3

Last week while uploading website files to our server via FTP, the transfer failed. Ever since then, I haven't been able to connect to the server from work.

I can connect just fine from home, or by using an FTP app on my cell phone as long as I'm on the cell network. I can't access the server from any machine on my work network. It's not a credential issue, either. The error message that I always get says that a connection cannot be established, and I am never prompted for my credentials.

I have changed absolutely nothing on our domain controller or our firewall/router. All of the ports that were open when it was working are still open now.

I've contacted our ISP (who hosts the website/FTP server) and they can't find anything wrong on their end. They insist that it must be something here at the office that is blocking access. Since the ISP hosts the server, I can't restart it, nor do I know what the server software is.

I've also tested access to other FTP servers (ea.com, nvidia.com, etc.) so I know that port 21 is not being blocked. I'm totally stumped. Any help is much appreciated.

I uploaded a Wireshark file here: http://www.cloudshark.org/captures/7dde165d4797?filter=ip.src%20%3D%3D%2066.118.64.208%20%7C%7C%20ip.dst%20%3D%3D%2066.118.64.208 with source and and destination IP addresses filtered for the FTP server. I turns out that there were 2 return packets per connection attempt. Does this shed any more light on the problem?

My firewall/router is a Netgear ProSafe VPN Firewall FVS318v3. Someone mentioned NAT issues - I have several entries like this in the log:

Fri, 2013-11-08 14:10:27 - [Unable to free TCP NAT port for 452b000e:52490 from LAN].

Also, I can ping the server from my network, but I can't telnet into it on port 21.

Could not open connection to the host, on port [21]:Connect failed

Improve this question
12
  • 1
    Anything in your firewall log? Successful connections or failures?
    – squillman
    Commented Nov 7, 2013 at 20:14
  • @squillman: The firewall log doesn't even show any attempts to connect to the FTP IP address.
    – MichaelPipkin
    Commented Nov 7, 2013 at 20:33
  • 1
    You shall not use FTP in this century! Use SFTP.
    – Tometzky
    Commented Nov 7, 2013 at 21:23
  • 1
    I'm cleaning up these comments, you should delete yours too and keep the relevant info in your OP. From what I see you aren't getting return traffic from the FTP server. That doesn't mean it isn't replying though. The ISP would have to tell you for certain (which is easy enough in the connection attempt logs). Otherwise you'll need to run a debug trace on your firewall/router and see if the FTP server is responding but the return traffic is getting dropped at your firewall.
    – TheCleaner
    Commented Nov 7, 2013 at 21:48
  • @Tometzky Yes, SFTP is more secure. But in controlled environments, FTP is fine. Also, if the destination of the FTP is not a critical system, it really doesn’t matter. I have used SFTP & FTP for many different scenarios.
    – Giacomo1968
    Commented Nov 8, 2013 at 19:08

1 Answer 1

Reset to default
1

If port 21 is open, it sounds like a firewall issue more than anything else. But that said, do you know if the FTP server you are using is using passive ports? Some FTP server & firewall combos need the passive ports open as well as port 21.

Passive ports are typically set on the FTP server side & encompass a range that can be 49152 to 65534 (example from ProFTPD), but can also be manually set for a different range like 50000 to 60000.

In cases like that, port 21 would accept your connection but if the passive ports are blocked—which come into play during file transfer—no file transfer happens. Stung me a few times when I setup IPTables on a few servers & learned the hard way. Gotta have those passive ports accounted for on top of port 21.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .