Topic: FTP access outside the network

[Donny_59]

I am new to SME server. I have installed SME 7.3 and have set up FTP with "allow public access" and "accept passwords from anywhere". The FTP works great inside the network, but outside, I get an error. When I open my browser and type in "ftp://ftp.company.com" I get the error "an error occurred opening that folder on the FTP Server. Make sure you have permission to access that folder." The SME server sits in a DMZ off of a Cisco ASA. I have seen a lot of old posts, but no new ones. Any ideas.

Thanks,

[David Harper]

Try using a dedicated FTP client like CuteFTP, so you can get some troubleshooting information regarding the connection error.

Also, make sure ports 20 & 21 are being forwarded from the Cisco router to the SME Server.

[thomasch]

Also, make sure ports 20 & 21 are being forwarded from the Cisco router to the SME Server.

davidiwharper,
He is in DMZ mode. All unforwarded router port goes to that DMZ machine.

[David Harper]

Ah, true -- missed that bit

[Donny_59]

Here is Log from CuteFTP. It looks like it connects, authenticates, then is disconnected.

STATUS:>     [11/12/2008 9:30:28 AM] Getting listing ""...
STATUS:>     [11/12/2008 9:30:28 AM] Resolving host name ftp.eceng.com...
STATUS:>     [11/12/2008 9:30:28 AM] Host name ftp.eceng.com resolved: ip = 75.148.157.99.
STATUS:>     [11/12/2008 9:30:28 AM] Connecting to FTP server... ftp.eceng.com:21 (ip = 75.148.157.99)...
STATUS:>     [11/12/2008 9:30:28 AM] Socket connected. Waiting for welcome message...
      [11/12/2008 9:30:28 AM] 220 172.16.2.2 FTP server ready
STATUS:>     [11/12/2008 9:30:28 AM] Connected. Authenticating...
COMMAND:>   [11/12/2008 9:30:28 AM] USER admin
      [11/12/2008 9:30:28 AM] 331 Password required for admin
COMMAND:>   [11/12/2008 9:30:28 AM] PASS *****
      [11/12/2008 9:30:28 AM] 230 User admin logged in
STATUS:>     [11/12/2008 9:30:28 AM] Login successful.
COMMAND:>   [11/12/2008 9:30:28 AM] PWD
      [11/12/2008 9:30:28 AM] 257 "/" is the current directory
STATUS:>     [11/12/2008 9:30:28 AM] Home directory: /
COMMAND:>   [11/12/2008 9:30:28 AM] FEAT
      [11/12/2008 9:30:28 AM] Informational Message Only:
      211-Features:
       MDTM
       REST STREAM
       SIZE
      211 End
STATUS:>     [11/12/2008 9:30:28 AM] This site supports features.
STATUS:>     [11/12/2008 9:30:28 AM] This site supports SIZE.
STATUS:>     [11/12/2008 9:30:28 AM] This site can resume broken downloads.
COMMAND:>   [11/12/2008 9:30:28 AM] REST 0
      [11/12/2008 9:30:28 AM] 350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer
COMMAND:>   [11/12/2008 9:30:28 AM] PASV
ERROR:>      [11/12/2008 9:30:30 AM] Can't read from control socket. Socket error = #10054.
ERROR:>      [11/12/2008 9:30:30 AM] Failed to establish data socket.

I am new to SME server. I have installed SME 7.3 and have set up FTP with "allow public access" and "accept passwords from anywhere". The FTP works great inside the network, but outside, I get an error. When I open my browser and type in "ftp://ftp.company.com" I get the error "an error occurred opening that folder on the FTP Server. Make sure you have permission to access that folder." The SME server sits in a DMZ off of a Cisco ASA. I have seen a lot of old posts, but no new ones. Any ideas.

Thanks,

[David Harper]

The problem appears to be when you switch to PASV mode, although I'm not sure why this would be a problem.

This document suggests that under certain circumstances PORT mode might work instead.

[akhilmathema]

I am new to SME server. I have installed SME 7.3 and have set up FTP with "allow public access" and "accept passwords from anywhere". The FTP works great inside the network, but outside, I get an error. When I open my browser and type in "ftp://ftp.company.com" I get the error "an error occurred opening that folder on the FTP Server. Make sure you have permission to access that folder." The SME server sits in a DMZ off of a Cisco ASA. I have seen a lot of old posts, but no new ones. Any ideas.

Thanks,

Verify whether your ftp access is limited only within local (private) network
# config show ftp
access=private | public

[Donny_59]

OK, changing the setting in CutFTP to PORT works, but why can I not use my browser? I am trying to make it easy on my clients to access this site without having to use an FTP client. Is there a setting to change in IE?

[Donny_59]

My manners are bad! Thank you so much for the info so far!

[Donny_59]

Ok, after getting CutFTP to work, I started looking for a setting in Internet Explorer. Under Internet Options - Advanced. There is a setting to Use Passive FTP. I unchecked that box, restarted IE, and now it works. Don't know why. Any ideas on what to look for on the SME server?

[Stefano]

OK, changing the setting in CutFTP to PORT works, but why can I not use my browser? I am trying to make it easy on my clients to access this site without having to use an FTP client. Is there a setting to change in IE?

because IE is not a ftp client.. is a browser.. so, it has not some settings needed to work properly with ftp sites

Ciao
Stefano

[David Harper]

I think you will find that the problems with PASV are being caused by the Cisco ASA, not SME Server.

[Donny_59]

I checked the ASA and the FTP mode is set to passive