Results 1 to 24 of 24
  1. #1
    Join Date
    Nov 2004
    Posts
    261

    Windows IIS FTP hanging

    Running Windows XP Pro with IIS 5.1. I have to connect via dos to this ftp server. Im using the dynamic dns url for it but i also tried the ip and still same issue.

    Basically when I ftp to the server I can login just fine. But when I try to enter any commands in and hit enter it shows this:

    150 Opening ASCII mode data connection for file list.

    And it just hangs. I tried doing this from 2 different networks. If I go on the server itself and ftp to the external ip/dynamic dns name it works just fine. I can run any command, hit enter and it works and not hang like it does for any other system.

    I tried turning off the Windows XP firewall, on SP2. Still nothing. I had to change the port for ftp server to 8080 since 21 was apparently being blocked by their ISP. Any suggestions?

    Thanks
    Silly

  2. #2
    Join Date
    Nov 2004
    Posts
    261
    Hmm.. I discovered that if I switch to active mode in smartftp it has the same problem as the dos issue. If I put it to passive it works. So what is the command to turn off and on passive mode in dos ftp?

    Thanks
    Silly

  3. #3
    Join Date
    Jul 2005
    Posts
    67
    Should just be 'passive.' That's what it is on the *nix version, ought to be the same.

  4. #4
    Join Date
    Oct 2003
    Posts
    570
    No, it's not. The FTP command line client coming with Windows does not support passive mode.

    The cause for active mode FTP connections being blocked are atrocities such like personal firewalls being installed on the client's end.

  5. #5
    Join Date
    Jul 2005
    Posts
    67
    Wow, what crap. I own a Macintosh and a Fedora system, avoiding the alternatve whenever possible ;-)

  6. #6
    Join Date
    Oct 2003
    Posts
    570
    Well, Internet Explorer has a setting for enabling Passive mode connections though ;-) (not sure if it's enabled by default).

  7. #7
    Join Date
    Nov 2004
    Posts
    261
    Actually passive mode can be achieved via dos,

    quote pasv

    I think its the isp that is blocking the ports. The fact that we can ftp just fine from within the Qwest network but not outside shows most likely it is blocking the port it transfers data through.

    Smartftp works because I think it recongizes this and auto finds a high enough port to pass traffic through.

    Silly

  8. #8
    Join Date
    Oct 2003
    Posts
    570
    No, it cannot (at least not with the FTP command line client coming with Windows) since as I mentioned before it does not support passive mode FTP. This is not a matter of believe, it's a matter of fact.

    The FTP client won't care if you tell the server to change into passive mode (why should it?) and there is no way of telling the client to do so. The command line client won't suddenly start initiating data connections to the server just because the server is waiting for one.

    When you issue the next command (e. g. ls) it will initiate a new active mode data connection, i. e. make the server connect to the client on a different port, anyways, by issuing a PORT command, so you won't notice any difference by supplying a PASV command to the server or letting it be as it is. Your assumption concerning SmartFTP is admittedly entertaining but nonetheless unfounded.

    Edit: An introduction explaining the differences between active and passive mode FTP can be found at http://slacksite.com/other/ftp.html.
    Last edited by aldee; 07-11-2005 at 12:34 PM.

  9. #9
    Join Date
    Nov 2004
    Posts
    261
    Originally posted by aldee
    No, it cannot (at least not with the FTP command line client coming with Windows) since as I mentioned before it does not support passive mode FTP. This is not a matter of believe, it's a matter of fact.

    The FTP client won't care if you tell the server to change into passive mode (why should it?) and there is no way of telling the client to do so. When you issue the next command (e. g. ls) it will initiate a new active mode connection anyways by issuing a PORT command, so you won't notice any difference by supplying a PASV command to the server or letting it be as it is. Your assumption concerning SmartFTP is quite entertaining but nonetheless unfounded.

    An introduction to the differences between active and passive mode can be found at http://slacksite.com/other/ftp.html.
    The smartftp suggestion was based on the functionality it showed compared to what DOS showed. My question is why would SmartFTP work just fine in passive mode and not fine in DOS. According to SmartFTP logs it would use ports 10xx and higher where dos would use 0,140. As I noticed it appears the ISP blocks the lower ports. That is why I made that assumption.

