× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2003

Re: Passive FTP problem

On Thu, 12 Jun 2003, Nathan Simpson wrote:
>
> We have opened up the port on the PIX and we can log in ok. but when we
> try to transfer it fails with:
> 227    Passive mode entered (172.xx,x,x,38,147) for client IP Address
> "172.yy.yy.y".
> Unable to setup for an active data connection to the server, reason code
> 5.
> 200    Using port 8338 at host 192.168.1.10
>

Are you allowing outgoing connections on all ports?  Or....?

You say "we have opened up the port"...  "the" port?  FTP uses many ports.
Which one did you open?

FTP uses port 21 for the "control connection".  In this connection, you
type commands to the server, and it gives back messages containing
information about the success/failure of the command you typed.

Data transfers (including transferring a file, or listing the contents
of a directory) are done on a separate port which is decided (based on
which ports are free) by the operating system when you initiat the
transfer.   Each time you do a transfer, it can potentially use a
different port.

With regular "active" FTP, the client sends a string containing an IP
address and a port number to the server, and the server connects back
to that port.  If a firewall in between blocks it, the connection fails.

With passive FTP, the server sends a string with the IP address and port
to the client.  The client then connects to that port.   This is better
for firewalls because you can just allow all OUTGOING connections as long
as the local port is 20, and restrict incoming connections.

I don't know if any of this helps you... but to me, it sounds like your
control connection is working, but the data transfer connections are
failing.   Maybe that'll get you looking in the right place...

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.