FTP connected ... but ... - Unix

This is a discussion on FTP connected ... but ... - Unix ; Hi, I have a problem accessing a particular FTP site from a particular network. I can access other FTP sites from this network and I can access this FTP site from other networks. When I try to connect, I get ...

+ Reply to Thread
Results 1 to 19 of 19

Thread: FTP connected ... but ...

  1. FTP connected ... but ...

    Hi,

    I have a problem accessing a particular FTP site from a particular
    network. I can access other FTP sites from this network and I can
    access this FTP site from other networks.
    When I try to connect, I get back the 'connected to xxx.xxx.xxx.xxx'
    message but it then hangs. I can connect to it from my home machine
    and it continues on to the login. The FTP site admin assures me there
    is no Reverse DNS requirement in action and my network admin assures me
    the Firewall is not the issue. (I can connect to other FTP sites
    successfully anyway)

    I don't know if it is relevant but the FTP site doesn't have a DNS
    entry. I'm trying to connect to the IP address directly.

    Any FTP or network gurus able to cast any light?

    JohnK


  2. Re: FTP connected ... but ...

    In article <1127467935.037413.115760@g43g2000cwa.googlegroups. com>,
    JohnK wrote:
    >
    >
    >Hi,
    >
    >I have a problem accessing a particular FTP site from a particular
    >network. I can access other FTP sites from this network and I can
    >access this FTP site from other networks.
    >When I try to connect, I get back the 'connected to xxx.xxx.xxx.xxx'
    >message but it then hangs. I can connect to it from my home machine
    >and it continues on to the login. The FTP site admin assures me there
    >is no Reverse DNS requirement in action and my network admin assures me
    >the Firewall is not the issue. (I can connect to other FTP sites
    >successfully anyway)
    >
    >I don't know if it is relevant but the FTP site doesn't have a DNS
    >entry. I'm trying to connect to the IP address directly.
    >
    >Any FTP or network gurus able to cast any light?
    >
    >JohnK
    >


    Try passive FTP if your client supports it. There can be firewall
    issues with regular FTP. For some clients

    ftp -p

    will invoke passive mode, or you can try

    ftp
    ftp> passive
    ftp> open wwww.xxxx.yyyy.zzz



    Ted

  3. Re: FTP connected ... but ...

    Ted Nolan wrote:
    > Try passive FTP if your client supports it. There can be firewall
    > issues with regular FTP. For some clients
    >
    > ftp -p
    >
    > will invoke passive mode, or you can try
    >
    > ftp
    > ftp> passive
    > ftp> open wwww.xxxx.yyyy.zzz
    >


    Sun Microsystems Inc. SunOS 5.8 Generic Patch December 2002
    $ ftp -p 193.195.77.150
    ftp: p: unknown option
    $ ftp
    ftp> passive
    ?Invalid command
    ftp>

    No luck with that Ted... thanks anyway.

    JohnK

  4. Re: FTP connected ... but ...

    In article <56SdnVE8-_1BpKneRVnyhg@pipex.net>,
    JohnK wrote:
    >
    >
    >Ted Nolan wrote:
    >> Try passive FTP if your client supports it. There can be firewall
    >> issues with regular FTP. For some clients
    >>
    >> ftp -p
    >>
    >> will invoke passive mode, or you can try
    >>
    >> ftp
    >> ftp> passive
    >> ftp> open wwww.xxxx.yyyy.zzz
    >>

    >
    >Sun Microsystems Inc. SunOS 5.8 Generic Patch December 2002
    >$ ftp -p 193.195.77.150
    >ftp: p: unknown option
    >$ ftp
    >ftp> passive
    >?Invalid command
    >ftp>
    >
    >No luck with that Ted... thanks anyway.
    >
    >JohnK


    Ok, you're on a Sun, and Sun's FTP client dates back to when petroleum
    was on the hoof..

