[Tfug] ftp problems

Jim Secan jim at nwra.com
Fri May 2 14:36:54 MST 2008 

I suspect what you describe is at the core of this problem.  Issue is how
to fix it.  Again, the fact that there are a number of servers that the
problem starts with all of a sudden points to a problem on my end (or
between my LAN and my ISP, through their firewall).  I'll try the pasv
toggle when I'm back in my office.

Thanks.
Jim

Choprboy wrote:
> There are 2 different things that need to be looked at/fixed. Both are
> related
> to the same thing. First, are all of these FTP servers actually directly
> connected, or are some NAT'd behind their own firewalls? The biggest
> problem
> is with broken connection tracking on one or the other firewall which
> doesn;t
> follow the FTP stream correctly. FTP, unlike most all other protocols,
> uses 2
> network streams, a command stream to the well known port 21, and a data
> stream to an arbitrary port number. The active/passive mode determines
> which
> side initiates this second stream. The connection tracking on the firewall
> needs to snoop the command stream looking for the requests to open the
> data
> stream and the dest NAT the appropriate port when the connection comes in.
> Usually, when some FTP work, and some doesn't, in certain modes, it i
> becaus
> both sides are behind firewalls, and 1 side is not doing connection
> tracking.
>
> Second, I have not seen a Linux FTP utility that does not do both active
> and
> passive modes... The command is the same, "passive" or "pasv". The command
> toggles passive mode on/off, just repeat the command.
>
> Adrian
>
>
>
> On Friday 02 May 2008 08:11, Jim Secan wrote:
>> I'm having sporadic problems with ftp (fetching files from remote
>> servers)
>> that may be a problem caused by my ditz ISP.  The primary sympton is
>> that,
>> for reasons unknown, all ftp that I attempt to certain sites from a
>> Linux
>> (CentOS) box hang when I get the point where data (files or directory
>> lists) are to be transferred back to me.  All of these are in passive
>> mode,
>> which appears to be the only mode that the Linux version of ftp
>> "speaks."
>> When I go to my Solaris box, which has an older ftp that doesn't know
>> about
>> passive mode, things work fine.  Things will work fine for a week or
>> more,
>> and then will stop working again.  This is to different servers in very
>> different locations, so I suspect the problem is at my end somewhere.
>> There have been no changes to any of my systems.  [The reason I suspect
>> my
>> ISP is that an ISP-owned firewall/router sits in my office over which I
>> have no/zip/nada control.  They have four times now changes rules and
>> firmware on this beast without notice which caused problems for me.  I'm
>> solving that particular problem by ditching this ISP once their contract
>> is
>> up.]
>>
>> So, is this a familiar problem?  I've checked port blocking, and both
>> ftp
>> ports appear to be OK on the firewall, at least as far as I can tell by
>> my
>> limited view into the firewall settings.  The ISP has been no/zip/nada
>> help
>> with this.
>>
>> Jim
>> *---------------------*-------------------------------*
>>
>> | Jim Secan           | Northwest Research Assoc, Inc |
>> | (jim at nwra.com)      | 2455 E. Speedway, Suite 204   |
>> | (520) 319-7773      | Tucson, Arizona 85719         |
>>
>> *---------------------*-------------------------------*
>>
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>

More information about the tfug mailing list