| Dart Home | PowerTCP FTP for .NET | Custom Development | Reply | PowerTCP FTP for .NET Topics | Forums |
| Author | Forum: PowerTCP FTP for .NET Topic: FTPS problem with client behind firewall |
| BradRoberts56 Bradley.Roberts@afrc.af.mil From: Warner Robins, GA USA Posts: 7 Member Since: 10/20/05 |
posted December 16, 2005 10:29 AM Any suggestions will be appreciated... -I am having partial success after the firewall dudes have supposedly opened-up 990 and 989 for my client IP address. -The Server is outside the firewall. -I have gotten the firewall dudes to do a firewall dump in an effort to resolve this but I am still unclear on where/who to go to at this point. -I am able to connect to the server, initiate an SSL session, authenticate using name and password, Invoke commands and get responses, and get current directory. -A listing fails because the directory is empty(I think). -The server is an IBM mainframe so other listings fail as well but it may be the way I am specifying it. -A file transfer on a known file fails with "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond". -The filename specified in the "GET" is created in the location specified with zero size. It is gone after failure. -The firewall dump verifies the successful traffic and when the file transfer fails they say that the server "is sending a lot of data to port 989 and then stops". -The client "Progress" event never fires. -I am on an XP machine and the Windows Firewall is disabled. The complete VB.NET code follows: Ftp1.Security = Security.Explicit Ftp1.Passive = True Ftp1.DoEvents = True Ftp1.Server = "111.111.111.111" ' not real Ftp1.Username = "ABCDEFG" ' not real Ftp1.Password = "password" ' not real Ftp1.ServerPort = 990 Ftp1.ClientPort = "989" Ftp1.ClientDataPort = "989" Ftp1.FileType = Dart.PowerTCP.SecureFtp.FileType.Ascii Ftp1.DoEvents = True Ftp1.Restart = False ' "Disable" security checks Ftp1.UseAuthentication = False Dim x As Invoke x = Ftp1.Invoke(FtpCommand.Null, "PBSZ 0") Debug.WriteLine(x.Response) x = Ftp1.Invoke(FtpCommand.Null, "PROT P") Debug.WriteLine(x.Response) Dim dir As String = Ftp1.GetDirectory() Debug.WriteLine("Current directory: " + dir) Dim OtherResults As Dart.PowerTCP.SecureFtp.FtpFile OtherResults = Ftp1.Get("'NNNN.CCC.YYYY01.XXXX'", "d:\brad\testfile.txt") ' not real names ONLY an explicit connection on 990 using Passive will work at all...implicit or active connections fail to connect. Any help is appreciated. |
Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted December 16, 2005 10:44 AM First make sure you are using the latest secure FTP kit. If your DLL version is less than 2.3.2.0 then you are not. After you have gotten the latest version, the following settings should solve your problem, provided that the server is not behind a firewall as you stated: Ftp1.UseControlAddressForPassive = True Ftp1.Passive = True |
| BradRoberts56 Bradley.Roberts@afrc.af.mil From: Warner Robins, GA USA Posts: 7 Member Since: 10/20/05 |
posted December 16, 2005 11:08 AM Thanks. -I got the latest version and installed it ok. -Once I turned on the UseControlAddressForPassive I had to comment out the ClientPort line. -After that I get the following: "No connection could be made because the target machine actively refused it". It sounds like my local security settings may be disallowing the port 989 traffic. What do you think? |
| BradRoberts56 Bradley.Roberts@afrc.af.mil From: Warner Robins, GA USA Posts: 7 Member Since: 10/20/05 |
posted December 16, 2005 11:10 AM I meant to include where the error occurs.... On the GET execution...all other things work as before... |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted December 16, 2005 11:20 AM If passive is true, then you are not using the ClientDataPort so port 989 has nothing to do with it. It sounds like your server is behind a firewall even though you think it is not. You have two options: 1) Get the people who manage the server to open up a data port(or a range of ports) that points to the server, set the server to use that range of ports for data connections, then use the method that I previously recommended. 2) Get the people who manage the server to change a setting (if the server allows it) so that it uses the Control address when it connects back to you. |
| BradRoberts56 Bradley.Roberts@afrc.af.mil From: Warner Robins, GA USA Posts: 7 Member Since: 10/20/05 |
posted December 16, 2005 11:40 AM I'm confused. -My firewall guy already said that OUR firewall showed that the server was sending a bunch of data back to me on 989. It was as if my PC(the client) was not responding back to the server with something like "I got the first block". - I forgot to mention before that my IP is explicitly NOT being NAT'd. - In the error message received, is the "target" my machine or the server? |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted December 16, 2005 11:57 AM The target is the server in that case. The server is sending back a response to the PASV command that tells the client to connect to a it's address (this would be the internal address) on a certain port. Ordinarily, when this happens, the firewall that the server is behind intercepts the response and replaces the address with outside address and opens up the port. When Using SSL the response can't be read so the firewall has no idea it needs to do anything. When the client uses PORT (non-Passive) mode, the opposite occurs. Most likely what is happening is your firewall is not configured properly even though your "Firewall Guy" says it is. |
| BradRoberts56 Bradley.Roberts@afrc.af.mil From: Warner Robins, GA USA Posts: 7 Member Since: 10/20/05 |
posted December 16, 2005 12:21 PM I need to be sure when I contact the firewall dude again, so...I am making the attempt with the FTPListView utility. - Settings are Passive, Explicit, port 990 - I get 227 Entering Passive mode (address) Then "No connection could be made because the target machine actively refused it" This is different with the new version of the dll. Any new thoughts? Or, should I focus on the firewall? |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted December 16, 2005 1:16 PM Are you sure it's port 990? Usually when a server is Explicit it uses port 21. 990 is for implicit. |
| BradRoberts56 Bradley.Roberts@afrc.af.mil From: Warner Robins, GA USA Posts: 7 Member Since: 10/20/05 |
posted December 16, 2005 1:22 PM Yes. When I connect to the port 21 site and attempt SSL it says it does not support it. When I do the same on 990 is works. I'm working with a different firewall dude now. More on News at 6... |
| BradRoberts56 Bradley.Roberts@afrc.af.mil From: Warner Robins, GA USA Posts: 7 Member Since: 10/20/05 |
posted December 16, 2005 4:19 PM Finally, problem resolved! A good way to go into a weekend! I had to use an Explicit, Active connection (vs the default Passive) on port 990. The firewall was opened-up on ports 990 and 989. AND our firewall dude had to use an IP Filter on the in/out–bound IP addresses to open up random high ports. But all it well. FYI, we did get the Passive to work but the firewall dude preferred the Active. Thanks for your help |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted December 16, 2005 4:24 PM That's good to hear. Thanks for following up. |
| Reply | PowerTCP FTP for .NET Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|