy and then ftp from there.

I would suggest you get the people that responsible for the firewall and any network security and get a packet capture from the server, the client side, and at the firewall.  This should show you where the failure is occurring.
0
 
LVL 28

Assisted Solution

by:lesouef
lesouef earned 400 total points
ID: 24175323
there are subtle differences like command line will usually connect to the host then issue a user and passwd command while browser can either do the same or issue a URL which does it all like ftp://user:passwd@ftp.site.com
some servers don'tr accept such syntax.
but in your case, always use passive if any doubt (more common now, and supported almost everywhere though the original way is active), and make sure your proxy or firewall is setup to let your machine and protocol go through.
Some will accept outgoing traffic but not incoming on same ports, so all king of expected trouble depending on the admin fantasies! On top many situations are possible, ftp is very old and there are so many enhancements that no client will be able to connect to any server; so you end up using several clients most of the time.
Unfortunately, browser ftp clients are not amoung the best, except the fireftp extension for firefox.
Going back to the command line ftp is always a good idea as it is verbose and will speak to you.
For instance, it won't do a file list to start with, as a browser will do, so that allows you to distinguish a connection problem from a data transfer problem.
so to start with:
> ftp site.com replies what?
0
 

Author Comment

by:supeno
ID: 24248629
Thanks giltjr.

During the packet capture testing we discovered that  one member of the team based in the US could get a connection to the ftp host. Therefore we have asked the ftp server support to check if they have any restricted IPs. Awaiting response.
0
 

Author Comment

by:supeno
ID: 24589778
UPDATE: this is still ongoing.  The network has been ruled out. It has been narrowed down to the machine build seeing as some machines can connect to the remote FTP server and others cannot.

I am told by telecoms that wireshark has not shown up any differences between the company build machine and the non_build machine.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24590146
Well, I personally would not believe them.  If the two packet captures were exactly the same then both would be working.  Since one is failing there MUST be a difference.

However, I will  assume what is meant is that both computers send out the same thing, but one gets a response and the other does not.

So that means that there is a firewall (or some other packet filtering device) somewhere along the connection path that is blocking access.
0
 

Author Comment

by:supeno
ID: 24763926
Finally solved. The host name resolution was timimg out. We managed to get tech support from both appserver and ftp server together and we found that the 2 seconds allowed for the DNS to resolve the hostname was being exceeded. The result was the misleading 425 message.

Whether a computer could connect or not depended on network traffic.

Solution was to start the FTP server witht the -H option (don't resolve hostnames).

Fixed. Thanks to all for your advice.
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question