ftp windoze <- fc3 works fine, ftp fc3 <- fc3 doesn't work? (for me)

Mon Mar 14 15:06:34 UTC 2005

On Mon, 14 Mar 2005 14:23:24 +0000, Paul Howarth <paul at city-fan.org> wrote:
> Bob Brennan wrote:
> >>>230 Anonymous login ok, restrictions apply.
> >>>Remote system type is UNIX.
> >>>Using binary mode to transfer files.
> >>
> >>If, at this point, you use the command "pass off", what happens?
> >
> >
> > BINGO! all commands now work. I need to now research proFTP
> > configuration, I believe there is a setting regarding PASSIVE MODE.
> > Let's assume Windoze ftp program runs in passive mode by default(?)
> 
> On the contrary, you have turned OFF passive mode, and *that's* the
> default on Windows.

yes - you caught me typing without brain-in-gear on that one.

> > Any security reasons to *not* set up the ftp server to default to
> > passive mode, or to accept passive mode connections (whichever the
> > config option is)? I suppse it's not a hardship to tell an FC3 ftp-er
> > (s)he needs to set passive mode on connection, I can even put it in
> > the Welcome message. (not that anyone ever reads it...). Setting
> > "binary" seems to be a better mode then ASCII too, which seems to be a
> > bad default.
> 
> I suspect that there is a problem with NAT at either the client or
> server end. A special ftp-aware address-conversion filter is needed in
> the firewall setup to make NAT with ftp work properly.

An ADSL router does the NAT conversion for me but since I run the main
server on 10.0.0.10 and an emergency backup server on 10.0.0.11 I
leave all ports open on the router, switch the NAT setting to "all
incoming ports go to 10.0.0.[the one I want], and do all firewalling
on the FC3 box(es).

But since "pass off" makes FC3 ftp work and Windoze ftp works all the
time surely neither NAT nor firewalling can be the issue(?)

> >>>ftp> ls
> >>>227 Entering Passive Mode (xx,xxx,xxx,xx,xxx,xxx).
> >>>ftp: connect: No route to host
> >>
> >>Is there a layer of network address translation going on between client
> >>and server?
> >
> >
> > The symptoms are the same using an identical FC3 machine on the same
> > LAN, from machine 10.0.0.11 to machine 10.0.0.10
> 
> If you're actually using addresses 10.x.x.x, you could show the
> addresses in use in the ftp dialogs instead of "x"ing them out. If the
> address shown as "xxx"s in:
> 
> 227 Entering Passive Mode (xx,xxx,xxx,xx,xxx,xxx)
> 
> does not look like a 10.x.x.x address then the server does not think
> it's talking to a machine at 10.x.x.x and hence sends the response to
> the wrong place.

At the moment I am ftping the server from miles-away hence the x's
would have revealed the real external IP of my server. The point I was
trying to make with the tests from 10.0.0.11 is that it made no
difference there or remotely - Windoze worked but FC3 would not.

But all will be well now once I configure proFTP to accept passive
mode (but I won't do that if it breaks the Windoze access) and/or warn
the user to use passive mode and binary just after connecting. At
least Linux users will be savy enough (one hopes) to know what
entering "pass off" means.

thanks again,
bob