Problems with ftp

<newbie alert>
I have a problem connecting to and issuing commands at a ftp-server.'
The ftp server is Windows based and requires active ftp. I have a
linux pc with Fedora (FC1).
PS: If I do the same ftp-command in DOS from a Windows XP box
on the same LAN and connect to the same server I have no problems.

I can log in without problems, but at the instant I try to issue a command
I get error messages and it hangs. Here is a log of what happens (ip-
address replaced by aaa.bbb.ccc.ddd):
===
[mylocalusername@dhcppc1 ~]$ ftp -d www.mysite.com
Connected to www.mysite.com (aaa.bbb.ccc.ddd).
220 iis11 Microsoft FTP Service (Version 4.0).
Name (www.mysite.com:mylocalusername): myusernameatftpserver
---> USER myusernameatftpserver
331 Password required for myusernameatftpserver.
Password:
---> PASS XXXX
230-Welcome to blablabla
230 User myusernameatftpserver logged in.
---> SYST
215 Windows_NT version 4.0
Remote system type is Windows_NT.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (aaa,bbb,ccc,ddd,9,202).

[program hangs and must be CTRL-C'ed]
===
A "nmap localhost" command at my Linux-box:

[mylocalusername@dhcppc1 ~]$ nmap localhost

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-11-30 08:33 CET
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1651 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
32770/tcp open sometimes-rpc3
32771/tcp open sometimes-rpc5

Nmap run completed -- 1 IP address (1 host up) scanned in 0.706 seconds
===

1) When I do for example "ls" it seems that the program forces PASV even if
I do
not specify this since I have been told that I need to use ACTIVE for
this server. Why does this happen?

2) What are the 9 and 202 after my IP-address in the
"Entering Passive Mode ..."-command?

Any clues what might be wrong? Any easy workarounds?

Borge
</newbie alert>

"B H" <check4junk@gmail.com> wrote in news:NaXqd.10265$rh1.254959
@news2.e.nsc.no:

> 230 User myusernameatftpserver logged in.
> ---> SYST
> 215 Windows_NT version 4.0
> Remote system type is Windows_NT.
> ftp> ls
> ftp: setsockopt (ignored): Permission denied
> ---> PASV
> 227 Entering Passive Mode (aaa,bbb,ccc,ddd,9,202).


Try doing a "dir" instead of "ls"?
Just guessing.

Gandalf Parker

"Gandalf Parker" <gandalf@most.of.my.favorite.sites> wrote in message
news:Xns95B25CA972DC4gandalfparker@208.201.224.154 ...
> Try doing a "dir" instead of "ls"?
> Just guessing.

It didn't help. Last night I even tried using ftp through a GUI...in this
case gFtp. Even switching between passive and active did not give
me any solution....it seems to hang anyway.

So I am getting desperate now.
As I have said before a Window XP box at the same LAN can
do ftp to the same ftp-server without problems. So the problem
must be isolated to my Linux.box and not my Firewall Router.
I still wonder what those numbers 9 and 202 in this error message
means though. Port numbers?:

227 Entering Passive Mode (aaa,bbb,ccc,ddd,9,202).

Borge

>I still wonder what those numbers 9 and 202 in this error message
>means though. Port numbers?:
>
>227 Entering Passive Mode (aaa,bbb,ccc,ddd,9,202).

I'm pretty sure they are the port number.

Network geeks usually use tcpdump to look at things like
this when they run out of other ideas.

--
The suespammers.org mail server is located in California. So are all my
other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's. I hate spam.

Hal Murray wrote:

>>I still wonder what those numbers 9 and 202 in this error message
>>means though. Port numbers?:
>>
>>227 Entering Passive Mode (aaa,bbb,ccc,ddd,9,202).
>
> I'm pretty sure they are the port number.
>
> Network geeks usually use tcpdump to look at things like
> this when they run out of other ideas.
>

They are the port number, I believe it's 9*256+202 = 2506.
Are you sure there's no firewall blocking these ports... Possibly your WinXP
software uses another range of ports, that are open in your firewall...

