12-25-2012, 05:27 PM
|
#1 |
|
MVP
Join Date: Apr 2002
Location: Korat, Thailand
Posts: 2,046
|
FTP and Passive Mode
I have some web cam software that uses FTP to transfer web cam images to a server. This stopped working last Friday afternoon with what looked like timeout errors.
I tried connecting to the server via the command line and got lots of errors like this: Code:
331 User mgnewman OK. Password required Password: 230 OK. Current restricted directory is / Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 200 PORT command successful 425 Could not open data connection to port 55477: Connection refused When I switched to passive mode, things worked just fine. I contacted the host and they insist that nothing had changed on their end. I have access to other servers with which I use FTP and they continue to work fine without using passive mode. Why is it that I need to use passive mode with one host, but not with any others? I don't have any firewall active on my side. The router is an Airport Extreme. It seems that if it were something with the ISP it would affect all servers, not just the one.
__________________
http://www.mgnewman.com/ |
|
|
|
12-27-2012, 03:47 AM
|
#2 |
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
This explains the difference: http://slacksite.com/other/ftp.html
|
|
|
|
|
12-27-2012, 06:08 PM
|
#3 | |||||||||||||||||||
|
MVP
Join Date: Apr 2002
Location: Korat, Thailand
Posts: 2,046
|
No matter. I think I understand the difference. But I can't explain why active mode works with every server but one. If a firewall or other port blocking were involved, then it would affect connections with every FTP server, not just one.
__________________
http://www.mgnewman.com/ |
|||||||||||||||||||
|
|
|
|
12-28-2012, 04:08 AM
|
#4 |
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
Not if both sides are firewalled (client and server) for that particular host.
|
|
|
|
|
12-28-2012, 04:12 AM
|
#5 | |||||||||||||||||||||||
|
MVP
Join Date: Apr 2002
Location: Korat, Thailand
Posts: 2,046
|
So that would mean that this particular host would have had to install a firewall at the time I stopped being able to use active mode, right? But they absolutely insist that no changes whatsoever have been made on their end. On my side, I have no firewall, just NAT on the Airport Extreme. It seems to work fine with active mode ftp on other hosts.
__________________
http://www.mgnewman.com/ |
|||||||||||||||||||||||
|
|
|
|
12-28-2012, 04:15 AM
|
#6 | |||||||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
With active mode it's the server that connects back to the client. So it's the client's firewall that interfering. Sitting behind a router (using NAT) this will never work unless the router is able to dynamically adjust itself when it detects an FTP session. Most home routers don't. Cisco has a "fixup ftp" for this. No idea about an Airport. |
|||||||||||||||||||||||
|
|
|
|
12-28-2012, 04:19 AM
|
#7 |
|
MVP
Join Date: Apr 2002
Location: Korat, Thailand
Posts: 2,046
|
Well, the Airport Extreme works fine with active FTP and the two other hosts that I use regularly. It also worked fine with this particular host until last Friday afternoon. In fact, none of the routers I've had over the past few years (Linksys, Buffalo and now AE) have had any problem with active FTP.
__________________
http://www.mgnewman.com/ |
|
|
|
|
12-28-2012, 05:00 AM
|
#8 |
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
I'm quite sure it was passive, not active, FTP.
|
|
|
|
|
12-28-2012, 05:23 AM
|
#9 |
|
MVP
Join Date: Apr 2002
Location: Korat, Thailand
Posts: 2,046
|
Server A: Active mode works fine.
Code:
Bleach:~ mnewman$ ftp korathhh.com Connected to korathhh.com. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 19:15. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. 500 This security scheme is not implemented Name (korathhh.com:mnewman): korathhh 331 User korathhh OK. Password required Password: 230 OK. Current restricted directory is / Remote system type is UNIX. Using binary mode to transfer files. ftp> passive Passive mode on. ftp> passive Passive mode off. ftp> cd www 250 OK. Current directory is /www ftp> get hash.css local: hash.css remote: hash.css 200 PORT command successful 150 Connecting to port 56303 226-File successfully transferred 226 0.000 seconds (measured here), 39.23 Mbytes per second 3207 bytes received in 0.0078 seconds (4e+02 Kbytes/s) Code:
ftp> open mgnewman.com Connected to mgnewman.com. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 2 of 50 allowed. 220-Local time is now 19:18. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. 500 This security scheme is not implemented Name (mgnewman.com:mnewman): mgnewman 331 User mgnewman OK. Password required Password: 230 OK. Current restricted directory is / Remote system type is UNIX. Using binary mode to transfer files. ftp> passive Passive mode on. ftp> passive Passive mode off. ftp> cd www 250 OK. Current directory is /www ftp> get album.html local: album.html remote: album.html 200 PORT command successful 425 Could not open data connection to port 54224: Connection refused Code:
ftp> passive Passive mode on. ftp> get album.html local: album.html remote: album.html 227 Entering Passive Mode (124,217,242,80,78,93) 150 Accepted data connection 226-File successfully transferred 226 0.027 seconds (measured here), 89.10 Kbytes per second 2453 bytes received in 0.032 seconds (75 Kbytes/s) Note that both of these sessions were behind an Airport Extreme with NAT.
__________________
http://www.mgnewman.com/ |
|
|
|
|
12-28-2012, 07:24 AM
|
#10 |
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
Did you perhaps forward a bunch of ports on your Airport?
|
|
|
|
|
12-28-2012, 04:20 PM
|
#11 | |||||||||||||||||||||||
|
MVP
Join Date: Apr 2002
Location: Korat, Thailand
Posts: 2,046
|
A handful. Certainly not enough to account for this behavior. Active FTP always works on Server A and always fails on Server B.
__________________
http://www.mgnewman.com/ |
|||||||||||||||||||||||
|
|
|
|
12-28-2012, 05:33 PM
|
#12 |
|
MVP
Join Date: Apr 2002
Location: Korat, Thailand
Posts: 2,046
|
Keep in mind that I was able to use active FTP on server B for many years. That ability stopped at exactly 3:24 PM (Indochina Time) on Friday, December 21st.
I can mark the time that precisely because that's the time of the last image my web cam software was able to upload to the server using active FTP. It does the upload every two minutes. As soon as I configured that software to use passive FTP the uploads resumed. So, what could have happened at 3:24 PM on that Friday? It was nothing here, because I wasn't even home. I didn't discover the problem until a few days later when I received email telling me that my web cam was stuck on an old image.
__________________
http://www.mgnewman.com/ |
|
|
|
|
12-29-2012, 05:20 PM
|
#13 |
|
MVP
Join Date: Apr 2002
Location: Korat, Thailand
Posts: 2,046
|
No clues, eh?
I guess it will remain one of life's little mysteries....
__________________
http://www.mgnewman.com/ |
|
|
|
 |
| Thread Tools | |
| Display Modes | Rate This Thread |
|
|
Linear Mode
