$ ftp external.site.on.internet.com 39000
Connected to external.site.on.internet.com
Name (external.site.on.internet.com:user1): user1
331 Password required for user1.
Password:
ftp> dir
150 ASCII data connection (192,168,29,1,211,181 ).
Hangs here
Any command like dir or get or put would hang. However if we executed the very same commands from our laptops, it worked fine. Clearly something was blocking it. I did a network trace of connections through Wireshark and found that ftp was actually using two ports: 39000 and 39001. An explanation of this behavior is given in RFC 1579:
The FTP protocol [1] uses a secondary TCP connection for actualHowever the ftp server did not support passive mode. Since the network trace gave us the information that two ports were being used, we have requested for firewall to be opened for incoming traffic from this site on those two ports. I'll update the post, once this gets done.
transmission of files. By default, this connection is set up by an
active open from the FTP server to the FTP client. However, this
scheme does not work well with packet filter-based firewalls, which
in general cannot permit incoming calls to random port numbers.
If, on the other hand, clients use the PASV command, the data channel
will be an outgoing call through the firewall. Such calls are more
easily handled, and present fewer problems.
Posts
1 comment:
having the same problem. Removed ACL from the firewall interface and opened it to any, but still won't work. Defined ip inspect rules in the firewall. But no luck
Post a Comment