    You can try this then. If you have a web browser like netscape7
    (probably firefox or mozilla as well, but I just checked netscape7)
    on your Sun, it will do passive FTP for you. Use a URL like

    ftp://useridassword@ftp.anywhere.com/

    So, if you need to get file from subdir1 on machine somebox.example.com
    and the user name is fooby with password quiix, use the URL

    ftp://quiix:fooby@somebox.example.com/subdir1

    and see what happens. With luck you will get a directory listing
    that you can click to download files.


    (You could also install a modern FTP client).

    Ted

  5. Re: FTP connected ... but ...

    Just to follow up my own response, when you use an FTP URL

    ftp://useridassword@ftp.anywhere.com/some_path

    if it's an anonymous FTP site, you can leave off the "useridassword" like

    ftp://ftp.anywhere.com/some_path



    Ted

  6. Re: FTP connected ... but ...

    JohnK wrote:
    > Hi,
    >
    > I have a problem accessing a particular FTP site from a particular
    > network. I can access other FTP sites from this network and I can
    > access this FTP site from other networks.
    > When I try to connect, I get back the 'connected to xxx.xxx.xxx.xxx'
    > message but it then hangs. I can connect to it from my home machine
    > and it continues on to the login. The FTP site admin assures me there
    > is no Reverse DNS requirement in action and my network admin assures me
    > the Firewall is not the issue. (I can connect to other FTP sites
    > successfully anyway)


    Sounds like a firewall.... possibly a hosed route.

    You're inbound on port 21, but not outbound.

    This is the sort of thing you see when someone has blocked
    the ports that ftp is trying to respond to.

    Check the inbound rules on the firewall you're trying to
    ftp *from*.

    A static route on the ftp server sending the bits to neverneverland
    could do the same sort of thing... seems like.

    >
    > I don't know if it is relevant but the FTP site doesn't have a DNS
    > entry. I'm trying to connect to the IP address directly.
    >
    > Any FTP or network gurus able to cast any light?
    >
    > JohnK
    >


  7. Re: FTP connected ... but ...

    In article ,
    ted@loft.tnolan.com (Ted Nolan ) wrote:

    > In article <1127467935.037413.115760@g43g2000cwa.googlegroups. com>,
    > JohnK wrote:
    > >
    > >
    > >Hi,
    > >
    > >I have a problem accessing a particular FTP site from a particular
    > >network. I can access other FTP sites from this network and I can
    > >access this FTP site from other networks.
    > >When I try to connect, I get back the 'connected to xxx.xxx.xxx.xxx'
    > >message but it then hangs. I can connect to it from my home machine
    > >and it continues on to the login. The FTP site admin assures me there
    > >is no Reverse DNS requirement in action and my network admin assures me
    > >the Firewall is not the issue. (I can connect to other FTP sites
    > >successfully anyway)
    > >
    > >I don't know if it is relevant but the FTP site doesn't have a DNS
    > >entry. I'm trying to connect to the IP address directly.
    > >
    > >Any FTP or network gurus able to cast any light?
    > >
    > >JohnK
    > >

    >
    > Try passive FTP if your client supports it. There can be firewall
    > issues with regular FTP. For some clients


    The difference between passive and active FTP is only in the data
    connection, not the control connection. He's never getting far enough
    into the FTP protocol for it to matter.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***

  8. Re: FTP connected ... but ...

    In article ,
    base60 wrote:

    > JohnK wrote:
    > > Hi,
    > >
    > > I have a problem accessing a particular FTP site from a particular
    > > network. I can access other FTP sites from this network and I can
    > > access this FTP site from other networks.
    > > When I try to connect, I get back the 'connected to xxx.xxx.xxx.xxx'
    > > message but it then hangs. I can connect to it from my home machine
    > > and it continues on to the login. The FTP site admin assures me there
    > > is no Reverse DNS requirement in action and my network admin assures me
    > > the Firewall is not the issue. (I can connect to other FTP sites
    > > successfully anyway)

    >
    > Sounds like a firewall.... possibly a hosed route.


    No it doesn't. If it were a routing problem, he'd never get connected
    in the first place.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***

  9. Re: FTP connected ... but ...

    base60 wrote:
    > You're inbound on port 21, but not outbound.
    > Check the inbound rules on the firewall you're trying to
    > ftp *from*.


    So would there not need to be a specific firewall entry for this FTP
    server that was in some way broken, in light of the fact that I can
    connect fine to other sites like ftp.sun.com?

    In any case I have already asked our firewall dept to rouse themselves
    and look at that very issue as well asking here.

    > A static route on the ftp server sending the bits to neverneverland
    > could do the same sort of thing... seems like.


    I am on a corporate network and my own IP is a 10.xx.xx.xx address. I
    would have thought this would be NATed and so wouldn't be a problem but
    if the FTP server had a specific 10.xx.xx.xx static route (say for a
    management LAN or backup LAN) then could this be causing my packets to
    go astray?

    JohnK

  10. Re: FTP connected ... but ...


    >>>Hi,
    >>>
    >>>I have a problem accessing a particular FTP site from a particular
    >>>network. I can access other FTP sites from this network and I can
    >>>access this FTP site from other networks.
    >>>When I try to connect, I get back the 'connected to xxx.xxx.xxx.xxx'
    >>>message but it then hangs. I can connect to it from my home machine
    >>>and it continues on to the login. The FTP site admin assures me there
    >>>is no Reverse DNS requirement in action and my network admin assures me
    >>>the Firewall is not the issue. (I can connect to other FTP sites
    >>>successfully anyway)

    >>
    >>Sounds like a firewall.... possibly a hosed route.

    >
    >
    > No it doesn't. If it were a routing problem, he'd never get connected
    > in the first place.


    Let me be more precise: A routing problem on the system to which he
    is trying to ftp -- not the originating system.

    If that were the case, I believe he would get a connection, but not
    receive any indication of the connection... and a snoop on the ftp
    server would show the connection.

    That said, I am speculating and will happily defer if you know
    you're correct.



  11. Re: FTP connected ... but ...

    JohnK wrote:
    > base60 wrote:
    >
    >> You're inbound on port 21, but not outbound.
    >> Check the inbound rules on the firewall you're trying to
    >> ftp *from*.

    >
    >
    > So would there not need to be a specific firewall entry for this FTP
    > server that was in some way broken, in light of the fact that I can
    > connect fine to other sites like ftp.sun.com?


    Firewalls are used to filter traffic and produce lots of strange
    and wonderful effects.

    >
    > In any case I have already asked our firewall dept to rouse themselves
    > and look at that very issue as well asking here.
    >
    >> A static route on the ftp server sending the bits to neverneverland
    >> could do the same sort of thing... seems like.

    >
    >
    > I am on a corporate network and my own IP is a 10.xx.xx.xx address. I
    > would have thought this would be NATed and so wouldn't be a problem but
    > if the FTP server had a specific 10.xx.xx.xx static route (say for a
    > management LAN or backup LAN) then could this be causing my packets to
    > go astray?


    As indicated to my response to Barry, this is speculation that seemed
    to fit what you were seeing.

    You probably should do a snoop on the ftp server to see if you're
    getting a connection and go from there.

  12. Re: FTP connected ... but ...

    In article ,
    base60 wrote:

    > >>Sounds like a firewall.... possibly a hosed route.

    > >
    > >
    > > No it doesn't. If it were a routing problem, he'd never get connected
    > > in the first place.

    >
    > Let me be more precise: A routing problem on the system to which he
    > is trying to ftp -- not the originating system.
    >
    > If that were the case, I believe he would get a connection, but not
    > receive any indication of the connection... and a snoop on the ftp
    > server would show the connection.


