Solved

ftp connection fails on command line

Posted on 2009-04-13
12
822 Views
Last Modified: 2013-11-29
I cannot connect to an ftp host via command line or  filezilla, but connects fine with Firefox and IE6. I have played around with active / passive mode in filezilla and still fails to connect.

Anyone know what is the difference between the browser connection  and the command line ?
0
Comment
Question by:supeno
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 400 total points
ID: 24129060
What error are you getting?

MS's ftp client uses active FTP.

Firefox uses passive FTP only and IE normally uses passive FTP, so although you state you have tried passive with Filezilla, I still bet that it is a passive issues.



0
 

Author Comment

by:supeno
ID: 24129230
The error is 425 (invalid address).

If I connect from home using MS's ftp client it connects.

Inside the office network I can connect from firefox and IE but not from MS's ftp client.

0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 400 total points
ID: 24129411
Typically 425 is a "can't open data connection."  This is either a firewall issue or a active vs. passive ftp issue.

It's unusual that from your home you can connect using MS client, but from within the office you can't.  Normally it is the other way around because normally.

Is there a firewall between your desktop and the ftp server inside the office.
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 

Author Comment

by:supeno
ID: 24129999
I believe my desktop and the server are behind the same firewall. Is it logical to be able to connect via a browser ?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 400 total points
ID: 24130272
If you can connect to the ftp server using a browser you should be able to connect in the same manner (active or passive) using any ftp client.  

The browsers do nothing special, they have ftp clients built into them.

What you may want to do is get something like Wireshark (http://www.wireshark.org) and get a packet capture.  Then you can compare what happens with a browser to what happens with a client.

For an active ftp data transfer the client should issue the command "PORT" followed by 6 number separated by commas.  For passive ftp the client should issue the command "PASV" and then the server will respond with "227" with 6 numbers separated by commas.
0
 

Author Comment

by:supeno
ID: 24165663
The firewall people say they have punched a hole for the ip concerned. We still get the 425 error.
They state that we should use active ftp and no proxy. I can find anything about MS ftp client and proxy. Is it possible to dictate a proxy for this client ?
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 400 total points
ID: 24167657
There is no way to configure the ftp client to use a proxy that I am aware of.  You would need to manually connect to the ftp proxy and then ftp from there.

I would suggest you get the people that responsible for the firewall and any network security and get a packet capture from the server, the client side, and at the firewall.  This should show you where the failure is occurring.
0
 
LVL 28

Assisted Solution

by:lesouef
lesouef earned 100 total points
ID: 24175323
there are subtle differences like command line will usually connect to the host then issue a user and passwd command while browser can either do the same or issue a URL which does it all like ftp://user:passwd@ftp.site.com
some servers don'tr accept such syntax.
but in your case, always use passive if any doubt (more common now, and supported almost everywhere though the original way is active), and make sure your proxy or firewall is setup to let your machine and protocol go through.
Some will accept outgoing traffic but not incoming on same ports, so all king of expected trouble depending on the admin fantasies! On top many situations are possible, ftp is very old and there are so many enhancements that no client will be able to connect to any server; so you end up using several clients most of the time.
Unfortunately, browser ftp clients are not amoung the best, except the fireftp extension for firefox.
Going back to the command line ftp is always a good idea as it is verbose and will speak to you.
For instance, it won't do a file list to start with, as a browser will do, so that allows you to distinguish a connection problem from a data transfer problem.
so to start with:
> ftp site.com replies what?
0
 

Author Comment

by:supeno
ID: 24248629
Thanks giltjr.

During the packet capture testing we discovered that  one member of the team based in the US could get a connection to the ftp host. Therefore we have asked the ftp server support to check if they have any restricted IPs. Awaiting response.
0
 

Author Comment

by:supeno
ID: 24589778
UPDATE: this is still ongoing.  The network has been ruled out. It has been narrowed down to the machine build seeing as some machines can connect to the remote FTP server and others cannot.

I am told by telecoms that wireshark has not shown up any differences between the company build machine and the non_build machine.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 24590146
Well, I personally would not believe them.  If the two packet captures were exactly the same then both would be working.  Since one is failing there MUST be a difference.

However, I will  assume what is meant is that both computers send out the same thing, but one gets a response and the other does not.

So that means that there is a firewall (or some other packet filtering device) somewhere along the connection path that is blocking access.
0
 

Author Comment

by:supeno
ID: 24763926
Finally solved. The host name resolution was timimg out. We managed to get tech support from both appserver and ftp server together and we found that the 2 seconds allowed for the DNS to resolve the hostname was being exceeded. The result was the misleading 425 message.

Whether a computer could connect or not depended on network traffic.

Solution was to start the FTP server witht the -H option (don't resolve hostnames).

Fixed. Thanks to all for your advice.
0

Featured Post

Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question