Last week while uploading website files to our server via FTP, the transfer failed. Ever since then, I haven't been able to connect to the server from work.
I can connect just fine from home, or by using an FTP app on my cell phone as long as I'm on the cell network. I can't access the server from any machine on my work network. It's not a credential issue, either. The error message that I always get says that a connection cannot be established, and I am never prompted for my credentials.
I have changed absolutely nothing on our domain controller or our firewall/router. All of the ports that were open when it was working are still open now.
I've contacted our ISP (who hosts the website/FTP server) and they can't find anything wrong on their end. They insist that it must be something here at the office that is blocking access. Since the ISP hosts the server, I can't restart it, nor do I know what the server software is.
I've also tested access to other FTP servers (ea.com, nvidia.com, etc.) so I know that port 21 is not being blocked. I'm totally stumped. Any help is much appreciated.
I uploaded a Wireshark file here: http://www.cloudshark.org/captures/7dde165d4797?filter=ip.src%20%3D%3D%2066.118.64.208%20%7C%7C%20ip.dst%20%3D%3D%2066.118.64.208
with source and and destination IP addresses filtered for the FTP server. I turns out that there were 2 return packets per connection attempt. Does this shed any more light on the problem?
My firewall/router is a Netgear ProSafe VPN Firewall FVS318v3. Someone mentioned NAT issues – I have several entries like this in the log:
Fri, 2013-11-08 14:10:27 - [Unable to free TCP NAT port for 452b000e:52490 from LAN].
Also, I can ping the server from my network, but I can't telnet into it on port 21.
Could not open connection to the host, on port [21]:Connect failed
Best Answer
If port 21 is open, it sounds like a firewall issue more than anything else. But that said, do you know if the FTP server you are using is using passive ports? Some FTP server & firewall combos need the passive ports open as well as port 21.
Passive ports are typically set on the FTP server side & encompass a range that can be 49152 to 65534 (example from ProFTPD), but can also be manually set for a different range like 50000 to 60000.
In cases like that, port 21 would accept your connection but if the passive ports are blocked—which come into play during file transfer—no file transfer happens. Stung me a few times when I setup IPTables on a few servers & learned the hard way. Gotta have those passive ports accounted for on top of port 21.