    Would it be theory work if I issued a quote port command to tell it to open in higher ports? The bottom line is the ISP appears to be blocking the lower ports, FTP uses ports in this area and just seems everything is pointing to that issue now. Would make since that it works just fine from within its own Qwest network.

    Silly

  10. #10
    Join Date
    Oct 2003
    Posts
    570
    Originally posted by Sillysoft
    The smartftp suggestion was based on the functionality it showed compared to what DOS showed. My question is why would SmartFTP work just fine in passive mode and not fine in DOS. According to SmartFTP logs it would use ports 10xx and higher where dos would use 0,140. As I noticed it appears the ISP blocks the lower ports. That is why I made that assumption.

    Silly
    Hmm? This is not a matter of SmartFTP, it's a matter of passive or active mode. The command line client does not support passive mode, SmartFTP does. Passive mode connections are the only ones that will work for your setup. Find a different command line client supporting passive mode and it will work as well.


    Originally posted by Sillysoft
    Would it be theory work if I issued a quote port command to tell it to open in higher ports? The bottom line is the ISP appears to be blocking the lower ports, FTP uses ports in this area and just seems everything is pointing to that issue now. Would make since that it works just fine from within its own Qwest network.
    Have a look at the link I posted above. Active mode FTP works substantially different from passive mode, since the server will connect back to the client for active mode and the client will initiate another connection to the server in passive mode. Use a passive mode capable FTP client (Internet Explorer if nothing else is available) and you will be fine.
    Last edited by aldee; 07-11-2005 at 12:41 PM.

  11. #11
    Join Date
    Mar 2002
    Location
    UK
    Posts
    458
    Windows XP with service pack 2 and Windows 2003 with service pack 1 have known issues with FTP. The only solution is to experiment with various combinations of:

    - FTP client
    - Active mode or passive mode

    Usually you can find a combination that works.
    Chris at TDMWeb.com
    Windows & Linux hosting and fully managed dedicated servers with great customer service!
    UK-based but serving the world...

  12. #12
    Join Date
    Oct 2003
    Posts
    570
    Originally posted by TDMWeb
    Windows XP with service pack 2 and Windows 2003 with service pack 1 have known issues with FTP. The only solution is to experiment with various combinations of:

    - FTP client
    - Active mode or passive mode

    Usually you can find a combination that works.
    No, they don't have "known issues" unless you install / activate some kind of placebo security measure (basically any kind of braindead personal firewalls including the built-in Windows firewall).

  13. #13
    Join Date
    Nov 2004
    Posts
    261
    I have to run ftp via dos. Its a batch script that runs and issues the ftp commands to pass files to the store

    Silly

  14. #14
    Join Date
    Oct 2003
    Posts
    570
    Then I'm afraid you're out of luck until you find another command line client and change the script to use that one instead.

    I would suggest to start looking here: http://www.ncftpd.com

    Apart from that it's IMHO rather unlikely that the problem with active mode connections is on the server's end, since passive mode is much more "intrusive" to the server than active mode. Did you test if the clients can connect to other servers in active mode?

  15. #15
    Join Date
    Nov 2004
    Posts
    261
    As I mentioned before Im seeing that the issue is the ISP. I can ftp to the site just fine inside the Qwest network, anything outside of it does not work. The fact that port 21 is blocked to begin with makes the issue clear, need to get the ports open in order for this to work.

    Silly

  16. #16
    Join Date
    Oct 2003
    Posts
    570
    No, it doesn't make the issue clear. Ports <1024 e. g. standard ports such as 80, 21, 25 being blocked are one thing, e. g. if your ISP explicitly prohibits the set up of servers. "Unpriviledged" ports >1024 are a different issue since blocking any ports for incoming connections would cripple your internet connection even more than it already is. Why do you think you can get the to respond on port 8080?