    How? In order to get a connection, you have to receive a SYN-ACK in
    response to the SYN you send out. If the server doesn't have a route
    back to you, you'll never get the SYN-ACK.

    However, if there's a proxy firewall involved, the problem could be that
    the firewall accepts the connection immediately, then tries to connect
    to the real server before passing the greeting message through. If
    there's a routing problem between the firewall and the server, you will
    see this symptom.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***

  13. Re: FTP connected ... but ...

    Barry Margolin wrote:
    > In article ,
    > base60 wrote:
    >
    >
    >>>>Sounds like a firewall.... possibly a hosed route.
    >>>
    >>>
    >>>No it doesn't. If it were a routing problem, he'd never get connected
    >>>in the first place.

    >>
    >>Let me be more precise: A routing problem on the system to which he
    >>is trying to ftp -- not the originating system.
    >>
    >>If that were the case, I believe he would get a connection, but not
    >>receive any indication of the connection... and a snoop on the ftp
    >>server would show the connection.

    >
    >
    > How? In order to get a connection, you have to receive a SYN-ACK in
    > response to the SYN you send out. If the server doesn't have a route
    > back to you, you'll never get the SYN-ACK.


    Semantics, issue possibly...

    Agreed, the connection would never be *complete*, because the syn-ack
    would never be received.

    But, the ftp server would have received/responded to the syn... seems
    like this would result in a "hang" on the sending side. Correct?

    Packages like portsentry can and are configured to automatically
    create null/reject/blackhole routes.

    >
    > However, if there's a proxy firewall involved, the problem could be that
    > the firewall accepts the connection immediately, then tries to connect
    > to the real server before passing the greeting message through. If
    > there's a routing problem between the firewall and the server, you will
    > see this symptom.


    Correct... and as I originally noted: "Sounds like a firewall"



  14. Re: FTP connected ... but ...

    In article <02fZe.70316$SL.1379294@twister.southeast.rr.com>,
    base60 wrote:

    > Barry Margolin wrote:
    > > In article ,
    > > base60 wrote:
    > >
    > >
    > >>>>Sounds like a firewall.... possibly a hosed route.
    > >>>
    > >>>
    > >>>No it doesn't. If it were a routing problem, he'd never get connected
    > >>>in the first place.
    > >>
    > >>Let me be more precise: A routing problem on the system to which he
    > >>is trying to ftp -- not the originating system.
    > >>
    > >>If that were the case, I believe he would get a connection, but not
    > >>receive any indication of the connection... and a snoop on the ftp
    > >>server would show the connection.

    > >
    > >
    > > How? In order to get a connection, you have to receive a SYN-ACK in
    > > response to the SYN you send out. If the server doesn't have a route
    > > back to you, you'll never get the SYN-ACK.

    >
    > Semantics, issue possibly...
    >
    > Agreed, the connection would never be *complete*, because the syn-ack
    > would never be received.
    >
    > But, the ftp server would have received/responded to the syn... seems
    > like this would result in a "hang" on the sending side. Correct?


    Correct. It would hang *before* saying "Connected". The OP said that
    he gets that message and *then* it hangs.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***

  15. Re: FTP connected ... but ...

    Barry Margolin wrote:
    > In article <02fZe.70316$SL.1379294@twister.southeast.rr.com>,
    > base60 wrote:
    >
    >
    >>Barry Margolin wrote:
    >>
    >>>In article ,
    >>> base60 wrote:
    >>>
    >>>
    >>>
    >>>>>>Sounds like a firewall.... possibly a hosed route.
    >>>>>
    >>>>>
    >>>>>No it doesn't. If it were a routing problem, he'd never get connected
    >>>>>in the first place.
    >>>>
    >>>>Let me be more precise: A routing problem on the system to which he
    >>>>is trying to ftp -- not the originating system.
    >>>>
    >>>>If that were the case, I believe he would get a connection, but not
    >>>>receive any indication of the connection... and a snoop on the ftp
    >>>>server would show the connection.
    >>>
    >>>
    >>>How? In order to get a connection, you have to receive a SYN-ACK in
    >>>response to the SYN you send out. If the server doesn't have a route
    >>>back to you, you'll never get the SYN-ACK.

