FTP client ls command fail with few client only
We have an ftp server behind a firewall and a load balancer. Before, everything was working fine and all our client was able to connect, list and retrieve information without problem.
Chronology:
1- We made a update of the firmware of the load balancer Thursday.
2- In the weekend we got an electric failure and we discover that our secondary link did not relay as expected.
3- So we investigate and found that our DNS did not point to the correct secondary link so we changed it.
After that, some problems appear when using the secondary(207.x.x.x) link with FTP in active mode only (passive mode was working) so we put the DNS back to normal but the problem still continue. At this moment, ftp work correctly on the primary link.
We contact our load balancer provider and he put a persist trigger on port 21 and it fix the problem for almost all client except 2 of them (for those, active and passive do not work for the LS command it hang and we got a "time out").
The weird things is that I create another FTP Server and I tried through the secondary link from the client where it doesn't work and it work on my new server?
Our settings:
On the load balancer, there is two different link :
- The first one (205.x.x.x)(main link) have a C class (255 ip)
- The secondary (207.x.x.x) as 16 ip.
FTP server is IIS. Client is ftp from command line.
FTP fail at the LS time only. We can connect correctly but when we do a LS, we got "DATA connection failed".
If you need more details, just ask. Thanks a lot.
Chronology:
1- We made a update of the firmware of the load balancer Thursday.
2- In the weekend we got an electric failure and we discover that our secondary link did not relay as expected.
3- So we investigate and found that our DNS did not point to the correct secondary link so we changed it.
After that, some problems appear when using the secondary(207.x.x.x) link with FTP in active mode only (passive mode was working) so we put the DNS back to normal but the problem still continue. At this moment, ftp work correctly on the primary link.
We contact our load balancer provider and he put a persist trigger on port 21 and it fix the problem for almost all client except 2 of them (for those, active and passive do not work for the LS command it hang and we got a "time out").
The weird things is that I create another FTP Server and I tried through the secondary link from the client where it doesn't work and it work on my new server?
Our settings:
On the load balancer, there is two different link :
- The first one (205.x.x.x)(main link) have a C class (255 ip)
- The secondary (207.x.x.x) as 16 ip.
FTP server is IIS. Client is ftp from command line.
FTP fail at the LS time only. We can connect correctly but when we do a LS, we got "DATA connection failed".
If you need more details, just ask. Thanks a lot.
The clients could be using different implementations of the "ls" verb.
What I'm trying to say is that ls is not an FTP protocol command, it is an FTP client command. One of the clients might be sending the protocol command LIST and the other sending MLSD.
Also, being able to connect but not send files or list directories is the classic symptom of an FTP connection where the control channel (port 21) is fine but the data channel (#### > 1024) is blocked.
In Active Mode, your server opens the data channel on the client's machine. They'll tell you which port to connect to by sending the PORT command.
In Passive Mode, the client sends PASV to request that your server allow them, the client, to open a data channel port on the server. The server's affirmative response to PASV specifies which port the client should use.
So it is active or passive from the point of view of the server, in active mode the server opens a connection back on the client and in passive mode the client opens a connection to the server.
What I'm trying to say is that ls is not an FTP protocol command, it is an FTP client command. One of the clients might be sending the protocol command LIST and the other sending MLSD.
Also, being able to connect but not send files or list directories is the classic symptom of an FTP connection where the control channel (port 21) is fine but the data channel (#### > 1024) is blocked.
In Active Mode, your server opens the data channel on the client's machine. They'll tell you which port to connect to by sending the PORT command.
In Passive Mode, the client sends PASV to request that your server allow them, the client, to open a data channel port on the server. The server's affirmative response to PASV specifies which port the client should use.
So it is active or passive from the point of view of the server, in active mode the server opens a connection back on the client and in passive mode the client opens a connection to the server.
ASKER
No, I don't tried the Filezilla client cause I have to be able with the FTP command Line. The program that I have to use for the FTP use the ftp command only. And I can't install anything on the client side.
The server receive the LIST command. He try to respond with 150 Opening ASCII Mode... After the I got 425 Can't open data connection.
I tried ls and dir command on the client side. One give the command NLST and the other give LIST. Both doesn't work. But if I go on the primary link, both work.
Active and passive doesn't work. I can connect, login, cd, but I can't get the LS to work.
The server receive the LIST command. He try to respond with 150 Opening ASCII Mode... After the I got 425 Can't open data connection.
I tried ls and dir command on the client side. One give the command NLST and the other give LIST. Both doesn't work. But if I go on the primary link, both work.
Active and passive doesn't work. I can connect, login, cd, but I can't get the LS to work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
You should run Network Monitor trace and capture it on both client PC and the FTP server while running the LS command on the client to check whether the server is receiving the directory listing command and vice versa?