    And no, you also don' t need any configuration change to get this to work if you are using a different command line client like ncftp (posted a link before) supporting passive mode and you change your batch script to use that one instead of the Windows default ftp command line client.

    Edit: Asked that before, but did you check if you can connect to different FTP servers but your own in active mode from the client systems you are having problems with?
    Last edited by aldee; 07-11-2005 at 03:51 PM.

  17. #17
    Join Date
    Nov 2004
    Posts
    261
    I installed the ncftp client and it seems to work with the -P option. Another note I want to add is any command I enter using normal ftp via dos I get:

    500 Invalid PORT Command.

    Then I get:

    150 Opening ASCII mode data connection for file list.

    and it hangs from there.

    No I have not checked if I can access ftp with active mode yet.

    Silly

  18. #18
    Join Date
    Mar 2002
    Location
    UK
    Posts
    458
    Originally posted by aldee
    No, they don't have "known issues" unless you install / activate some kind of placebo security measure (basically any kind of braindead personal firewalls including the built-in Windows firewall).
    Aldee, please do your research.
    Chris at TDMWeb.com
    Windows & Linux hosting and fully managed dedicated servers with great customer service!
    UK-based but serving the world...

  19. #19
    Join Date
    Oct 2003
    Posts
    570
    500 Invalid PORT Command.
    Are you behind a NAT/Firewall?
    Last edited by aldee; 07-11-2005 at 08:43 PM.

  20. #20
    Join Date
    Nov 2004
    Posts
    261
    It is VDSL service with Qwest. Theres nothing between the computer and the internet except the router from Qwest.

    Silly

  21. #21
    Join Date
    Oct 2003
    Posts
    570
    Sorry, I was referring to the (external) client side.

    If the client connection is NATed, this will cause active mode connections to non-standard FTP ports to fail, since in this case, PORT will submit the LAN IP to the server, which will result in some kind of "invalid port command" error message.

    If a connection is established to the standard FTP port (21), the NAT router should recognize this and rewrite the PORT command to the connection's WAN IP (and accordingly open the data port submiitted through the command and pass incoming packets on to the connecting client).

  22. #22
    Join Date
    Nov 2004
    Posts
    261
    I was referring to the client side. The only possible natting device is the VDSL router provided by Qwest.

    Silly

  23. #23
    Join Date
    Oct 2003
    Posts
    570
    Originally posted by Sillysoft
    I was referring to the client side. The only possible natting device is the VDSL router provided by Qwest.

    Silly
    Well, I assumed you might be referring to a router on the other end of your connection in Qwest's DC, however, apparently you are referring to a local router, i. e. you're not connecting through a simple DSL "modem".

    In this case, your connection should be NATed.

    NAT (Network Address Translation) simply means, that your PC is sending packages with a LAN (local) source IP address to the router, which then translates these packages to contain the IP assigned by Qwest as the source IP and also makes sure that the returned packages are reaching the correct destination, which is important if there's more than one device connected through your router.

    You can check that easily by having a look at the PORT command your FTP client is actually transmitting.

    PORT 192,168,1,1,123,456

    The first four numbers are an IP address (in my example 192.168.1.1, which is a local (LAN) ip). If this is not the IP assigned by Qwest but a local one your connection is NATed.

    Your router might have an option to operate as a simple DSL "modem" only (actually modem is the wrong term, since there is no (de)modulation taking place for DSL connections), you would lose the ability to connect multiple devices to the net by plugging them into the router if it's not NATing connections though. In this mode, the router would simply assign the Qwest IP directly to the PC's networking device.

    Anyways, for port 21 FTP connections modern NATing devices rewrite the PORT command so that it actually contains the WAN IP instead of your LAN IP, make sure that a port is open to receive the return traffic and direct it to the correct device.

    This procedure won't work for non-standard port FTP connections though, since the router does not recognize these to be actually FTP.

  24. #24
    Join Date
    Nov 2004
    Posts
    261
    This is not a normal network. There is no lan, the ip being used is the dhcp ip we get from Qwest. The computer is directly connected to the Qwest router/"dsl modem".

    Silly

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •