Technical Support Pages

 

Title
FTP Backups & Firewalls, Passive vs. PORT/EPSV Mode
Keywords
Backup url0 ftp Port mode Passive EPSV PORT
Product Release(s)
02.03.01
Operating System(s)
All Supported
Problem Description
An ftp connection through our firewall appears to hang.
Cause
When connecting to our url resource, the ftp connection is made but no data is returned. What happens?
Solution
By default BackupEDGE will attempt to make FTP connections using EPSV (Extended Passive Mode) and get a return port from the FTP Server.

Here's what the internal connection log looks like. The FTP server controls the port assignment., and may want to use a port BackupEDGE can't see because of a firewall.

* Connected to ds508.microlite.com (192.150.112.74) port 21 (#0)
* < 220 DS508 FTP server ready.
* > USER backupedge
* < 331 Password required for backupedge.
* > PASS -
* < 230 User backupedge logged in.
* > PWD
* < 257 "/" is current directory.
* * Entry path is '/'
* > CWD /backupedge/mlite/Accounting
* < 250 CWD command successful.
* > EPSV
* * Connect data stream passively
* < 229 Entering Extended Passive Mode (|||55584|)
*
*
*

Adding ",p" to the end of the server name or IP address causes BackupEDGE to attempt PORT or EPRT modes and send the server the ports it wants to use. BackupEDGE (i.e. the client) controls the ports.

Here are two examples of connection logs with ",p" in use. *
* * Connected to ds508.microlite.com (192.150.112.74) port 21 (#0)
* < 220 DS508 FTP server ready.
* > USER backupedge
* < 331 Password required for backupedge.
* > PASS -
* < 230 User backupedge logged in.
* > PWD
* < 257 "/" is current directory.
* * Entry path is '/'
* > CWD /backupedge/mlite/Accounting
* < 250 CWD command successful.
* * Telling server to connect to 192.150.112.6:1029
* > PORT 192,150,112,6,4,5
* < 200 PORT command successful.
* * Connect data stream actively
*
* * Connected to ds508.microlite.com (192.150.112.74) port 21 * (#0)
* < 220 DS508 FTP server ready.
* > USER dmzbackups
* < 331 Password required for dmzbackups.
* > PASS -
* < 230 User dmzbackups logged in.
* > PWD
* < 257 "/" is current directory.
* * Entry path is '/'
* > CWD /dmzbackups/web
* < 250 CWD command successful.
* > EPRT |1|192.150.112.254|51657|
* < 200 EPRT command successful.
* * Connect data stream actively
*

Notes
If you're experiencing a 'hang' with ftp, try appending a ,p to the machine ID.
Get a printer-friendly version of this document

 

 

Last Updated - 2018/05/16

 

Top
MENU