You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-users@mina.apache.org by "Philistine, Ralph J" <Ra...@Navistar.com> on 2008/04/16 22:54:08 UTC

RE: fiewall issue

Hi Niklas,

 

Back in February I asked you about a problem I was having with Apache
FTPServer that I had implemented on an AIX server.  At the time I
thought the problem had to do with a firewall.  I have since been told
that there isn't a firewall protecting the server.  There is a load
balancer that routes traffic from a public IP to our designated
production IP's which belongs to the server I have implemented Apache
FTPServer on.

 

The problem centered around the following error: 

FtpDataConnection.getDataSocket()java.net.SocketException: Connection
timed out:could be due to invalid address.

 

The error happens during the data connection portion of my FTP session.
As you can see from the log file I am using PASV mode.  On the client
side the FTP session simply hangs.  In the attached log file you will
notice that there is a lot of clutter that has nothing to do with my
request.  This clutter is due to the load balancer that incessantly
attempts to see if something is listening on a given ip/port.

 

Any insight you can provide would be most helpful.

 

Thanks,

 

Ralph

 

 



CONFIDENTIALITY NOTICE:  This e-mail, and any attachments 
and/or documents linked to this email, are intended for the 
addressee and may contain information that is privileged, 
confidential, proprietary, or otherwise protected by law.  Any 
dissemination, distribution, or copying is prohibited.  This 
notice serves as a confidentiality marking for the purpose of 
any confidentiality or nondisclosure agreement.  If you have 
received this communication in error, please contact the 
original sender.

Re: fiewall issue

Posted by Niklas Gustavsson <ni...@protocol7.com>.
The passive address should normally be set correctly to the IP of the
server, however, in this case you need to tell the client the IP of
the load balancer. That's exactly what
config.listeners.default.data-connection.passive.external-address is
for. Make sure to set that to the IP of your load balancer. FtpServer
will then use it to tell the client as the reply to PASV that it
should connect to the load balancer.

Hope that helps!
/niklas

On Wed, Apr 16, 2008 at 11:06 PM, Curt Johansson <cu...@telia.com> wrote:
> Hi,
>
>  have you tried setting
>
>  config.listeners.default.data-connection.active.local-address
>
>  config.listeners.default.data-connection.passive.address
>
>  to your servers address in the properties file. I think it is set to localhost by default but that wont do if your client is on another machine.
>
>  Regards
>
>  Curt Johansson
>
>
>
>
>
>   ----- Original Message -----
>   From: Philistine, Ralph J
>   To: ftpserver-users@mina.apache.org
>   Sent: Wednesday, April 16, 2008 10:54 PM
>   Subject: RE: fiewall issue
>
>
>   Hi Niklas,
>
>
>
>   Back in February I asked you about a problem I was having with Apache FTPServer that I had implemented on an AIX server.  At the time I thought the problem had to do with a firewall.  I have since been told that there isn't a firewall protecting the server.  There is a load balancer that routes traffic from a public IP to our designated production IP's which belongs to the server I have implemented Apache FTPServer on.
>
>
>
>   The problem centered around the following error:
>
>   FtpDataConnection.getDataSocket()java.net.SocketException: Connection timed out:could be due to invalid address.
>
>
>
>   The error happens during the data connection portion of my FTP session.  As you can see from the log file I am using PASV mode.  On the client side the FTP session simply hangs.  In the attached log file you will notice that there is a lot of clutter that has nothing to do with my request.  This clutter is due to the load balancer that incessantly attempts to see if something is listening on a given ip/port.
>
>
>
>   Any insight you can provide would be most helpful.
>
>
>
>   Thanks,
>
>
>
>   Ralph
>
>
>
>
>
>
>  CONFIDENTIALITY NOTICE:  This e-mail, and any attachments
>  and/or documents linked to this email, are intended for the
>  addressee and may contain information that is privileged,
>  confidential, proprietary, or otherwise protected by law.  Any
>  dissemination, distribution, or copying is prohibited.  This
>  notice serves as a confidentiality marking for the purpose of
>  any confidentiality or nondisclosure agreement.  If you have
>  received this communication in error, please contact the
>  original sender.
>
>

Re: fiewall issue

Posted by Curt Johansson <cu...@telia.com>.
Hi, 

have you tried setting 

config.listeners.default.data-connection.active.local-address

config.listeners.default.data-connection.passive.address 

to your servers address in the properties file. I think it is set to localhost by default but that wont do if your client is on another machine. 

Regards

Curt Johansson



  ----- Original Message ----- 
  From: Philistine, Ralph J 
  To: ftpserver-users@mina.apache.org 
  Sent: Wednesday, April 16, 2008 10:54 PM
  Subject: RE: fiewall issue


  Hi Niklas,

   

  Back in February I asked you about a problem I was having with Apache FTPServer that I had implemented on an AIX server.  At the time I thought the problem had to do with a firewall.  I have since been told that there isn't a firewall protecting the server.  There is a load balancer that routes traffic from a public IP to our designated production IP's which belongs to the server I have implemented Apache FTPServer on.

   

  The problem centered around the following error: 

  FtpDataConnection.getDataSocket()java.net.SocketException: Connection timed out:could be due to invalid address.

   

  The error happens during the data connection portion of my FTP session.  As you can see from the log file I am using PASV mode.  On the client side the FTP session simply hangs.  In the attached log file you will notice that there is a lot of clutter that has nothing to do with my request.  This clutter is due to the load balancer that incessantly attempts to see if something is listening on a given ip/port.

   

  Any insight you can provide would be most helpful.

   

  Thanks,

   

  Ralph

   

   


CONFIDENTIALITY NOTICE:  This e-mail, and any attachments 
and/or documents linked to this email, are intended for the 
addressee and may contain information that is privileged, 
confidential, proprietary, or otherwise protected by law.  Any 
dissemination, distribution, or copying is prohibited.  This 
notice serves as a confidentiality marking for the purpose of 
any confidentiality or nondisclosure agreement.  If you have 
received this communication in error, please contact the 
original sender.