Blog dedicated to Oracle Applications (E-Business Suite) Technology; covers Apps Architecture, Administration and third party bolt-ons to Apps

Thursday, April 3, 2008

150 Opening ASCII mode data connection hangs

I was asked to investigate an ftp issue in one of our test environments. ftp was being done through a concurrent program which was connecting to an external site and sending files:


$ ftp external.site.on.internet.com 39000

Connected to external.site.on.internet.com

Name (external.site.on.internet.com:user1): user1

331 Password required for user1.

Password:

ftp> dir

150 ASCII data connection (192,168,29,1,211,181 ).

Hangs here

Any command like dir or get or put would hang. However if we executed the very same commands from our laptops, it worked fine. Clearly something was blocking it. I did a network trace of connections through Wireshark and found that ftp was actually using two ports: 39000 and 39001. An explanation of this behavior is given in RFC 1579:

   The FTP protocol [1] uses a secondary TCP connection for actual
transmission of files. By default, this connection is set up by an
active open from the FTP server to the FTP client. However, this
scheme does not work well with packet filter-based firewalls, which
in general cannot permit incoming calls to random port numbers.

If, on the other hand, clients use the PASV command, the data channel
will be an outgoing call through the firewall. Such calls are more
easily handled, and present fewer problems.
However the ftp server did not support passive mode. Since the network trace gave us the information that two ports were being used, we have requested for firewall to be opened for incoming traffic from this site on those two ports. I'll update the post, once this gets done.

1 comment:

Lonely_life said...

having the same problem. Removed ACL from the firewall interface and opened it to any, but still won't work. Defined ip inspect rules in the firewall. But no luck