Re: reality check: passive FTP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I think calling all ISP's that name is a general overstatement.
Obviously the tech you had on the phone wasn't well educated.
It actually looks more like a problem with the server you are connecting
to. The client is giving the server commands and the server doesn't
understand them. I don't have much experience with Windows FTP servers,
but that looks like the exact problem. I would call their tech support
and one of your trusted friends and have them try to login with the
credentials you have. If they have the same problem then it's the ISP's
fault. If they have no problems... well... enough said.
troubleshoot, troubleshoot, troubleshoot... then you can call them up
and bitch them out.
martin f krafft wrote:
> A client of mine has its web site hosted with an ISP [0], accessible
> by FTP.
>
> 0. ISP is a well-known acronym for Incompetent Stupid Poopyheads.
>
> I cannot establish a data connection, even though I can log in fine.
> The ISP told me I have to use passive mode, and so I did... but
> I cannot get a directory listing in either passive or active mode,
> from any of five machines I tried, in .de, .ch, .us, .jp, and .au,
> using any of ncftp, lftp, w3m, lynx, or even <gasp> Firefox.
>
> This is what happens:
>
> 0.000000 local -> remote TCP 46667 > 21 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=4666862 TSER=0 WS=7
> 0.025744 remote -> local TCP 21 > 46667 [SYN, ACK] Seq=0 Ack=1 Win=17424 Len=0 MSS=1452 WS=0 TSV=0 TSER=0
> 0.025974 local -> remote TCP 46667 > 21 [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=4666868 TSER=0
> 0.047752 remote -> local FTP Response: 220 web2 Microsoft FTP Service (Version 5.0).
> 0.047918 local -> remote TCP 46667 > 21 [ACK] Seq=1 Ack=48 Win=5888 Len=0 TSV=4666874 TSER=5920474
> 0.048021 local -> remote FTP Request: USER XXXXXXXX
> 0.087749 remote -> local FTP Response: 331 Password required for XXXXXXXX.
> 0.087994 local -> remote FTP Request: PASS YYYYYYYY
> 0.116722 remote -> local FTP Response: 230-FTP LCM WEB2
> 0.156453 local -> remote TCP 46667 > 21 [ACK] Seq=29 Ack=102 Win=5888 Len=0 TSV=4666901 TSER=5920476
> 0.179720 remote -> local FTP Response: 230 User XXXXXXX logged in.
> 0.179899 local -> remote TCP 46667 > 21 [ACK] Seq=29 Ack=131 Win=5888 Len=0 TSV=4666907 TSER=5920476
> 0.180013 local -> remote FTP Request: PWD
> 0.222725 remote -> local FTP Response: 257 "/XXXXXXX" is current directory.
> 0.222999 local -> remote FTP Request: FEAT
> 0.245703 remote -> local FTP Response: 500 'FEAT': command not understood
> 0.245906 local -> remote FTP Request: HELP SITE
> 0.278718 remote -> local FTP Response: 214 Syntax: SITE (site-specific commands)
> 0.279064 local -> remote FTP Request: CLNT NcFTP 3.1.9 linux-x86_64
> 0.301696 remote -> local FTP Response: 500 'CLNT NcFTP 3.1.9 linux-x86_64': command not understood
> 0.340466 local -> remote TCP 46667 > 21 [ACK] Seq=82 Ack=309 Win=5888 Len=0 TSV=4666947 TSER=5920477
> 23.286210 local -> remote FTP Request: PASV
> 23.309130 remote -> local FTP Response: 227 Entering Passive Mode (212,117,207,139,5,175).
> 23.309355 local -> remote TCP 46667 > 21 [ACK] Seq=88 Ack=361 Win=5888 Len=0 TSV=4672689 TSER=5920707
> 23.311491 local -> remote TCP 38486 > 1455 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=4672689 TSER=0 WS=7
> 26.312900 local -> remote TCP 38486 > 1455 [SYN] Seq=0 Ack=0 Win=747520 Len=0 MSS=1460 TSV=4673439 TSER=0 WS=7
> 32.313003 local -> remote TCP 38486 > 1455 [SYN] Seq=0 Ack=0 Win=747520 Len=0 MSS=1460 TSV=4674939 TSER=0 WS=7
> 43.313278 local -> remote FTP Request: LIST
> 43.531005 remote -> local TCP 21 > 46667 [ACK] Seq=361 Ack=94 Win=17331 Len=0 TSV=5920910 TSER=4677689
> 44.313204 local -> remote TCP 38486 > 1455 [SYN] Seq=0 Ack=0 Win=747520 Len=0 MSS=1460 TSV=4677939 TSER=0 WS=7
> 55.444176 remote -> local FTP Response: 425 Can't open data connection.
> 55.444390 local -> remote TCP 46667 > 21 [ACK] Seq=94 Ack=394 Win=5888 Len=0 TSV=4680722 TSER=5921028
>
> I can access sites like ftp.gnu.org just fine, and given this fact
> and the above output, I conclude that it's the remote firewall which
> doesn't let the RELATED SYN for port 1455 through.
>
> However, the ISP proved to me that it works from the outside (make
> sure you're sitting before reading on): he put the receiver with me
> on the other end on the table and called up another customer on
> another line, asked them to log in to the machine (I could hear all
> they said), passing out the username/password to the other customer
> (I opposed, but wasn't heard), and heard how the customer read out
> the directory listing, which the ISP confirmed, so apparently it
> works for them.
>
> Before I go raise hell and high waters, could you please confirm
> that I am not smoking anything if I conclude that their Firewall
> must have an exception for the other client to allow FTP traffic?
> Mine certainly do not have an exception to deny FTP traffic only
> for this host...
>
> Cheers,
>
- --
Greg Ryman
Network Engineering Supervisor
Candylogic, LLC.
Email: gregr@candylogic.com
Office: 949-916-4444 x.203
Cell: 714-585-7312
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
iD8DBQFE9Iq93nq9k6G+PM0RAkBKAKCdzQxzq6IO+9dGUAFOMP4ajcbSDACdE2D0
VhiC1ojC0uQM5uP1FxmghfM=
=qKoM
-----END PGP SIGNATURE-----
Reply to: