Your best friend for file transfer.Fetch
ftp gurus, please help! (6 posts)
- Started 11 years ago by geomac
- Latest reply 11 years ago from Jim Matthews
dual g5 2.0 and 15.2" aluminum powerbook
both on Panther 10.3.8
I am using ftp in an application to connect to a remote server that is behind a satellite internet modem. (fyi, there is some time latency involved due to the satellite connection) the server is running on a windows xp machine behind an airport extreme that is set to forward ports 21 and 20.
If I try to connect through the OS X terminal window, I can actually connect, but when I invoke the "dir" command I get the error "500 'EPSV': command not understood" then the server closes the connection. I searched around a bit and found that a solution to this in the Terminal is to toggle the "passive" mode into "active" mode after making the initial connection. I did this, and it works fine, I can list directories, transfer files etc...
If I un-check the "use passive ftp mode" box in the network proxies preferences and then try to connect from the terminal window without toggling passive to active from the command line, I have the same error out problems, so the Terminal window application and the system preferences are independent.
I would eventually like to use Fetch or Transmit 3 along with some Applescripts to automate some file transfers. Both Transmit, and Fetch error out while getting the file directory listing before I uncheck the "use passive ftp mode" preference. After un-checking it Fetch works fine, Transmit works but only on the second connection attempt, (it errors out on the first attempt).
I can connect to this same server in Passive mode from both OS 9, on a separate OS 9 native machine, and from windows machines running WS_FTP pro.
1) What is fundamentally different about OS X ftp protocal that causes the passive mode to fail while both OS 9 (mac) and windows can connect to this server in passive mode.
2) is this possibly related to the server somehow? or is it an OS X problem
3) why can we connect to the server in passive mode, but not complete any other operations, ie. directory listing, file transfer etc....
Thank you very much for any help here and pardon the drawn out description.
Jim Matthews Administrator
Thanks for the clear description of what you're trying to do. I'll address your last question first. The FTP protocol uses two connections, a "control" connection for sending commands and a "data" connection for transfering files and file lists. You are able to make a control connection, but in passive mode (on OS X) you are not able to make a data connection, and that's why you can't get file lists or transfer files.
As for your other questions, I'm not sure what would explain the fact that you can connect with passive mode from a Mac OS 9 machine and not from OS X. I would be interested in seeing a transcript from one of these successful connections. Passive mode data connections go to a randomly chosen port on the server in the port range 1024-65535. Since your server is behind an Airport Extreme router that is only forwarding ports 20 and 21 I would expect those connections to randomly-chosen ports to never succeed.
I have a similiar situation/problem in that I have a Windows 2003 server running an ftp server (and MS ISA firewall) that I can access fine from windows machines, but not from macs with os x when the mac firewall is running. If i turn off the firewall or if i enable the ftp server on the mac (which automatically opens the ftp ports on the firewall), then I can get to the ftp server no problem. Actually, I have the same/similar problem as the OP in that I can get to the ftp server with the firewall enabled, but doing a 'dir' command reports a 'can't open data connection' error. I've tried turning on and off the PASV mode setting in Fetch (and other ftp software and os x itself), but it doesn't help.
So, what I'm wondering is what it the solution to this? It can't be to open up ports 20-21 and all upper ports as, I think, happens when you turn on the ftp server on os x. Can you help here? Thanks.
[This message has been edited by StevenJ (edited 04-04-2005).]
Jim Matthews Administrator
Actually the correct solution is to open up the higher numbered ports. FTP servers that are intended to serve a wide audience should not be behind firewalls, unless those firewalls have special programming to distinguish passive mode FTP data connections from other connections (and as far as I know ISA does not).
The workaround is to turn off passive mode and the firewall on the FTP client. If there are firewalls on both sides nothing will work. Since one side or the other has to be open it is customary for it to be the server side, the thinking being that servers are more carefully managed and protected from attacks than the average client machine. Also, requiring that clients change from passive mode (which is the default for most FTP clients) and turn off their firewalls inconveniences a number of people.
Thanks so much for your help. I appreciate your explanations. Would you have any idea why windows machines (behind the same nat router as the mac) running the windows xp firewall would be able to connect to this ftp server in active mode? I noticed it couldn't connect in passive mode, but does in active (PORT) mode. Here's a connection log from a windows ftp client:
STATUS:> Login successful.
257 "/" is current directory.
STATUS:> Home directory: /
STATUS:> This site supports features.
STATUS:> This site supports SIZE.
COMMAND:> REST 100
350 Restarting at 100.
STATUS:> This site can resume broken downloads.
COMMAND:> REST 0
350 Restarting at 0.
COMMAND:> PORT 192,168,0,102,13,29
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
226 Transfer complete.
STATUS:> Directory listing completed.
Jim Matthews Administrator
The Windows XP firewall might be smart enough to open ports as needed for active mode FTP. I know that the OS X firewall is not that smart.
- Page 1
This topic has been closed.