> "Nachman Yaakov Ziskind" <awacsegps.com> wrote in message
> > Ken Benson wrote (on Fri, Jul 04, 2003 at 03:45:31AM +0000):
> > > I have an interesting problem that I'm hoping someone out there can
> offer some insight into ...
> > >
> > > We have a client using OpenServer 5.0.5 - this machine is connected to
> the Internet via a DSL/Cable modem/router. This client is one of several
> > > clients that have a similar configuration. The difference here is the
> > > inability to complete an ftp session.
> > >
> > > We have a firewall in our company, but ftp outbound is open for a select
> > > group of individuals. These individuals can (and often do) ftp files to
> and from customer sites - but not to this customer site.
> > >
> > > In experimenting, I tried an ftp session from my home PC (no firewall)
> and the session seemed to work okay - I transferred a small file. This
> would be an ftp INBOUND to the machine in question from a Windows box.
> > >
> > > So .. I tried another experiment - another OpenServer customer on the
> > > Internet - I pushed a file from that other customer to the machine in
> > > question - again INBOUND to the machine in questions from an OpenServer
> > > 5.0.6 machine and this worked just fine.
> > >
> > > It would be easy to jump to the conclusion that the firewall is at
> fault - however, this same firewall allows ftp traffic to and from machines
> the time - just not this particular machine.
> > >
> > > I'm really at a loss where to begin on this issue ... any ideas?
> > Start with the brand/model of the firewall router.
> Our firewall is a Windows based software firewall - I'm not sure what flavor
> it is, but it is probably not the problem - we can and VERY often ftp
> through it in both directions to other OpenServer machines. I'm not aware
> of a firewall router at all at the customer site, but will try to find that
> out tomorrow.
> > Continue with a disclosure of whether you are using active or passive ftp.
> > (If you don't know the difference, you are in for a learning experience!
> They are *very* different. One hint: passive ftp is much more easier to
> accomplish over a firewall).
> Active ftp - I've tried to switch to passive and the ftp client returns an
> error - it doesn't understand the command "passive".
> > Finish by describing, in more detail, what went wrong. "... the inability
> to complete an ftp session."
> The detail is variable. Often we can connect via ftp from the customer's
> machine to an OpenServer machine on our DMZ - provide the login and
> password, issue commands (such as "bin" or "asc") .. but as soon as a
> command is given which would require actual data exchange - the system
> responds with "421 Service not available, remote server has closed
> If we initiate the ftp session in the reverse - from a machine inside our
> network TO the customer's machine - the difference is that it appears to be
> working - no error is generated. But, the file size stays at zero
> indicating the file is not actually being transferred. Often this process
> just appears to be hung and must be broken out of - occasionally, the ftp
> client will actually indicate that the remote has timed out.