05-27-2008 11:42 AM - edited 03-11-2019 05:50 AM
i am unable to use some ftp commands once I have established an ftp session going through the ASA firewalls. A show conn has the following output:
TCP out 199.x.x.17:0 in 10.33.64.104:2859 idle 0:01:27 bytes 0 flags i
05-27-2008 12:32 PM
try this "fixup protocol ftp 21".
It may not be an issue on your end. It may be
an issue on the FTP server itself. Did
you try both "active" and "passive" ftp?
Does ftp work if you bypass the ASA?
gen2-linux:/root>cd /tmp/tmp
gen2-linux:/tmp/tmp>ftp 4.2.16.5
Connected to 4.2.16.5 (4.2.16.5).
220 dca2-Nokia-1-P FTP server (Version 6.00) ready.
Name (4.2.16.5:root): admin
500 'AUTH SSL': command not understood.
SSL not available
331 Password required for admin.
Password:
230 User admin logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
227 Entering Passive Mode (164,109,16,5,156,64)
150 Opening ASCII mode data connection for '/bin/ls'.
total 11168720
-rw-rw-r-- 1 root wheel 29 Nov 6 2007 .bash_history
-rw------- 1 root wheel 1968 Jul 11 2007 .clish_history
-rwxr-xr-x 1 root wheel 1039 May 11 2007 .cshrc
-rw------- 1 root wheel 14028 May 14 14:13 .history
-rw-rw-r-- 1 root wheel 415 Jul 18 2007 .iclid_history
-rwxr-xr-x 1 root wheel 114 May 11 2007 .login
-rwxr-xr-x 1 root wheel 580 May 11 2007 .profile
226 Transfer complete.
ftp> passive
Passive mode off.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
total 11168720
-rw-rw-r-- 1 root wheel 29 Nov 6 2007 .bash_history
-rw------- 1 root wheel 1968 Jul 11 2007 .clish_history
-rwxr-xr-x 1 root wheel 1039 May 11 2007 .cshrc
-rw------- 1 root wheel 14028 May 14 14:13 .history
-rw-rw-r-- 1 root wheel 415 Jul 18 2007 .iclid_history
-rwxr-xr-x 1 root wheel 114 May 11 2007 .login
-rwxr-xr-x 1 root wheel 580 May 11 2007 .profile
drwx------ 2 root wheel 512 Mar 6 12:13 .ssh
226 Transfer complete.
ftp> quit
221 Goodbye.
gen2-linux:/tmp/tmp>
CCIE Security
05-27-2008 04:24 PM
It works fine when I use Linux but not windows. It also only works in Linux active mode. If I used the command pasv which turns off passive mode, it no longer works.
05-27-2008 05:39 PM
"It also only works in Linux active mode. If I used the command pasv which turns off passive mode, it no longer work"
This makes no sense. When you turn off passive
mode, it becomes "active". You also stated
that "it only works in Linux active mode".
Now I am confused.
Does the FTP server accept both active and
passive mode? Is it a linux FTP server
running vsFTPd? can you verify the
vsfptd.conf configuration file to confirm
the following:
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
pasv_enable=YES
port_enable=YES
this tells me that both active and passive ftp
mode is allowed on the server.
As I've said before, it may not be an issue
on your side but on the FTP server. That ftp
server may be sitting behind a firewall and
doing some crazy stuffs.
05-28-2008 02:53 AM
You are right, I did make a typo in my statement. However, when I typed the command "pas", I got "passive mode off", which to me means that it is now in active mode.
I am not sure if the ftp server accepts both type since I don't manage it. I will try to find out from the other party.
Thanks again,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: