cannot reach site on port 50021

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

looking at a problem where the customer needs to connect to an ftp site on port 50021 (FTPS), although unable to do so.

I can't check from any other site because the remote site locks the access down to the ip of authorised clients.

nothing in the firewall rules blocking anything outbound. does anyone know if it's a port that may be blocked by the ISP?

ta

 

Why FTPS? It's a major PITA to configure through firewalls in the best of circumstances - and it's inifintely better to use SFTP (FTP via SSH). If you have no option, then I would guess it's because of a firewall misconfiguration somewhere - though good luck figuring out how to fix it!

The problem is that FTP opens a second channel for actual data transfer (the main port connection made initially is only for control of the session). In FTP it's trivial to configure a firewall to allow this second channel directly, but with FTPS, since that initial channel is encrypted, the firewall can't then be configured to detect the port that the secondary (data transfer) channel is running over - and will block the connection.

I'd imagine the firewall the connection is travelling through will have something documented somewhere about restricting port ranges for the second connection to a particular range of ephemeral high ports - check your firewall documentation for the specifics.

 

hey sparks,

nothing in the logs mate. its a really old watchguard and i can't see any outbound rules. the wierd thing is, it does work from one server, but nothing else. they add the clients ip to their authenticated list, and i can hit it from all pc's on ports 21 and 80, but not on 50021 (well from only one server anyway).

cheers!

 

hey zeb,

just noticed this after replying to sparks.
no idea why mate - i just received the guide and have been asked to get it working. thanks for the explanation on the second connection mate. ive been looking everywhere on the firewall for something, although baffled as to why it works on one server and nothing else!

ta