Solved

ftp connection fails on command line

Posted on 2009-04-13
12
811 Views
Last Modified: 2013-11-29
I cannot connect to an ftp host via command line or  filezilla, but connects fine with Firefox and IE6. I have played around with active / passive mode in filezilla and still fails to connect.

Anyone know what is the difference between the browser connection  and the command line ?
0
Comment
Question by:supeno
  • 6
  • 5
12 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 400 total points
ID: 24129060
What error are you getting?

MS's ftp client uses active FTP.

Firefox uses passive FTP only and IE normally uses passive FTP, so although you state you have tried passive with Filezilla, I still bet that it is a passive issues.



0
 

Author Comment

by:supeno
ID: 24129230
The error is 425 (invalid address).

If I connect from home using MS's ftp client it connects.

Inside the office network I can connect from firefox and IE but not from MS's ftp client.

0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 400 total points
ID: 24129411
Typically 425 is a "can't open data connection."  This is either a firewall issue or a active vs. passive ftp issue.

It's unusual that from your home you can connect using MS client, but from within the office you can't.  Normally it is the other way around because normally.

Is there a firewall between your desktop and the ftp server inside the office.
0
 

Author Comment

by:supeno
ID: 24129999
I believe my desktop and the server are behind the same firewall. Is it logical to be able to connect via a browser ?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 400 total points
ID: 24130272
If you can connect to the ftp server using a browser you should be able to connect in the same manner (active or passive) using any ftp client.  

The browsers do nothing special, they have ftp clients built into them.

What you may want to do is get something like Wireshark (http://www.wireshark.org) and get a packet capture.  Then you can compare what happens with a browser to what happens with a client.

For an active ftp data transfer the client should issue the command "PORT" followed by 6 number separated by commas.  For passive ftp the client should issue the command "PASV" and then the server will respond with "227" with 6 numbers separated by commas.
0
 

Author Comment

by:supeno
ID: 24165663
The firewall people say they have punched a hole for the ip concerned. We still get the 425 error.
They state that we should use active ftp and no proxy. I can find anything about MS ftp client and proxy. Is it possible to dictate a proxy for this client ?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 400 total points
ID: 24167657
There is no way to configure the ftp client to use a proxy that I am aware of.  You would need to manually connect to the ftp proxy and then ftp from there.

I would suggest you get the people that responsible for the firewall and any network security and get a packet capture from the server, the client side, and at the firewall.  This should show you where the failure is occurring.
0
 
LVL 28

Assisted Solution

by:lesouef
lesouef earned 100 total points
ID: 24175323
there are subtle differences like command line will usually connect to the host then issue a user and passwd command while browser can either do the same or issue a URL which does it all like ftp://user:passwd@ftp.site.com
some servers don'tr accept such syntax.
but in your case, always use passive if any doubt (more common now, and supported almost everywhere though the original way is active), and make sure your proxy or firewall is setup to let your machine and protocol go through.
Some will accept outgoing traffic but not incoming on same ports, so all king of expected trouble depending on the admin fantasies! On top many situations are possible, ftp is very old and there are so many enhancements that no client will be able to connect to any server; so you end up using several clients most of the time.
Unfortunately, browser ftp clients are not amoung the best, except the fireftp extension for firefox.
Going back to the command line ftp is always a good idea as it is verbose and will speak to you.
For instance, it won't do a file list to start with, as a browser will do, so that allows you to distinguish a connection problem from a data transfer problem.
so to start with:
> ftp site.com replies what?
0
 

Author Comment

by:supeno
ID: 24248629
Thanks giltjr.

During the packet capture testing we discovered that  one member of the team based in the US could get a connection to the ftp host. Therefore we have asked the ftp server support to check if they have any restricted IPs. Awaiting response.
0
 

Author Comment

by:supeno
ID: 24589778
UPDATE: this is still ongoing.  The network has been ruled out. It has been narrowed down to the machine build seeing as some machines can connect to the remote FTP server and others cannot.

I am told by telecoms that wireshark has not shown up any differences between the company build machine and the non_build machine.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24590146
Well, I personally would not believe them.  If the two packet captures were exactly the same then both would be working.  Since one is failing there MUST be a difference.

However, I will  assume what is meant is that both computers send out the same thing, but one gets a response and the other does not.

So that means that there is a firewall (or some other packet filtering device) somewhere along the connection path that is blocking access.
0
 

Author Comment

by:supeno
ID: 24763926
Finally solved. The host name resolution was timimg out. We managed to get tech support from both appserver and ftp server together and we found that the 2 seconds allowed for the DNS to resolve the hostname was being exceeded. The result was the misleading 425 message.

Whether a computer could connect or not depended on network traffic.

Solution was to start the FTP server witht the -H option (don't resolve hostnames).

Fixed. Thanks to all for your advice.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

A few months ago I attended the Rocky Mountain IPv6 Summit which was a two-day educational event; it was the 3rd annual conference held here in Denver, Colorado that was held at the Hyatt Regency Denver at the Colorado Convention Center. It was an e…
I know for anybody starting from Beginner to Expert in Networking knows what OSI model. But this tutorial is for freshers or those who are new to networking world. Why I am putting OSI in such simple and compact manner is because it enables you to k…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now