User profile for user: Tag1
Tag1 Author
User level: Level 1
115 points

Apple Firewall FTP Issue...

Okay - it's been a long evening:

1 - Been having trouble getting an FTP connection with a clients 3rd party hosting service.

2 - Hopped on another hosting forum to get assistance in figuring out the problem.

3 - Narrowed it down to the internal firewall of my G5.

4 - When I turn the internal firewall off - I can connect to their ftp site. When I have it turned on - I can't. Period.

I do have Passive turned on in my proxies tab - but that is ALL I did in that tab. I did not set up a proxy server or anything like that (don't even know what it is).

ALSO - in my FTP clients (Transmit and Fetch) - I do have passive turned on.

But while my firewall is enabled - I still get no response from this one host.

I can, however, connect to other hosting servers just fine.

Question:

I still don't know how to fix the problem. Is it an issue with my configuration or possibly that the host server isn't configured correctly to use passive mode?

I've been working on this literally for the past 6 hours. I'm close though - does anybody have any suggestions?

Thanks!

Dual 1.8gb G5 Mac OS X (10.4.7)

Dual 1.8gb G5

Posted on Aug 9, 2006 10:04 PM

Reply
11 replies
User profile for user: Niel
Niel
User level: Level 10
741,911 points

Aug 9, 2006 10:39 PM in response to Tag1

Try turning on firewall logging in the Sharing pane of System Preferences, trying to connect to the FTP site, and seeing what shows up in the ipfw.log file. This log file can be viewed from the Sharing pane of System Preferences or the Console application in the /Applications/Utilities/ folder.

(15117)
Reply
User profile for user: Tag1
Tag1 Author
User level: Level 1
115 points

Aug 9, 2006 10:52 PM in response to Niel

does this over and over:

Aug 10 00:48:01 Thomas--Computer ipfw: 12190 Deny TCP 216.55.159.16:20 10.0.1.2:51214 in via en2
Aug 10 00:48:04 Thomas--Computer ipfw: 12190 Deny TCP 216.55.159.16:20 10.0.1.2:51216 in via en2
Aug 10 00:48:07 Thomas--Computer ipfw: 12190 Deny TCP 216.55.159.16:20 10.0.1.2:51216 in via en2



Dual 1.8gb G5
Reply
User profile for user: Tag1
Tag1 Author
User level: Level 1
115 points

Aug 10, 2006 7:37 AM in response to LittleSaint

Finally had to get some sleep...

I don't want to just turn off the firewall... and compromise whatever security I have.

But when I do turn it off - the FTP site responds.

I will try what Niel said and see what happens.

Could this be that the hosting server doesnt have something set up right? Meaning - could they have something set wrong that interferes with Passive Mode?
Reply
User profile for user: Tag1
Tag1 Author
User level: Level 1
115 points

Aug 10, 2006 7:42 AM in response to Tag1

I entered them like this:

51214, 51216

in the TCP Port Numbers field

Same issue happening. Reaching the FTP site - but the process stalls at:
...
Cmd: PWD
257: "/" is current directory.
Cmd: CWD /
250: CWD command successful
Cmd: PWD
257: "/" is current directory.
Cmd: PORT 10,0,1,2,208,229
200: PORT command successful
Cmd: LIST
(stalls here)
Reply
User profile for user: LittleSaint
LittleSaint
User level: Level 4
2,900 points

Aug 10, 2006 8:37 AM in response to Tag1

Did you try not using passive FTP?

My reply to Niel was sarcasm. The reason his suggestion will not work is that passive FTP generally does not use the same ports each time when establishing a transfer connection. It somewhat randomly picks high number ports to send information back to the user. Control commands happen on the standard FTP port which is why you can login and issue commands, but when you try to list or get files a transfer needs to happen and passive transfers occur on high number ports.
Reply
User profile for user: Tag1
Tag1 Author
User level: Level 1
115 points

Aug 10, 2006 8:57 AM in response to LittleSaint

Yeah - I did try turning off Passive...

SAme result.

Fetch (FTP Program) returns the same result and Transmit(FTP Program) works in non-passive mode then tries Passive mode even though it's turned off.

I'm going to download a thrid FTP client - I can't imagine it would work - but will try it.

What I don't understand is if it may be something on the server end that is having trouble with the passive mode... it's a lark - but something is awry when this is the ONLY FTP account I have trouble with...
Reply
User profile for user: GdK
GdK
User level: Level 1
10 points

Oct 3, 2006 10:10 PM in response to Tag1

The problem may be that there are two ways of making a passive connection through a firewall. The ftp client can use either "EPSV" or "PASV". The command line client, ftp, usually tries "EPSV" first, and if that fails, tries the other. Unfortunately, some servers will break the connection when they receive an "EPSV" request, which prevents the client from ever trying "PASV".

Apple's ftp can be told to try "PASV" first, but only in interactive mode. At the "ftp>" prompt, enter "epsv4" which will toggle which one it tries first.

Unfortunately, ftp does not seem to have a command line option or environment variable to force this behaviour, making it hard to create scripts which use ftp with some servers from behind a firewall. OpenBSD's ftp has this problem fixed (-E option), but that won't help us on Tiger.

I have no idea if this is the problem you encountered, but if your problem has not been solved yet, try interactive mode and the 'epsv4' command.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Apple Firewall FTP Issue...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up