If you seem to connect but
then nothing happens and you do not get a directory listing
this is
most likely that either your ftp software is set to
connect via passive ftp (rather than active ftp) in which
case consult your ftp software manual/site and make sure
it is set so that passive ftp is disabled.* See below
for explanation on passive and active ftp.
If it still does not work contact
support and get them to check
that ftp is working when they test it. They will use
the same
settings as you and connect the same way so that they
can confirm that everything at this end is working
correctly. Once you get this confirmation continue with
the following;
If the ftp test by support is successful it is likely
that your firewall is not set to allow this traffic back
in
(ie
it thinks
it is an attempted intrusion). Most modern firewalls
are smart enough to work this out
but
some
that have not been set up correctly can cause problems
with servers that have been set up to run in the most
secure way. FTP will still work with hosts that have
their servers set so that anything is allowed above
port 1024 but we like to run a very secure
network which unfortunately is less forgiving with firewall's
that have not been set up correctly.
It should not be
too difficult to fix however and normally if you can
access the firewall's log files and look for dropped/blocked
packets destined for port 20 you will see what is happening.
Step one - If you are able to, disable your firewall
(just long enough to test it and then switch it back
on again)
and try again. This will tell you if it is definitely
a firewall issue. If you are on broadband and use a router
you could
also try using your back up dial
up account (always useful
to have in case broadband is down)
If it works it is definitely the firewall doing it.
The configuration to fix it will vary but the principle
is as follows;
You either need to set the firewall so that all established
TCP traffic is allowed back in (even though technically
this is not a connection that was initiated from within
the network normally this is all it needs to help the
firewall in recognising that the traffic is legitimate).
Alternatively allow all TCP traffic in that has a destination
of port 20.
* The following may also be useful. What is the difference between passive and active FTP?
FTP is an unusual protocol in that it uses two ports,
one for commands and the other for data. (This is one
of the reasons it is superior to HTTP for transferring
large files.) Active FTP was invented first. The client
initiates a connection on the server’s command
port. The server then initiates a connection with the
client from its data port. With Passive FTP, the client
initiates both connections with the server, which remains “passive”.
Active FTP may cause problems if your client is
behind a firewall. From the firewall’s point
of view, the FTP server that is trying to initiate
a connection
with your client looks like an intruder and is usually
blocked. This is why many users have difficulty using
FTP to download files from behind a firewall.
Passive FTP solves this problem, but creates other problems,
notably where FTP server security is concerned. The server
must listen on a large number of ports. This requires
the firewall to let a lot of unqualified traffic through.
Most firewall administrators do not like this.
As a rule, you do not need to be concerned about
passive and active FTP unless you administer an FTP
server or
a firewall. If you experience difficulty using your FTP
client from behind a firewall, this is likely the reason.
You should discuss the matter with your firewall
administrator if possible.
|
