This project is read-only.

FTPPassiveStream SocketException from Behind WatchGuard firewall

Jul 18, 2012 at 4:37 PM
Edited Jul 18, 2012 at 4:39 PM

I'm having a problem implementing an FTP client upload using the sample project source.

The FtpClient appears to be opening a passive connection, and is failing because we're running behind WatchGuard which is presumably blocking the ports.

The error I am getting back is: "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond [server host]:52664" (server host has been ommited for security).

Using the 'standard' command shell FTP client, I can get a connection just fine.

 Is there any way to either:

 1) Specify the port range for the DataChannelType?

or

2) Stop it using the DataChannelType altogther?

(If Question 2 seems a bit dumb, it's because I haven't looked into the FTP protocol, so don't really know what I'm talking about!) Here's the output from the console, if it's of any use!

Thanks in advance!

> 220-Microsoft FTP Service
< AUTH TLS
> 220-Microsoft FTP Service
< AUTH TLS
> 234 AUTH command ok. Expecting TLS Negotiation.
< PBSZ 0
> 200 PBSZ command successful.
< PROT P
> 234 AUTH command ok. Expecting TLS Negotiation.
< PBSZ 0
> 200 PBSZ command successful.
< PROT P
> 200 PROT command successful.
< USER [user]
> 331 Password required for [user].
< PASS [omitted for security]
> 230-This is the replacement service private FTP site.
>     Directory has 151,960,756,224 bytes of disk space available.
> 230 User logged in.
< PWD
> 257 "/" is current directory.
< TYPE I
> 200 PROT command successful.
< USER [user]
> 331 Password required for Transfer.
< PASS [omitted for security]
> 230-This is the replacement service private FTP site.
>     Directory has 151,960,756,224 bytes of disk space available.
> 230 User logged in.
< PWD
> 257 "/" is current directory.
< TYPE I
> 200 Type set to I.
< EPSV
> 229 Entering Extended Passive Mode (|||52664|)
> 200 Type set to I.
< EPSV
> 229 Entering Extended Passive Mode (|||52664|)
Coordinator
Jul 18, 2012 at 4:54 PM
Try changing the DataChannelType to ExtendedActive or Active and see
if it clears up the problem. The port range for passive transfers is
defined by the server and as far as I know IIS doesn't allow you to
specify any particular port range to use, it chooses the port at
random. Other FTP server software usually do allow you to define
passive ports with the exception of the *BSD's builtin FTP service
which uses some kind of proxy to get similar functionality if I
remember correctly. Any way, it all boils down to a firewall issue.
The passive port appears to be blocked by the firewall in front of the
server. Also worth noting that some firewall software can detect EPSV
and PASV commands on non-ssl transactions and open ports accordingly
so trying the Passive type might also clear up the problem. The
standard windows ftp client I think uses Active mode transfers but I
could be wrong.
Jul 19, 2012 at 9:18 AM

I tried all of the methods, I believe the Passive ones all ended up with the same message (connection timeout) and the Active ones ended up with a different error

"Server cannot accept argument."  The tail end of the console output looks like this:

> 230 User logged in.
< PWD
> 257 "/" is current directory.
< TYPE I
> 200 Type set to I.
< PORT 10,0,0,200,242,195
> 501 Server cannot accept argument.
A first chance exception of type 'System.Net.FtpClient.FtpCommandException' occurred in System.Net.FtpClient.dll
> 501 Server cannot accept argument.