More info on FTP:
http://slacksite.com/other/ftp.html

prompt

"Davide Bianchi" <davideyeahsure@onlyforfun.net> wrote in message
news:slrncqoh2g.1fi.davideyeahsure@fogg.onlyforfun .net...
> On 2004-11-30, B H <check4junk@gmail.com> wrote:
> > So this means I should use "ftp -a" to force active?

I installed ncftp because it can force active mode and ran a test.
I ran into the same problems. I have configured ncftp to force
active mode by issuing "passive=OFF" in the prefs-file.

Anyone spot the problem here?

"Could not accept a data connection: Connection timed out.

425: Can't open data connection."

As I have said before ftp works on an XP box behind same firewall
using ftp.exe.


====TRACE OF NCFTP ACTIVE MODE===
SESSION STARTED at: 2004-12-07 00:17:13 CET +0100
Program Version: NcFTP 3.1.8/167 Jul 27 2004, 03:31 PM
Library Version: LibNcFTP 3.1.8 (May 26, 2004)
Process ID: 3412
Platform: linux-x86
Hostname: (rc=-2)
Terminal: xterm
00:17:13 Fw: firewall.domain.com Type: 0 User: c4n Pass: ******** Port:
21
00:17:13 FwExceptions: .probe.net,localhost,foo.bar.com,localdomain
00:17:13 NOTE: Your domain name could not be detected.
00:17:13 Resolving www.myftpdestination.com...
00:17:13 Connecting to www.myftpdestination.com...
00:17:13 LibNcFTP 3.1.8 (May 26, 2004) compiled for linux-x86
00:17:13 Uname: Linux|dhcppc1|2.6.9-1.667|#1 Tue Nov 2 14:41:25 EST
2004|i686
00:17:13 Glibc: 2.3.3 (stable)
00:17:13 Remote server is running Microsoft FTP Service.
00:17:13 Logging in...
00:17:13 220: iis11 Microsoft FTP Service (Version 4.0).
00:17:13 Connected to www.myftpdestination.com.
00:17:13 Cmd: USER myusername
00:17:13 331: Password required for myusername.
00:17:13 Cmd: PASS xxxxxxxx
00:17:14 Logging in...
00:17:14 230: Welcome to myisp Business Solutions AS shared windows hosting
platform.
00:17:14 Find more information about myisp Business Solutions AS
products on www.myisp.no/bedrift/
00:17:14
00:17:14 See our Web-support FAQ pages at http://webfaq.myisp.net
00:17:14 User myusername logged in.
00:17:14 Cmd: PWD
00:17:14 257: "/myusername" is current directory.
00:17:14 Logged in to www.myftpdestination.com as myusername.
00:17:14 Cmd: FEAT
00:17:14 500: 'FEAT': command not understood
00:17:14 Cmd: HELP SITE
00:17:14 214: Syntax: SITE (site-specific commands)
00:17:14 Logged in to www.myftpdestination.com.
00:17:14 Cmd: CLNT NcFTP 3.1.8 linux-x86
00:17:14 500: 'CLNT NcFTP 3.1.8 linux-x86': command not understood
00:17:17 > ls

00:17:17 Cmd: PORT 192,168,1,34,128,47
00:17:17 200: PORT command successful.
00:17:17 Cmd: LIST
00:17:17 150: Opening ASCII mode data connection for /bin/ls.
00:17:37 Could not accept a data connection: Connection timed out.
00:17:43 > bye

00:17:43 Cmd: QUIT
00:18:06 425: Can't open data connection.
SESSION ENDED at: Tue Dec 7 00:18:06 2004
=======================================

Borge

B H wrote:
> I installed ncftp because it can force active mode and ran a test.
> I ran into the same problems. I have configured ncftp to force
> active mode by issuing "passive=OFF" in the prefs-file.
>
> Anyone spot the problem here?
>
> "Could not accept a data connection: Connection timed out.
>
> 425: Can't open data connection."

