Archived Forum Post

Index of archived forum posts

Question:

FTP2 Component PASV mode issue

Oct 29 '15 at 14:03

We use the Chilkat FTP2 component in our application. One of our clients uses our application in a company network with a firewall to communicate with our server. In this case FTP2 constantly breaks off communication after the PASV response of our server. We added the PassiveUseHostAddr = true because it could be related to our problem, but no success. Below a part of our FTP-sessionlog:

TYPE I
200 Type set to I
SYST
215 UNIX Type: L8
FEAT
211-Features:
 MDTM
 MFMT
 LANG ru-RU;zh-CN;ko-KR;bg-BG;zh-TW;ja-JP;fr-FR;it-IT;en-US
 TVFS
 UTF8
 AUTH TLS
 MFF modify;UNIX.group;UNIX.mode;
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
OPTS UTF8 ON
200 UTF8 set to on
CWD .
250 CWD command successful
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
PASV
227 Entering Passive Mode (141,138,168,115,140,102).

On this point the communication stops. We expected to see the RETR command but it is not send!

Please advise how to solve this issue.


Answer

Be sure that firewall allows the port range that the server has said that it will use, normally 28000 to 30000. The server has to have this set too.


Answer

Problem is solved. Users Company Firewall is using deep code inspection to determine which port to open when client initiates a passive connection. Because we used TLS encryption, the ip-port is no longer recognised by the firewall and therefore the port is not opened. Result: the connection was rejected!


Answer

Thanks! That make sense. Also see this for future reference: http://www.cknotes.com/determining-ftp2-connection-settings/