[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Connecting to an FTP server remotely

Posted on 2010-01-05
15
Medium Priority
?
1,182 Views
Last Modified: 2013-12-09
I need help please, to trouble-shoot a problem connecting to an FTP server
remotely.
The FTP server is a network attached device called Linksys NAS200. It runs a Linux distribution in firmware.
The device has been given a static private IP (192.168.100.82) behind a
firewall with TCP port 21 opened. A hard disk is installed in the NAS200.
Shared-folders, users/access permission and rights have been set via the device GUI.

Using XP Windows Explorer or MS Internet Explorer, on the LAN, I have no problem logging on and accessing the shared folders.
However, accessing remotely via internet, I consistently receive the following error;
..............................................................................................................
"An error occurred opening that folder on the FTP Server. Make sure
you have permission to access that folder.

Details:
200 Transfer type changed to ASCII
227 Entering Passive Mode (192,168,100,82,6,150)"
..............................................................................................................
If I use Windows XP FTP commands at the prompt remotely, I have no
problem at all. Please see a typical session below;
..............................................................................................................
c:\Temp>ftp
ftp> open
To smtp.goodhealth.co.nz
Connected to smtp.goodhealth.co.nz.
220 FTP server at 192.168.100.82 ready.
User (smtp.goodhealth.co.nz:(none)): gary
331 Password please.
Password:
230 User logged in.
ftp> ls
200 PORT 202.89.61.138:49709 OK
150 Data connection established.
drwxrwxr-x   1 gary     everyone     4096 Dec 30 09:19 DISK
drwxrwxr-x   1 gary     everyone     4096 Dec 30 09:19 PUBLIC DISK
drwxrwxr-x   1 gary     everyone     4096 Dec 30 09:19 backup
drwxrwxr-x   1 gary     everyone     4096 Dec 30 09:19 reports
drwxrwxr-x   1 gary     everyone     4096 Dec 30 09:19 korea
drwxrwxr-x   1 gary     everyone     4096 Dec 30 09:19 aust
226 Directory list has been submitted.
ftp: 439 bytes received in 0.00Seconds 439000.00Kbytes/sec.
ftp> cd "Public Disk"
250 OK
ftp> ls
200 PORT 202.89.61.138:49713 OK
150 Data connection established.
Australian Product Information
Digestive range advert 12 Nov 09.pdf
GHP Colostrum Video.VOB
Resources
226 Directory list has been submitted.
ftp: 192 bytes received in 0.22Seconds 0.88Kbytes/sec.
ftp> get
Remote file "Digestive range advert 12 Nov 09.pdf"
Local file ghp-ad.pdf
200 PORT 202.89.61.138:49726 OK
150 Data connection established.
226 File transmission successful.
ftp: 792480 bytes received in 8.66Seconds 91.55Kbytes/sec.
ftp> close
221 See you later...
ftp> quit
c:\Temp>
...............................................................................................................
Additionally, please note that;
1) Elsewhere on 2 other sites, similarly configured NAS200 in combination with identical 2-Wire 2701HGV-W Gateway modem-routers work without issues.
2) I have tried opening up TCP 20 as well.

Thanks in advance for your help.
0
Comment
Question by:garychu
  • 8
  • 7
15 Comments
 
LVL 35

Expert Comment

by:torimar
ID: 26187200
It looks like the NAS server is not configured for PASSIVE mode, whereas it works fine with the active, PORT connection used by the command line FTP.

For connections to an FTP server it is highly advisable to use proper FTP client software, like Filezilla (filezilla-project.org), for instance, which is free and open source. Those clients may be configured with many options on a per connection base.

If you wish to use PORT mode on Internet Explorer, here's how you configure it: http://compnetworking.about.com/cs/novellgroupwise/ht/setpassiveftpie.htm (Untick the PASV option)
Note: This setting will be persistent. If you happen to encounter FTP servers that require PASV, you will have to reconfigure IE.
0
 
LVL 35

Expert Comment

by:torimar
ID: 26187212
If that doesn't solve the issue, please check out this KB article: http://support.microsoft.com/kb/135975

It specifies a workaround, but the main tenor is: don't use IE for this purpose.
0
 
LVL 35

Expert Comment

by:torimar
ID: 26187224
If still no joy, please connect with a proper client (Filezilla) and post the complete connection log here. The log window is the uppermost one.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:garychu
ID: 26198601
Thanks, torimar.
For reason of standardisation and simplicity, users have always been using Windows Explorer (not Internet Explorer) to make FTP connection. This has been working fine until recently - for some reason...

An exact similar configuration of the NAS and router is in use on 2 other sites. Both are still working ok. This is what makes it so puzzling.

The NAS does not have an option to change from PASSIVE to PORT mode and vice versa. Is there an FTP command to do this - just to confirm?
Working behind the firewall (on the LAN), everything works normally.
Management's preference is to continue to use Window Explorer.
But as a further trouble-shooting step, I will try Filezilla and revert.