    >>
    >>Semantics, issue possibly...
    >>
    >>Agreed, the connection would never be *complete*, because the syn-ack
    >>would never be received.
    >>
    >>But, the ftp server would have received/responded to the syn... seems
    >>like this would result in a "hang" on the sending side. Correct?

    >
    >
    > Correct. It would hang *before* saying "Connected". The OP said that
    > he gets that message and *then* it hangs.


    Yes, I read that... but I've not examined the ftp client code to know
    where in the process it is issued, and users often confuse where they
    saw a particular message... so I thought a route issue worth ruling out.


  16. Re: FTP connected ... but ...

    base60 wrote:
    > Yes, I read that... but I've not examined the ftp client code to know
    > where in the process it is issued, and users often confuse where they
    > saw a particular message... so I thought a route issue worth ruling out.
    >


    Well I'm not offended by the suggestion that I might be confused, but it
    definitely goes in this order -

    Sun Microsystems Inc. SunOS 5.8 Generic Patch December 2002
    $ ftp xxx.xxx.xxx.xxx
    Connected to xxx.xxx.xxx.xxx.

    ... and there it hangs - until I control-C ..

    ^C
    421 Service not available, remote server has closed connection
    ftp>

    I think the suggestion from Barry that the firewall is providing the
    initial connection and then there is a routing problem back from the
    server is worth investigating. It'll be sometime tomorrow before I can
    make enquiries of the FTP site admin.

    JohnK

  17. Re: FTP connected ... but ...

    JohnK wrote:
    > base60 wrote:
    >
    >> Yes, I read that... but I've not examined the ftp client code to know
    >> where in the process it is issued, and users often confuse where they
    >> saw a particular message... so I thought a route issue worth ruling out.
    >>

    >
    > Well I'm not offended by the suggestion that I might be confused,


    No offense intended.

    And anyone who states that he isn't occasionally confused by the
    outcome of computers/networking/etc. is probably not being
    forthcoming :-)

    Since I'm curious, at this point, I set up some various route
    combinations and they do not produce the described situation
    using linux -> [linux|solaris|aix]

    So, probably a firewall... having the ftp server admin snoop
    the connection would tell you a lot.

  18. Re: FTP connected ... but ...

    In article <4GoZe.1813$ua.115583@twister.southeast.rr.com>,
    base60 wrote:

    > Yes, I read that... but I've not examined the ftp client code to know
    > where in the process it is issued, and users often confuse where they
    > saw a particular message... so I thought a route issue worth ruling out.


    The OP wrote: "When I try to connect, I get back the 'connected to
    xxx.xxx.xxx.xxx' message but it then hangs."

    He'd have to be mightily confused to think that he got a message that he
    never actually got. I am willing to give him the benefit of the doubt.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***

  19. Re: FTP connected ... but ...

    Barry Margolin wrote:
    > In article <4GoZe.1813$ua.115583@twister.southeast.rr.com>,
    > base60 wrote:
    >
    >
    >>Yes, I read that... but I've not examined the ftp client code to know
    >>where in the process it is issued, and users often confuse where they
    >>saw a particular message... so I thought a route issue worth ruling out.

    >
    >
    > The OP wrote: "When I try to connect, I get back the 'connected to
    > xxx.xxx.xxx.xxx' message but it then hangs."
    >
    > He'd have to be mightily confused to think that he got a message that he
    > never actually got. I am willing to give him the benefit of the doubt.


    No problem, but I've been involved with too many similar issues to be
    willing to assume much of anything... cynical, I guess

    And, again, note that I did say it was probably a firewall.

+ Reply to Thread