HPE Community
Operating System - Tru64 Unix
1753483 Members
4533 Online
108794 Solutions
New Discussion юеВ

Firewall and ftp

 
SOLVED
Go to solution
Sampath_Rook
Occasional Advisor

тАО11-13-2006 04:52 AM

тАО11-13-2006 04:52 AM

Firewall and ftp

How to check if the firewall is causing ftp timeout.
0 Kudos
10 REPLIES 10
Ivan Ferreira
Honored Contributor

тАО11-13-2006 04:55 AM

тАО11-13-2006 04:55 AM

Solution

Re: Firewall and ftp

Run telnet to the port 21, for example:

telnet ftpserver 21

If you get answer, at least port 21 is open. If you can connect, but you cant issue commands or they hangs, then the problem is that port 20 is blocked. Use passive mode.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Sampath_Rook
Occasional Advisor

тАО11-13-2006 05:29 AM

тАО11-13-2006 05:29 AM

Re: Firewall and ftp

Hi
The architecture is that i am working on a mediation application that gets the files from the switches in the network for billing,now the application would wait for some time for the switch to respond,but now the ftp timeout period expires and the files are not ftp'd from the switch.the protocol used is XFERRBF.
0 Kudos
Sampath_Rook
Occasional Advisor

тАО11-13-2006 05:30 AM

тАО11-13-2006 05:30 AM

Re: Firewall and ftp

I just want to check if the firewall which is sitting between the switch and the application causes this problem or not.
0 Kudos
Sampath_Rook
Occasional Advisor

тАО11-15-2006 07:34 PM

тАО11-15-2006 07:34 PM

Re: Firewall and ftp

i checked it, i am able to access the server
0 Kudos
Sampath_Rook
Occasional Advisor

тАО11-15-2006 08:04 PM

тАО11-15-2006 08:04 PM

Re: Firewall and ftp

I have to go to a firewall to access the ftp server, does the firewall cause a ftp timeout, can anyone help please
0 Kudos
Ivan Ferreira
Honored Contributor

тАО11-16-2006 12:04 AM

тАО11-16-2006 12:04 AM

Re: Firewall and ftp

Can you provide a little more detailed information about the problem? For example, have you tried to run ftp and get some files interactivelly? Can you transfer at least one file, when it times out? After a long idle session or when trying to get a file?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Sampath_Rook
Occasional Advisor

тАО11-16-2006 02:45 AM

тАО11-16-2006 02:45 AM

Re: Firewall and ftp

Yes, I can get files, but when the application tried it automatically it fails for come reason,it just doesnt happen on one server , but on different ones.So i think there no problem in getting files manually, but the probelm is when it tries to reach automatically
the traceroute results is

traceroute to 10.196.34.156 (10.196.34.156): 1-30 hops, 38 byte packets
1 10.196.34.156 (10.196.34.156) 2.93 ms * 1.95 ms
0 Kudos
Mark Poeschl_2
Honored Contributor

тАО11-16-2006 05:41 AM

тАО11-16-2006 05:41 AM

Re: Firewall and ftp

If your interactive session is working, it doesn't seem very likely that the firewall is the source of your problem.

You might try tracing the packets of a (sucessful) interactive session compared to an (unsuccessful) non-interactive session.
Here are the commands:

# pfconfig +p +c

# tcpdump -i -s 128 -w host 10.196.34.156 &





# tcpdump -i -s 128 -w





# pfconfig -p -c

This will create two files - outfile1 and outfile2 - containing the packets exchanged between your server and the FTP server. You can use 'tcpdump -r ' to generate human readable versions of the packets collected.
0 Kudos
Mark Poeschl_2
Honored Contributor

тАО11-16-2006 05:42 AM

тАО11-16-2006 05:42 AM

Re: Firewall and ftp

Ooops - forgot the 'host 10.196.34.156 &' in the second tcpdump command.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.