Thanks again in the meantime.
0
 

Author Comment

by:garychu
ID: 26272367
Hello again, torimar.
I make  test connections to 2 FTP servers with Filezilla.
Both are similar in terms of an Linksys NAS200 working behind a firewall provided by a similar make/model/firmware of router.
Quick connect was used in both cases.
In one case it was successful, with log as follows;
=====================================================Test One
Status:      Resolving address of smtp.devon.co.nz
Status:      Connecting to 210.54.239.160:21...
Status:      Connection established, waiting for welcome message...
Response:      220 FTP server at 192.168.1.80 ready.
Command:      USER gary
Response:      331 Password please.
Command:      PASS *******
Response:      230 User logged in.
Command:      CLNT FileZilla
Response:      200 Noted
Command:      OPTS UTF8 ON
Response:      200 UTF-8 Encoding Enabled
Status:      Connected
Status:      Retrieving directory listing...
Command:      PWD
Response:      257 "/" is the current working directory.
Status:      Directory listing successful
========================================================
The other test connection failed. Logged as follows;

========================================================Test Two
Status:      Resolving address of smtp.goodhealth.co.nz
Status:      Connecting to 219.89.112.21:21...
Status:      Connection established, waiting for welcome message...
Response:      220 FTP server at 192.168.100.82 ready.
Command:      USER gary
Response:      331 Password please.
Command:      PASS *******
Response:      230 User logged in.
Command:      CLNT FileZilla
Response:      200 Noted
Command:      OPTS UTF8 ON
Response:      200 UTF-8 Encoding Enabled
Status:      Connected
Status:      Retrieving directory listing...
Command:      PWD
Response:      257 "/" is the current working directory.
Command:      TYPE I
Response:      200 Transfer type changed to BINARY
Command:      PASV
Response:      227 Entering Passive Mode (192,168,100,82,9,195)
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      LIST
Error:      Connection timed out
Error:      Failed to retrieve directory listing
=========================================================================
Test connection one also works with using Windows Explorer.
But not test connection two - the whole reason for this question.

Does the comparative logs indicate what is not working properly in server two?
Why did the client send additional commands? TYPE I and so on...

Looking forward to your comments. Thanks

0
 
LVL 35

Expert Comment

by:torimar
ID: 26274905
In FileZilla, File > Site Manager, choose the second site, go to tab "Transfer settings" and change them from 'Auto' to 'Active'.
In Edit > Settings > Connection > FTP > Active, select "Get external IP address from the following URL".

Then try again. What do the logs say now?

In general, this looks very much like a router/NAT configuration issue. Read more about this here: http://www.sbbi.net/site/jafs/docs/upnp-nat.html
Are you sure both routers are set up identically?
0
 

Author Comment

by:garychu
ID: 26275945
Thanks for coming back to me so promptly. torimar.
Tried the second (failing) connections as suggested.
Still failed with the following logged
========================================================
Status:      Resolving address of smtp.goodhealth.co.nz
Status:      Connecting to 219.89.112.21:21...
Status:      Connection established, waiting for welcome message...
Response:      220 FTP server at 192.168.100.82 ready.
Command:      USER gary
Response:      331 Password please.
Command:      PASS *******
Response:      230 User logged in.
Command:      SYST
Response:      215 UNIX Type: L8
Command:      FEAT
Response:      211-Extensions supported:
Response:       XPWD
Response:       EPRT
Response:       EPSV
Response:       ALLO
Response:       APPE
Response:       MDTM
Response:       XCWD
Response:       XCUP
Response:       XMKD
Response:       XRMD
Response:       REST
Response:       SIZE
Response:       UTF8
Response:       CLNT
Response:      211 End
Command:      CLNT FileZilla
Response:      200 Noted
Command:      OPTS UTF8 ON
Response:      200 UTF-8 Encoding Enabled
Status:      Connected
Status:      Retrieving directory listing...
Command:      PWD
Response:      257 "/" is the current working directory.
Command:      TYPE I
Response:      200 Transfer type changed to BINARY
Command:      PORT 202,89,61,138,4,149
Response:      200 PORT 202.89.61.138:5001 OK
Command:      LIST
Error:      Connection timed out
Error:      Failed to retrieve directory listing
===========================================================
The modem-router in both cases are identical (2-Wire). They are supplied by the same ISP, pre-configured to connect. Except for differences in ports forwarding to private IPs, I do not recall doing anything on one without doing the same on the other. I could of course have been dozy at the time. What do you suggest I look for in particular?
I will meanwhile take a look at the document you provided a link to.
Thanks again.
0
 

Author Comment

by:garychu
ID: 26300139
I have today tried to narrow down the search for the source of the problem.
I re-configured the NAS200 to listen to a different gateway, which is a router on a separate internet connection provided by a different ISP.
The result was exactly the same!
My conclusion - the NAS200 will have to be the culprit. Or perhaps a quirk of Windows Explorer since FTP commands still work.
Unfortunately, the support people from Linksys seem to be of no help. The person I spoke to could not help beyond clicking a button to enable or disable FTP service. No idea what I was talking about when asked if by default the NAS200 works in passive or active mode.
Any more comments which could be of help, please?
0
 
