[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FTPAPI

To: ftpapi@xxxxxxxxxxxxx
Subject: Re: FTPAPI
From: Scott Klement <klemscot@xxxxxxxxxxxx>
Date: Mon, 23 Aug 2004 11:09:50 -0500 (CDT)
In-reply-to: <008d01c4890f$8ae8e4d0$01010a0a@ECook>
References: <20040813171310.S30194@grungy.dstorm.net> <008d01c4890f$8ae8e4d0$01010a0a@ECook>
Reply-to: ftpapi@xxxxxxxxxxxxx
Sender: owner-ftpapi@xxxxxxxxxxxxx

Sender: Scott Klement <klemscot@xxxxxxxxxxxx>


Hi Elbert,

> I connect to their FTP server and get a secure connection on port 20021.
> I supply or userid and password.
>
> If I do a DIR or PUT, the connection eventually times-out.

This is a firewall issue.    Each time you try to do a "DIR" or "LS" or
transfer a file (either PUT or GET) it makes a separate connection to the
server.

In passive mode, the server tells the FTP program what port to connect to,
and then the FTP program connects to the server's port, receives/sends the
file or directory list, and disconnects.

In standard (non-passive, or "active") mode FTP, the client actually sends
a port number to the server, and the server makes a connection back to the
client.

Your firewall isn't allowing these connections through, and that's why the
timeout is occurring.

To troubleshoot this further.

a) Start an FTP session.  After you've typed the userid and password, type
    DEBUG 1

b) type DIR.  It should show something like this:

  > DIR
    >>> PASV
    227 Entering Passive Mode (192,168,5,7,192,0)

  The word "PASV" means that you're working in passive mode.
  The numbers in parenthesis are the IP address and port that the client
  is attempting to connect to.   In this example, the IP address is
  192.168.5.7.  It should be the same address as the FTP server.  The
  final numbers are the two bytes that make up the port number.
  192 * 256 + 0 = 49152, so it's attempting to connect to port 49152 on
  the FTP server.

c) Here's a standard FTP example of the same thing:

 > dir
   >>> PORT 192,168,5,4,55,157
   200 PORT command successful.

 In standard FTP, the FTP client is sending an IP address and port and it
 expects the server to connect back.  So this time, it'll be an INCOMING
 firewall rule that needs to be added (which is why passive is the
 default, so that people don't need to open more incoming ports)

 the number following the "PORT" subcommand is, again, the IP addess
 followed by 2 bytes for the port. In this case, the port is
 55 * 256 + 157 = 14237

The really fun part about it is that the port number can/will be different
with every file transfer or directory listing.  Usually, there's a range
of port numbers that's used, but on a busy FTP server, that can be a very
large range.

Good Luck

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------

Follow-Ups:
- Re: FTPAPI
  - From: Elbert Cook
- Re: FTPAPI
  - From: Elbert Cook

References:
- FTPAPI 2.0-beta. Please Test!
  - From: Scott Klement
- Re: FTPAPI
  - From: Elbert Cook

Prev by Date: Re: FTPAPI
Next by Date: Re: FTPAPI
Previous by thread: Re: FTPAPI
Next by thread: Re: FTPAPI
Index(es):
- Date
- Thread