login about faq

We use the Chilkat FTP2 component in our application. One of our clients uses our application in a company network with a firewall to communicate with our server. In this case FTP2 constantly breaks off communication after the PASV response of our server. We added the PassiveUseHostAddr = true because it could be related to our problem, but no success. Below a part of our FTP-sessionlog:

TYPE I
200 Type set to I
SYST
215 UNIX Type: L8
FEAT
211-Features:
 MDTM
 MFMT
 LANG ru-RU;zh-CN;ko-KR;bg-BG;zh-TW;ja-JP;fr-FR;it-IT;en-US
 TVFS
 UTF8
 AUTH TLS
 MFF modify;UNIX.group;UNIX.mode;
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
OPTS UTF8 ON
200 UTF8 set to on
CWD .
250 CWD command successful
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
PASV
227 Entering Passive Mode (141,138,168,115,140,102).

On this point the communication stops. We expected to see the RETR command but it is not send!

Please advise how to solve this issue.

asked Oct 27 '15 at 08:33

DNT_Chris's gravatar image

DNT_Chris
1

edited Oct 27 '15 at 13:44

jpbro's gravatar image

jpbro ♦
1.1k2618


Be sure that firewall allows the port range that the server has said that it will use, normally 28000 to 30000. The server has to have this set too.

link

answered Oct 28 '15 at 12:08

cdlvj130's gravatar image

cdlvj130
9691017

Problem is solved. Users Company Firewall is using deep code inspection to determine which port to open when client initiates a passive connection. Because we used TLS encryption, the ip-port is no longer recognised by the firewall and therefore the port is not opened. Result: the connection was rejected!

link

answered Oct 29 '15 at 11:36

DNT_Chris's gravatar image

DNT_Chris
1

I often have to explain to firewall administrators why they have to open a fixed range for passive mode transfers in situations identical to the one you describe. Always a struggle unfortunately and in some Companies it is a very slow process. I am working on skipping FTP transfers entirely in favor of a secure mechanism that will always work out-of-the-box.

(Oct 29 '15 at 14:03) roan98dk

Thanks! That make sense. Also see this for future reference: http://www.cknotes.com/determining-ftp2-connection-settings/

link

answered Oct 29 '15 at 11:40

chilkat's gravatar image

chilkat ♦♦
11.8k316358420

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×131
×2

Asked: Oct 27 '15 at 08:33

Seen: 590 times

Last updated: Oct 29 '15 at 14:03

powered by OSQA