LVL 35

Accepted Solution

by:
torimar earned 2000 total points
ID: 26300783
Status:      Connected
Status:      Retrieving directory listing...
Command:      PWD
Response:      257 "/" is the current working directory.
Command:      TYPE I
Response:      200 Transfer type changed to BINARY
Command:      PORT 202,89,61,138,4,149
Response:      200 PORT 202.89.61.138:5001 OK
Command:      LIST
Error:      Connection timed out
Error:      Failed to retrieve directory listing
------------------------------------------------------

The above piece of log seems to indicate that the data port connection (5001) failed in active mode. This could be a router/NAT issue on the client side. I suggest you try active via FileZilla again so that we can make sure that at least active mode is actually working.
Go to Edit > Settings > Connection > FTP > Active again, select a small range of ports, say: 5000 - 5020.
Then, in the router that the client machine connects through, forward that range of ports to the client machine for the TCP protocol, incoming and outgoing. Also make sure no firewall interferes with these ports on the client side. Then try connecting again.
If it fails, establish the same forwarding rules in the NAS's router, and try connecting.

As to the issue in general, I am a bit stumped. It clearly is a problem related to ports (opened, blocked, forwarded), thus needs to be resolved either in client/server firewalls, or FTP settings, or router NAT.
Are you sure the NAS doesn't offer advanced config options (for FTP etc)? Does it have an integrated firewall module? How do you connect to it: via browser interface or directly using telnet?

The fact that the replacement router didn't work either does not automatically mean that the router configuration is not involved. Some types of (FTP) traffic don't work out of the box; they will require a modification in router settings. So check those again.
0
 

Author Comment

by:garychu
ID: 26416150
I have not given up on the issue yet!

I followed your suggestion to active connect via 5000 - 5020 with Filezilla client.
First forwarding the range at the client computer.
Then also at the NAS router.
Both efforts proved fruitless.
Snippet of last log;
.....
Status:      Connected
Status:      Retrieving directory listing...
Command:      PWD
Response:      257 "/" is the current working directory.
Command:      TYPE I
Response:      200 Transfer type changed to BINARY
Command:      PORT 202,89,61,138,19,154
Response:      200 PORT 202.89.61.138:5019 OK
Command:      LIST
Error:      Connection timed out
Error:      Failed to retrieve directory listing

I can re-confirm that the NAS does not have any advanced config options affecting FTP. I connect to it via a browser GUI. As stated earlier, an identical NAS+router combination is used without problem on another site. I have since made a detailed line-by-line comparison of the configuration and found no difference. I have also tried using the Filezilla client from at least 4 separate computers at different sites - all with similar failure as above.

Grateful that your patience is hold up!
0
 
LVL 35

Expert Comment

by:torimar
ID: 26416679
But we both know there must be a difference somewhere, be it minute. Either in the NAS or in the router.

Could you, just for a test, connect the NAS to another router, or - even better - simply swap those two routers and see what happens?
0
 

Author Comment

by:garychu
ID: 26431762
It is not practical to to do the swap.
I am under some pressure now to put in an alternative solution.
FTP users should not be Windows domain authenticated, but not anonymous.
First impulse would be to set up an existing member Win 2003 server.
To keep the FTP server outside the domain, would Filezilla server do the job - better?
Your advice would be appreciated. Thanks.
0
 

Author Comment

by:garychu
ID: 26548990
I have since put in an alternative solution using Filezilla server. It is a much more powerful and flexible  solution than using the NAS200, albeit the latter being simple to implement. Using a member server computer in an existing Win2003 domain, I had to make a little customisation before I could get Filezilla server to work correctly.
Having done so, I found that using the Filezilla client, I had no problem connecting to the FTP server. Haven't tried other ftp clients yet.
But ..... using IE or Windows Explorer, the issue persists! Frustrating - but it is quite likely that it is an inherent issue brought about by some security updates etc etc.
Having taken more than my fair share of your time, I think I should now move on.
Thanks torimar for your support and help rendered.
0
 

Author Closing Comment

by:garychu
ID: 31673299
Although no direct answer, enough was generated in the exchange to lead me to an indirect solution.
0
 
LVL 35

Expert Comment

by:torimar
ID: 26549251
I'm glad you got things set up, although it is frustrating to know that the original issue persists even with new server software running.

You are quite right in assuming that the underlying problem could be a Windows security issue. I don't use Internet Explorer (in fact, I never did), so I'm no good for relating first-hand experience, but I know that IE 7 introduced a new "security scheme" that makes it nearly impossible to use IE as a client for FTP connections. The usually advised workaround consists in using the Windows explorer instead; since that one doesn't work for you either I have not pursued this line of thought in the current thread. But the clue could very well be somewhere inside this novelty scheme.
On the other hand, using regular FTP clients (or file managers with in-built clients, like Total Commander) for FTP transfers is a good and recommended way to go.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question