HPE Community
Operating System - HP-UX
1832577 Members
3601 Online
110043 Solutions
New Discussion

Re: FTP hung

 
SOLVED
Go to solution
tom quach_1
Super Advisor

‎12-01-2006 04:18 AM

‎12-01-2006 04:18 AM

FTP hung


Dear all,

hope that you could help me on this FTP issue.
the ftp had been working for users in a longtime. yesterday, users complanned that they could ftp to the outside ip address and got a connection but could not run any commands like "ls", "put"...
but from outsite the company i could connect and do anything to that outside ip address.
i was thinking about the firewall.
any suggestions that i can tell the network admin to check?
from inside company, even from my windows XP, using DOS to FTP to that outside ip address, it would hung if i ran " ls" or "put"...
Thank you in advance.

Regards,
Tom
0 Kudos
12 REPLIES 12
Keith Johnson
Valued Contributor

‎12-01-2006 04:28 AM

‎12-01-2006 04:28 AM

Re: FTP hung

I would ask the firewall folks to ensure that ports 20 and 21 are both opened.
No matter where you go...there you are.
0 Kudos
Coolmar
Esteemed Contributor

‎12-01-2006 05:25 AM

‎12-01-2006 05:25 AM

Re: FTP hung

The FTP Protocol requires two connections a CONTROL CHANNEL and a DATA CHANNEL. When a client connects to an FTP server (CONTROL CHANNEL), and then issues a LIST command or DIR or TRANSFER, the DATA CHANNEL is made. On ACTIVE MODE the server makes the second connection (DATA CHANNEL) back to the client. If the client is behind a firewall like a DSL router this connection attempt will fail because the router dosen't know that the client is waiting for this connection and it blocks inbound connection attempts. On PASSIVE mode the client makes the second connection to the server. So both
connections are coming from the client and the firewall (DSL router) dosen't interupt outgoing connections.

Seeing as you can make the connection, it looks as though the CONTROL CHANNEL is opened but looks like the DATA CHANNEL is not. I would check with the firewall folks.
0 Kudos
spex
Honored Contributor

‎12-01-2006 05:46 AM

‎12-01-2006 05:46 AM

Re: FTP hung

Hi Tom,

I'm not sure I see the point of connecting to your outside IP address from within your network. If it's because you'd like to make the IP address consistent from inside and outside, you might consider DNS as an alternative. Personally, I would have users on the LAN connect to the internal address.

This definitely seems like a firewall and/or routing problem.

PCS
0 Kudos
tom quach_1
Super Advisor

‎12-01-2006 05:56 AM

‎12-01-2006 05:56 AM

Re: FTP hung

Thank you Keith,Coolmar and spex for the infor.
so it seems like the control channel using port 21 and data channel using port 20 ?

one addition information.
after making a connection to the ftp server.
i could do "pwd", cd ../ or down and that was about it.
nothing else.
Would you think the data channel not open at that time.
Regrards,
Tom

ps
Thanks Coolmar for this information.

0 Kudos
Keith Johnson
Valued Contributor

‎12-01-2006 06:00 AM

‎12-01-2006 06:00 AM

Re: FTP hung

Yes, 20 is the data channel and 21 is the control channel. And yes, if the data channel is not open you will not be able to get or put files, do an ls, etc.
No matter where you go...there you are.
0 Kudos
Michael Steele_2
Honored Contributor

‎12-01-2006 08:34 AM

‎12-01-2006 08:34 AM

Re: FTP hung

Dear Tom:

A) Not the subnet of the outside ip address that you're trying to reach. Can you get to a workstation within that subnet and ftp?

B) Use 'telnet ip.address port#' to establish a firewall block on a port. You should get CONNECTED.

# telnet 10.23.45.122 21
CONNECTED!
Support Fatherhood - Stop Family Law
0 Kudos
Michael Steele_2
Honored Contributor

‎12-01-2006 08:35 AM

‎12-01-2006 08:35 AM

Re: FTP hung

Dear Tom:

A) Note the subnet of the outside ip address that you're trying to reach. Can you get to a workstation within that subnet and ftp now?

B) Use 'telnet ip.address port#' to determine a firewall block on a port. You should get CONNECTED if not blocked; hanging if blocked.

# telnet 10.23.45.122 21
CONNECTED!
Support Fatherhood - Stop Family Law
0 Kudos
tom quach_1
Super Advisor

‎12-01-2006 09:01 AM

‎12-01-2006 09:01 AM

Re: FTP hung

Thank Michael,

telnet to the ip and port 21 is fine
# telnet 10.23.45.122 21
CONNECTED!

i was thinking about port 20 on my site
how can i check that port ?

Regards,
Tom
0 Kudos
tom quach_1
Super Advisor

‎12-04-2006 04:17 AM

‎12-04-2006 04:17 AM

Re: FTP hung


Dear all,
hope you could give me some advice on this.
talked to people who control FTP server and they said the client determined the mode that it could connect.
so we added the PASS (passive mode) to the script and it was able to transfer file.
any idea? it was working fine before without adding PASS to the script.



#/bin/sh -x
ftp -i -n << EOJ
open 192.168.120.200
user xxxx xxxxxxxx
PASS
lcd /XXX/XXXX/XXXX/XXXXX
put $XXXX
quit
EOJ


Thanks,
Tom
0 Kudos
Coolmar
Esteemed Contributor

‎12-04-2006 05:40 AM

‎12-04-2006 05:40 AM

Solution

Re: FTP hung

On PASSIVE mode the client makes the second connection to the server. So both
connections are coming from the client and the firewall (DSL router) dosen't interupt outgoing connections.


Sounds to me like something changed at the firewall and PASS is your way around it.
0 Kudos
Coolmar
Esteemed Contributor

‎12-04-2006 05:44 AM

‎12-04-2006 05:44 AM

Re: FTP hung

Check this out:

http://searchnetworking.techtarget.com/sDefinition/0,290660,sid7_gci512897,00.html

0 Kudos
tom quach_1
Super Advisor

‎12-04-2006 06:27 AM

‎12-04-2006 06:27 AM

Re: FTP hung

Thank you all for your help.

Regards,
TOm
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.