Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
We use the Chilkat FTP2 component in our application. One of our clients uses our application in a company network with a firewall to communicate with our server. In this case FTP2 constantly breaks off communication after the PASV response of our server. We added the PassiveUseHostAddr = true because it could be related to our problem, but no success. Below a part of our FTP-sessionlog:
TYPE I 200 Type set to I SYST 215 UNIX Type: L8 FEAT 211-Features: MDTM MFMT LANG ru-RU;zh-CN;ko-KR;bg-BG;zh-TW;ja-JP;fr-FR;it-IT;en-US TVFS UTF8 AUTH TLS MFF modify;UNIX.group;UNIX.mode; MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*; PBSZ PROT REST STREAM SIZE 211 End OPTS UTF8 ON 200 UTF8 set to on CWD . 250 CWD command successful PBSZ 0 200 PBSZ 0 successful PROT P 200 Protection set to Private PASV 227 Entering Passive Mode (141,138,168,115,140,102).
On this point the communication stops. We expected to see the RETR command but it is not send!
Please advise how to solve this issue.
Be sure that firewall allows the port range that the server has said that it will use, normally 28000 to 30000. The server has to have this set too.
Problem is solved. Users Company Firewall is using deep code inspection to determine which port to open when client initiates a passive connection. Because we used TLS encryption, the ip-port is no longer recognised by the firewall and therefore the port is not opened. Result: the connection was rejected!
Thanks! That make sense. Also see this for future reference: http://www.cknotes.com/determining-ftp2-connection-settings/