Situation: The client move their FTP server from Windows IIS/FTP to Syncplify.me FTP. Some clients have a problem to upload files.
Troubleshooting: 1. Paloalto Firewall monitor shows the FTP was established without any issues.
2. FTP log shows:
2019-10-31 19:40:53 69.x.x.x ftptransfer 10.0.0.2 21 PORT 69,x,x,x,221,201 – 200 34 28 – W7WVJ6DPADUJJOYYJ2ZW2SLLI FTP –
+FTPServerClose
This client is trying to connect using ACTIVE FTP… basic knowledge of the FTP protocol would suffice to determine that this would never work. When a router or a firewall is between the client and the FTP server, the ONLY type of FTP that could ever hope to work is PASSIVE FTP.
So the client must be reconfigured to use PASSIVE FTP.
and make sure the server site firewall should open range ports, for example 1024-65536.
Note: the client site doesn’t need to open any inbound ports. However, if they blocks any inbound and outgoing ports, that will be a problem.
Update:The web server needs to be configured to send its external address as shown below.
I have run into issues like this in the past, If I may suggest another solution.
What is probably happening is the server is sending back its internal IP address instead of sending back its external IP address.
After the initial client connection is made and the server asks to go to Passive mode, it sends an IP and port for the client to reach it.
The default is to send it’s own IP, this will fail on many systems because that address is not accessible.
The web server needs to be configured to send its external address.