Re: Internet Explorer Keeps Timing out on FTP

From: Siegfried Heintze (siegfried_at_heintze.com)
Date: 06/18/04

• Next message: Alun Jones [MS]: "RE: FTP Folder error"
• Previous message: Jelena: "FTP Folder error"
• In reply to: Alun Jones [MS]: "Re: Internet Explorer Keeps Timing out on FTP"
• Next in thread: Paul Lynch: "Re: Internet Explorer Keeps Timing out on FTP"
• Messages sorted by: [ date ] [ thread ]

Date: Fri, 18 Jun 2004 14:58:29 -0600

Alun,
Thanks, that fixes one problem with Internet Explorer. Hmm.... Emacs is
still timing out. Can you suggest any other parameters to play with?
   Siegfried
""Alun Jones [MS]"" <alunj@online.microsoft.com> wrote in message
news:BAI6luVVEHA.432@cpmsftngxa10.phx.gbl...
> > From: "Siegfried Heintze" <siegfried@heintze.com>
> >
> > All the machines are behind the same ActionTec DSL router/firewall. In
> other
> > words, the NT and Win2K machines that don't have this problem are behind
> the
> > same firewall as the Win2003 server that does have this problem.
> >
> > This is a problem with the FTP client. I have not started the FTP server
> and
> > I deliberately do not run IIS process (because I don't want it to
conflict
> > with the Apache Web Server). How do I tell what version of FTP? I
believe
> > Win2003 Server has IIS 6. That is probably the version of the FTP
> > client/server too since IIS and FTP are both implemented with the same
> > program INETINFO.exe.
>
> Windows 2003 comes with IIS 6.0 for FTP (and other services).
>
> What I think is going on here is the classic FTP problem of what ports to
> open in the firewall.
>
> Try changing the active / passive FTP option in Internet Explorer - from
> the "Tools" menu, select "Internet Options". Select the "Advanced" tab,
> and scroll down to "Use Passive FTP (for firewall and DSL modem
> compatibility)". I'm going to guess, from the information you've given
me,
> that this is checked. Uncheck it.
>
> Now try and connect to the FTP site again. Does it list the directory?
>
> Note that IE lumps connection and directory listing together - if it is
> able to connect, but cannot get a data connection for a directory listing,
> this looks very similar to the error message that you get when you cannot
> connect at all.
>
> So, what's the difference between Active and Passive FTP? Well, they're
> both modes of opening a connection down which to transfer data, whether
> that's a file upload, a file download, or a directory listing. The FTP
> client chooses which method to use, by sending either a PORT or PASV
> command to the server. FTP servers are required to support both.
>
> When the PORT command is used, the FTP client is asking the FTP server to
> make an "active open" - i.e. to initiate a connection - to the client. To
> achieve this, the FTP client includes an IP address and port number in the
> PORT command. For historical reasons that aren't worth going into, the
> PORT command is given with 6 decimal numbers, separated by commas. The
> first four numbers are the IP address - with commas instead of dots. The
> next number is the high-byte of the port number (i.e. the integer part of
> port-number / 256), and the last number is the low-byte of the port number
> (the remainder of port-number / 256). The FTP server connects from its
> local port 20 to the FTP client's specified IP address and port. So, any
> firewall between the FTP server and FTP client has to accomodate this
> connection. This can be a problem, as clients may be behind restrictive
> firewalls that allow only outgoing traffic, and not incoming traffic.
This
> is particularly a problem with NATs, as the client can only give out an
> internal address and port number - this has typically been solved by an
> "Application Level Gateway" (ALG) on the NAT that translates the PORT
> command and opens an incoming connection.
>
> Because of the problems with PORT commands through firewalls and NATS, the
> passive connection was deemed to be more likely to succeed, and made into
> the suggested standard mode of connection, under the theory that FTP
> servers were unlikely to be behind restrictive firewalls or NAT routers.
>
> When the PASV command is used, the FTP client is asking the FTP server to
> make a "passive open" - i.e. to wait for a connection. The client doesn't
> send any information in the PASV command, and the server responds with the
> same sort of comma-separated six-number sequence as described in the PORT
> command. The FTP client will then connect to that port for the next data
> exchange. Note that the port numbers at both ends in a passive open are
> essentially random, so it's very difficult to write a firewall rule to
> handle this. For a NAT, the FTP ALG will translate the PASV response.
The
> usual way to write a firewall / NAT rule for passive FTP is to create a
> wide range of ports for FTP traffic, tell the FTP server to use only those
> ports, and map that range of ports directly through the firewall / NAT to
> the FTP server.
>
> So, when PASV doesn't work, try PORT, and when PORT doesn't work, try
PASV.
> If you want to restrict the range of passive ports, there's an excellent
> article written by Bernard at http://support.microsoft.com/?id=555022.
>
> Alun.
> ~~~~
>

• Next message: Alun Jones [MS]: "RE: FTP Folder error"
• Previous message: Jelena: "FTP Folder error"
• In reply to: Alun Jones [MS]: "Re: Internet Explorer Keeps Timing out on FTP"
• Next in thread: Paul Lynch: "Re: Internet Explorer Keeps Timing out on FTP"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint