iis ftp: Can't ftp from Linux box to windows-server

Can't ftp from Linux box to windows-server - setsockopt

B H
11/24/2004 3:57:32 PM

iis ftp: Trying to do ftp from a Linux pc-box (Red Hat - Fedora installation -
FC1(?)). However,
I get some problems with this and wonder if someone can help me. I have
turned
on debugging and see that I get:

ftp: setsockopt (ignored): Permission denied

I have tried ftp-command on to different servers and it works on one of the
and not on the other.
===
1) THE ONE WHICH DOES NOT WORK
Server-platform: Windows
Demands active ftp and do not accept passive ftp.

ERROR: Some error messages and it hangs after some time.

I have turned on debugging and see that I get:

ftp: setsockopt (ignored): Permission denied
===
2) THE ONE WHICH DOES WORK
Server-platform: Unix
Demands passive ftp and do NOT accept active ftp.
This server demands that the ip-adress I present is available with
forward and revers lookup which seems to work well in my case.
===
Unfortunately I need to do ftp to the windows server in 1).
Does anyone have any clue as to what I can do to make this work?

Any other app I can install and use?
Any settings I can do on my machine to make it work?
Other hints?

Borge

Re: Can't ftp from Linux box to windows-server - setsockopt

Bernard
11/25/2004 12:05:23 PM

Can you post the complete debug output..
have you look at the IIS ftp server log file ?

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
11/30/2004 10:39:51 AM

[quoted text, click to view]

OK. Here's some more info. Log of session and list of "nmap localhost".
Unfortunately getting an ftp-log at my isp is not so easy.
===
[mylocalusername@dhcppc1 ~]$ ftp -d www.mysite.com
Connected to www.mysite.com (aaa.bbb.ccc.ddd).
220 iis11 Microsoft FTP Service (Version 4.0).
Name (www.mysite.com:mylocalusername): myusernameatftpserver
---> USER myusernameatftpserver
331 Password required for myusernameatftpserver.
Password:
---> PASS XXXX
230-Welcome to blablabla
230 User myusernameatftpserver logged in.
---> SYST
215 Windows_NT version 4.0
Remote system type is Windows_NT.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (aaa,bbb,ccc,ddd,9,202).

[program hangs and must be CTRL-C'ed]
===
A "nmap localhost" command at my Linux-box:

[mylocalusername@dhcppc1 ~]$ nmap localhost

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-11-30 08:33 CET
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1651 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
32770/tcp open sometimes-rpc3
32771/tcp open sometimes-rpc5

Nmap run completed -- 1 IP address (1 host up) scanned in 0.706 seconds
===

Borge

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
11/30/2004 12:41:23 PM

In fact the server needs active mode. Someone hinted that I should
try to force active since it seems that the session automatically goes
to passive which the server do not accept. So I will try "ftp -a" later to
force active and see if that helps.

Borge

[quoted text, click to view]

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
11/30/2004 4:23:08 PM

I am told that the server I use needs active. Maybe my
ISP has forced this for some reason.
The problem is that my client seems to switch to passive even
if I do not tell it to:
===
215 Windows_NT version 4.0
Remote system type is Windows_NT.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (aaa,bbb,ccc,ddd,9,202).
===
Or maybe this means that it tries passive because it gets
an error (setsockopt)?

Borge

[quoted text, click to view]

Re: Can't ftp from Linux box to windows-server - setsockopt

Bernard
11/30/2004 6:58:49 PM

It could be the ftp server passive port range was blocked.
have you try active mode connection to the server ?

try ftp.exe from a windows client machines.

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]

Re: Can't ftp from Linux box to windows-server - setsockopt

Bernard
11/30/2004 11:11:56 PM

IIS FTP server supports both mode, it is the client that determine the
connection mode.
Refer -
Information About the IIS File Transmission Protocol (FTP) Service
http://support.microsoft.com/?id=283679

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]

Re: Can't ftp from Linux box to windows-server - setsockopt

Bernard
12/1/2004 12:11:59 PM

Looks like it. have you try to connect in active mode ?

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]

Re: Can't ftp from Linux box to windows-server - setsockopt

Alun Jones [MSFT]
12/2/2004 7:58:49 AM

[quoted text, click to view]

These values represent the port number your client is asked to connect to.
In this case, 9*256 + 202 = 2506, so the client is being asked to connect to
port 2506 at aaa.bbb.ccc.ddd.

It seems like you've got some restritive firewall issues going on between
your two systems. If active mode works from a different machine, as you've
suggested, but passive mode never works, that means that the firewall at the
server is preventing incoming connections to the range of ports that the
server chooses from for passive mode connections. If you can not change
that firewall's configuration, you will need to use active mode to connect.
Your Linux box appears to prevent that, by not opening up its own firewalls
to incoming FTP data connections.

Alun.
~~~~
--
Software Design Engineer, Internet Information Server (FTP)
This posting is provided "AS IS" with no warranties, and confers no rights.

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
12/2/2004 10:23:47 AM

[quoted text, click to view]

I tried using a GUI based program in Linux yesterday (gFtp). But it did
not work either. I even switched between passive/active with no luck.
It hangs when trying to issue commands like ls/dir etc.

[quoted text, click to view]

Anyone know what 9 and 202 in this message above means?
I have manually masked the ip-address before posting. So this
explains the aaa.bbb.ccc.ddd.

Borge

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
12/3/2004 10:05:31 AM

[quoted text, click to view]

Thank you for the thorough reply.
I think we're closing in on the solution now. I reinstalled Linux yesterday
and
enabled the firewall in the Linux-box but marked for opening of among other
the ftp protocol. There were no more detailed sepcifications during
installastions.

But I have noticed one possibly important thing.....
After debugging the ftp-log on my Windows XP box...which is the one which
works for ftp to the same server I try to connect to with my
Linux-box......I
noticed that it choses ports from a much lower number. The 9 increment
which is used for the Linux-box which should be added by 256 is 4 on the
XP box. So this means that ports given on the XP box starts at:

4 * 256 = 1024

So maybe a solution could be to find how I specify this increment number
and change it from 9 to 4. I guess I have to dig in some manual pages.

===LOG FROM XP BOX===
D:\Mine dokumenter>ftp -d www.mysite.com
Koblet til iis11.online.no.
220 iis11 Microsoft FTP Service (Version 4.0).
Bruker (iis11.online.no:(none)): myuser
---> USER b-haga
331 Password required for myuser.
Passord:
---> PASS mypassword
230-Welcome to <myisp> shared windows hosting platform.
230-Find more information about <myisp> products on blabla
230-
230-See our Web-support FAQ pages at http://webfaq.blabla
230 User myser logged in.
ftp> put hmmmm.rtf
---> PORT 192,168,1,37,4,100
200 PORT command successful.
---> STOR hmmmm.rtf
150 Opening ASCII mode data connection for hmmmm.rtf.
226 Transfer complete.
FTP: 3317 byte overført på 0,00sekunder 3317000,00kB/sek.
ftp> status
COnnected to iis11.xxx.yy.
Write: ascii; Control: On ; Sound: Off ; Leading text: On ; globbi
ng: On
Debug: On ; Enable write of number signs: Off .
ftp> get reciprocal.htm
---> PORT 192,168,1,37,4,101
200 PORT command successful.
---> RETR reciprocal.htm
150 Opening ASCII mode data connection for reciprocal.htm(501 bytes).
226 Transfer complete.
FTP: 501 byte mottatt på 0,00sekunder 501000,00kB/sek.
ftp> ls
---> PORT 192,168,1,37,4,102
200 PORT command successful.
---> NLST
150 Opening ASCII mode data connection for file list.
hmmmm.rtf
reciprocal.htm
[etc......]
226 Transfer complete.
FTP: 433 byte mottatt på 0,02sekunder 27,06kB/sek.
ftp> bye
---> QUIT
221 Bye!
======================

Borge

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
12/3/2004 11:43:37 AM

[quoted text, click to view]

But from this I see some possible solutions:

1) My router-firewall possibly stops 9*256 port adress (and +256 above) for
FTP
and must be opened

or

2) My Linux-box must be told to use 4*256 port adress (and +256 above)

Any comment on this?

Borge

Re: Can't ftp from Linux box to windows-server - setsockopt

Bernard
12/3/2004 6:35:52 PM

Maybe I was confused. but your previous post is using passive mode.
[quoted text, click to view]

But for XP -
PORT 192,168,1,37,4,100

The valid default ephemeral port range is for IIS 4/5 is 1024-5000
4*256 + 100 = 1124
hence it is within the range.

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]

Re: Can't ftp from Linux box to windows-server - setsockopt

Bernard
12/6/2004 12:20:23 PM

Now, I re-read most of the previous post. It seems like to me.
You Winnt FTP server works with active mode but not passive mode.

and you linux client seems to be trying to use passive mode (failed)
but xp ftp.exe is using active mode (work)

Hence, if you need active mode to work, you need to force linux ftp
client to use active mode. or if you need passive mode to work, then
you need to configure firewall/router access list to allow the default
port range.

More detail about the port can be found in previous KB I posted.
and this article give you more info on both mode.
http://slacksite.com/other/ftp.html

see in active mode, server end is always 21/20.

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
12/6/2004 2:57:49 PM

[quoted text, click to view]

I think you are right.
I think that for some reason the Linux-ftp client switches to passive mode.
Since I need to use active I have a problem since I can't force active
on this client. So next step for me is to install ncftp which apparently
can force active ftp.

I checked my firewall log during this weekend and found that if I turned
it off I got the following during ftp:
===
230 User XXXX logged in.
---> SYST
215 Windows_NT version 4.0
Remote system type is Windows_NT.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (148,122,0,15,11,66).
ftp: connect: No route to host
ftp> bye
---> QUIT
221 Bye!
===

So when I turned off the firewall it said "no route to host?".

Well, I guess I'll try a new ftp-client before I do anything else. All I
seem
to need is a client that acts like the ftp.exe in Windows XP.

Borge

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
12/7/2004 1:07:12 AM

[quoted text, click to view]

I installed ncftp and ran a test. I ran into the same problems. I have
configured ncftp to force active mode by issuing "passive=OFF" in
the prefs-file.

Anyone spot the problem here?

"Could not accept a data connection: Connection timed out.

425: Can't open data connection."

As I have said before ftp works on an XP box behind same firewall
using ftp.exe.

====TRACE OF NCFTP ACTIVE MODE===
SESSION STARTED at: 2004-12-07 00:17:13 CET +0100
Program Version: NcFTP 3.1.8/167 Jul 27 2004, 03:31 PM
Library Version: LibNcFTP 3.1.8 (May 26, 2004)
Process ID: 3412
Platform: linux-x86
Hostname: (rc=-2)
Terminal: xterm
00:17:13 Fw: firewall.domain.com Type: 0 User: c4n Pass: ******** Port:
21
00:17:13 FwExceptions: .probe.net,localhost,foo.bar.com,localdomain
00:17:13 NOTE: Your domain name could not be detected.
00:17:13 Resolving www.myftpdestination.com...
00:17:13 Connecting to www.myftpdestination.com...
00:17:13 LibNcFTP 3.1.8 (May 26, 2004) compiled for linux-x86
00:17:13 Uname: Linux|dhcppc1|2.6.9-1.667|#1 Tue Nov 2 14:41:25 EST
2004|i686
00:17:13 Glibc: 2.3.3 (stable)
00:17:13 Remote server is running Microsoft FTP Service.
00:17:13 Logging in...
00:17:13 220: iis11 Microsoft FTP Service (Version 4.0).
00:17:13 Connected to www.myftpdestination.com.
00:17:13 Cmd: USER myusername
00:17:13 331: Password required for myusername.
00:17:13 Cmd: PASS xxxxxxxx
00:17:14 Logging in...
00:17:14 230: Welcome to myisp Business Solutions AS shared windows hosting
platform.
00:17:14 Find more information about myisp Business Solutions AS
products on www.myisp.no/bedrift/
00:17:14
00:17:14 See our Web-support FAQ pages at http://webfaq.myisp.net
00:17:14 User myusername logged in.
00:17:14 Cmd: PWD
00:17:14 257: "/myusername" is current directory.
00:17:14 Logged in to www.myftpdestination.com as myusername.
00:17:14 Cmd: FEAT
00:17:14 500: 'FEAT': command not understood
00:17:14 Cmd: HELP SITE
00:17:14 214: Syntax: SITE (site-specific commands)
00:17:14 Logged in to www.myftpdestination.com.
00:17:14 Cmd: CLNT NcFTP 3.1.8 linux-x86
00:17:14 500: 'CLNT NcFTP 3.1.8 linux-x86': command not understood
00:17:17 > ls

00:17:17 Cmd: PORT 192,168,1,34,128,47
00:17:17 200: PORT command successful.
00:17:17 Cmd: LIST
00:17:17 150: Opening ASCII mode data connection for /bin/ls.
00:17:37 Could not accept a data connection: Connection timed out.
00:17:43 > bye

00:17:43 Cmd: QUIT
00:18:06 425: Can't open data connection.
SESSION ENDED at: Tue Dec 7 00:18:06 2004
=======================================

Borge

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
12/7/2004 1:35:46 AM

The ftp.exe log that works on the XP box looks like this:
===
C:\Documents and Settings\me>ftp -d www.myftpdestination.com
Koblet til iis11.xxxxx.xx.
220 iis11 Microsoft FTP Service (Version 4.0).
Bruker (iis11.xxxxx.xx:(none)): myusername
---> USER myusername
331 Password required for myusername.
Passord:
---> PASS ********
230-Welcome to myisp Business Solutions AS shared windows hosting platform.
230-Find more information about myisp Business Solutions AS products on
www.my
isp.xx/bedrift/
230-
230-See our Web-support FAQ pages at http://webfaq.myisp.net
230 User myusername logged in.
ftp> ls
---> PORT 192,168,1,36,8,116
200 PORT command successful.
---> NLST
150 Opening ASCII mode data connection for file list.
images
index.html
index.html.110700
index.html.140700
index.html.180900
index.html.200900
[some lines deleted for readability]
226 Transfer complete.
FTP: 433 byte mottatt på 0,03sekunder 13,53kB/sek.
ftp>
===

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
12/7/2004 10:44:50 AM

[quoted text, click to view]

No firewall at server side. I have no control of server side since
it is my isp. The firewall I disabled was the one in my router
connecting my ADSL-line to my LAN. Both PC's (XP and Linux)
is on this LAN and behind the firewall.

I am connecting in active mode. My isp's ftp server requires this.

Borge

Re: Can't ftp from Linux box to windows-server - setsockopt

Bernard
12/7/2004 1:05:26 PM

Hhmm... looks like server is working fine but not client end.
is there any inbound filtering for the linux ftp client ?

I know you have disabled the firewall at 'windows ftp server',
but how about ftp client side?

also, even with no firewall - your linux ftp client still unable
to connect via passive mode. Hence, there should be
'something' in between that still preventing the connection.

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]

Re: Can't ftp from Linux box to windows-server - setsockopt

B H
12/8/2004 11:01:28 AM

[quoted text, click to view]

To be sure that I actually force "Active" I have installed ncftp and
set preferences to "passive=off". I see the PORT command issued
so now I know it is active mode. But still problems.

Borge

Re: Can't ftp from Linux box to windows-server - setsockopt

Bernard
12/8/2004 11:55:13 AM

huh ? Oh ok. in that case. let me ask you a question.
'how do make your linux client connect in active mode :)' ?

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]

Re: Can't ftp from Linux box to windows-server - setsockopt

Bernard
12/8/2004 6:52:08 PM

Yes, I rechecked - it's port :) but the connection break then a 425 error.
now, i just spend quite a while to download ncftp for windows. here's my
output. and it works..

---
NcFTP 3.1.8 (Jul 08, 2004) by Mike Gleason (http://www.NcFTP.com/contact/).
ncftp> help debug
debug: sets debug mode to level x.
Usage: debug [debug level]

For details, please see the manual ("man ncftp" at your regular shell prompt
or online at http://www.NcFTP.com/ncftp/doc/ncftp.html).
ncftp> debug 5
ncftp> open
[quoted text, click to view]

Waiting for ncftpbookmarks.exe to exit...
Selected bookmark from editor: [NewBookmark]
Resolving bla.blabla.com...
Connecting to ip.ip.ip.ip...
LibNcFTP 3.1.8 (May 26, 2004) compiled for Windows
Remote server is running Microsoft FTP Service.

ftpsvr Microsoft FTP Service (Version 5.0).
Logging in...
220: ftpsvr Microsoft FTP Service (Version 5.0).
Connected to ip.ip.ip.ip.
Cmd: USER blablaftpuser

Password requested by ip.ip.ip.ip. for user "blablaftpuser".

Password required for blablaftpuser.

Password: *******
331: Password required for blablaftpuser.
Cmd: PASS xxxxxxxx

ftpsvr
User blablaftpuser logged in.
Logging in...
230: ftpsvr
User blablaftpuser logged in.
Cmd: PWD
257: "/" is current directory.
Logged in to ip.ip.ip.ip as blablaftpuser.
Cmd: FEAT
500: 'FEAT': command not understood
Cmd: HELP SITE
214: Syntax: SITE (site-specific commands)
Logged in to bla.blabla.com

Cmd: CLNT NcFTP 3.1.8 Windows
500: 'CLNT NcFTP 3.1.8 Windows': command not understood
ncftp / > passive
[quoted text, click to view]

passive on
ncftp / > passive
[quoted text, click to view]

passive off
ncftp / > cd myftpdir
[quoted text, click to view]

Cmd: CWD myftpdir
250: CWD command successful.
ncftp /myftpdir> dir
[quoted text, click to view]

Cmd: PORT 192,168,10,220,13,178
200: PORT command successful.
Cmd: LIST
150: Opening ASCII mode data connection for /bin/ls.
226: Transfer complete.
Remote listing contents {
11-09-03 03:00PM <DIR> Data
10-28-04 07:15AM 143768197 ENT.zip
}
d--------- 1 ftpuser ftpusers 0 Nov 9 2003 Data
d--------- 1 ftpuser ftpusers 0 Nov 9 2003 Data
---------- 1 ftpuser ftpusers 143768197 Oct 28 07:15 ENT.zip
---------- 1 ftpuser ftpusers 143768197 Oct 28 07:15 ENT.zip
ls cache add: /myftpdir
ncftp /myftpdir >
-----

so you see ! it works in my setup. IIS5.0 in another country.
Now, I don't know why i see duplicate entry in the dir list.

so, your case, might be cause by bad connection and etc....

btw, ncftp is quite powerful, but not that userfriendly :)

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/

[quoted text, click to view]