Well it is in active mode now, at least.

> 00:17:17 Cmd: PORT 192,168,1,34,128,47

Looks like either something is going on with your client machine being
unable to open a port, or with the server not being able to connect on it?
Namely port 33071. You can do strace if you want to see what the system
calls are returning. Do you have a firewall on the client? Could it be
blocking this port? Why not try nmap'ing while it's waiting for a
connection, or does it fail immediately without a timeout?

*Appeals to others* What are the port restrictions on linux, again? I
forget what range is reserved to root.

Jon.

-- * Does the walker choose the path, or does the path choose the walker?
(fr. Sabriel) * --

In article <NaXqd.10265$rh1.254959@news2.e.nsc.no>, B H wrote:
><newbie alert>
> I have a problem connecting to and issuing commands at a ftp-server.'
> The ftp server is Windows based and requires active ftp. I have a
> linux pc with Fedora (FC1).
> PS: If I do the same ftp-command in DOS from a Windows XP box
> on the same LAN and connect to the same server I have no problems.
>
> I can log in without problems, but at the instant I try to issue a command
> I get error messages and it hangs. Here is a log of what happens (ip-
> address replaced by aaa.bbb.ccc.ddd):
>===
> [mylocalusername@dhcppc1 ~]$ ftp -d www.mysite.com
> Connected to www.mysite.com (aaa.bbb.ccc.ddd).
> 220 iis11 Microsoft FTP Service (Version 4.0).
> Name (www.mysite.com:mylocalusername): myusernameatftpserver
> ---> USER myusernameatftpserver
> 331 Password required for myusernameatftpserver.
> Password:
> ---> PASS XXXX
> 230-Welcome to blablabla
> 230 User myusernameatftpserver logged in.
> ---> SYST
> 215 Windows_NT version 4.0
> Remote system type is Windows_NT.
> ftp> ls
> ftp: setsockopt (ignored): Permission denied
> ---> PASV
> 227 Entering Passive Mode (aaa,bbb,ccc,ddd,9,202).
>
> [program hangs and must be CTRL-C'ed]
>===
> A "nmap localhost" command at my Linux-box:
>
> [mylocalusername@dhcppc1 ~]$ nmap localhost
>
> Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-11-30 08:33 CET
> Interesting ports on localhost.localdomain (127.0.0.1):
> (The 1651 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp open smtp
> 111/tcp open rpcbind
> 631/tcp open ipp
> 32770/tcp open sometimes-rpc3
> 32771/tcp open sometimes-rpc5
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 0.706 seconds
>===
>
> 1) When I do for example "ls" it seems that the program forces PASV even if
> I do
> not specify this since I have been told that I need to use ACTIVE for
> this server. Why does this happen?
>
> 2) What are the 9 and 202 after my IP-address in the
> "Entering Passive Mode ..."-command?
>
> Any clues what might be wrong? Any easy workarounds?
>
> Borge
></newbie alert>

Have you tried "iptables -L" on your linux box? Quite likely it is firewalling
the incoming FTP data port even though you firewall may not be.

As root, run "iptables -L" (also, try "ipchains -L" as either could be running)
and post your results. Running FTP in active mode requires allowing an INCOMING
connection to your system from the FTP server...

Kevin

"Kevin Collins" <spamtotrash@toomuchfiction.com> skrev i melding
> Have you tried "iptables -L" on your linux box? Quite likely it is
firewalling
> the incoming FTP data port even though you firewall may not be.
>
> As root, run "iptables -L" (also, try "ipchains -L" as either could be
running)
> and post your results. Running FTP in active mode requires allowing an
INCOMING
> connection to your system from the FTP server...
>
> Kevin

Here's the result. Hope somebody can decode this and
help.

===== "Iptables -L" as root ==============
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited

===============================

Borge