ftp operation timed out

[Jiggy]

I've tried to ftp on my mac but can't get any connection. First I tried it on a pc with Filezilla, just to check of it isn't our company firewall which is blocking some ports, but it works fine there.

Our internet uses a http proxy. I've tried leaving the ftp proxy blank and giving it the same proxy as http, but neither works. Also tried switching from passive to active.

Using Safari/Firefox I can see the documents using ftp://user:[email protected], but when I use a ftp client like Cyberduck, Fetch etc. when logging in I get an "operation timed out" after a while. Strange thing is that I can get access on one of our company ftp locations.

But when the proxy settings are the same on a pc as they are on my mac, why does it work on the pc and not on the mac?

 

[Jiggy]

Our computer support says that for each ftp site we want to use a port has to be opened. Otherwise, we can't get access (only to the internal company ftp locations). Is that true? I thought only port 20/21 are used for ftp. So there is a setting anywere which lists all the ftp sites which are allowed to use port 21 e.g.?
And if so. Why can we get access to every ftp location on a Windows machine with e.g. Filezilla and not with a ftp client on any mac?

 

[baggss]

Somewhere either under the Network or Sharing Preferences Pane on your Mac, there is a check box for Passive FTP. Make sure it is checked. I'm not with a Mac right now, so I can't tell you exactly where it is off hand.

 

[Jiggy]

It's already checked by default. I've also deselected it and switched in Cyberduck from active to passive. But nothing works.
But what's true about that for every external ftp site a port must be set to "open"? Can Support block access to certain non-company external ftp sites? I thought everything ftp went trhough port 20 or 21 and if those are open it should work for every ftp site, or am I mistaken?

 

[jaynorris]

The big question is the proxy, what it allows and what it doesn't. That we don't know, and possibly hard for you to determin. You can try to test the connection through telnet. For example; to telnet to a port to see if the port is listening - try telnet IP: [port]

If you can get to port 80, then fine, but if can't get to port 20 or 21 then there is an issue possibly with the proxy disallowing those ports. Afterward you can try sftp, http...

Hopefully I'm not misreading your question, and lending some assistance to reslove the problem.

 

[Jiggy]

What I actually was wondering about is why I can ftp to our company ftp locations, but not to the rest (external ftp sites like a printing office). And why I can get a connection on a windows machine and not on a mac while both are on the same company network.
Support says that first I must give them an ftp address of e.g. a printing office. Then, for that address only, they'll open a port. But if port 21 is already open (since I can visite company ftp sites)... Is it possible for port 21 to be open for only a selected groep of ftp sites?
And since they open port 21 for certain locations why can I get access to them on a windows machine?

 

[jaynorris]

What I actually was wondering about is why I can ftp to our company ftp locations, but not to the rest (external ftp sites like a printing office). And why I can get a connection on a windows machine and not on a mac while both are on the same company network.
Support says that first I must give them an ftp address of e.g. a printing office. Then, for that address only, they'll open a port. But if port 21 is already open (since I can visite company ftp sites)... Is it possible for port 21 to be open for only a selected groep of ftp sites?
And since they open port 21 for certain locations why can I get access to them on a windows machine?

I think you answered your own question.

You can FTP to Internal Company FTP server, but not external. If you want to FTP to an external FTP server you must supply the information. Because port 21 is open doesn't mean there is global access to port 21. Your company is regulating which servers they'll allow the users to connect to. So while port 21 is open, the IP or Domain name is allowed or denied

In ACLs in a router or firewall, they can state the following:

access-list 100 permit tcp 69.16.10.0 0.0.255.255 host 192.168.21.1 eq 21
access-list 100 deny tcp 69.16.10.0 0.0.255.255 host eq 21
access-list 100 permit tcp any host 192.168.21.* eq 80
access-list 100 deny ip any any

First line states only allow the internal IP to access external port 21, then deny everyone else to port 21. Then allow web, and deny all the other ports and IP's. Obviously there are a lot services that needs to be added, but hopefully this will explain your question about routing.

As for connecting your Mac... It sounds like a misconfigured network settings or Port Security in enabled. There is no reason why you can't connect once you have a proper configuration over ethernet. I would also avoid wireless until you know for a fact you can establish a connection connected. If you are trying ethernet at work, ensure your company has not implemented Port Security. Port security will bind the first NICs MAC address to the switchs port security table. This means only the original PC (Personal Computer = Mac or Windows) can connect over the designated port.

 

[Jiggy]

I'm nog sure what that last one means, but I am able to access internet, mail and download from ftp through Firefox. It's just upload that's not working on both Mac's (I've tried my neighbour's mac too). All pc's and both mac's are new and each installed as the original one on eath network port. Ftp works on all pc's, even external ftp sites, just not on both mac's. I understand now that Support can block external ftp sites, but don't quite understand why ftp upload only works on pc's. The company's network has just been installed with all new pcs/macs attached as "original computer", I think... It's not that on the macs ports there was first a windows pc attached and later the macs.

 

[jaynorris]

Does any Windows machine work? Meaning can I bring a Window OS laptop in, plugin and expect the network to work seemlessly? Thing is Mac OS X FTP's and the browsers ability to download FTP don't differ much from that of Windows - the real differance is how it's configured. This is the reason why there are RFCs in place; just for reasons such as this.

FTP RFC 959: http://www.w3.org/Protocols/rfc959/
Browser port HTTP RFC 2616: http://www.faqs.org/rfcs/rfc2616.html

BTW, if you're trying to upload FTP through the browser you won't be able to... I recall reading you tried using a client and it didn't work either... Which client did you try? You can also use the terminal to ftp, did you try that?

The point is your company is either blocking something with security, or you're not configuring your Mac properly because, and as you know this should work without any issues.

Lastly, if network if configured for Mac and Windows all this really means is AppleTalk and/or NetBios is part of the core system services. Otherwise network doesn't care which machine runs on the net as long as it talks TCP and UDP.