18

I've got a computer behind ForeFront TMG 7.0 and a public remote FTP server. TMG client is installed. Windows firewall is off. Antivirus: McAfee virus scan Enterprise (8.8) + AntySpyware Enterprize (8.8) + No add-ons. Antivirus was tested on and off.

It fails to connect to the server via Java and Php. Filezilla, explorer.exe and Go-written program connects without problems.

For Java I get ConnectionRefused error:

java.net.ConnectException: Connection refused: connect
    at java.net.DualStackPlainSocketImpl.connect0(Native Method)
    at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
    at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
    at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
    at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
    at java.net.PlainSocketImpl.connect(Unknown Source)
    at java.net.SocksSocketImpl.connect(Unknown Source)
    at java.net.Socket.connect(Unknown Source)
    at org.apache.commons.net.SocketClient.connect(SocketClient.java:182)
    at org.apache.commons.net.SocketClient.connect(SocketClient.java:203)

No matter how I'm trying to connect via Java:

  • Apache FTP Client (active/passive - local/remote/both)
  • Apache FTPS Client (all varians active|passive)
  • Sauron FTP Client (same)
  • Socket socket = new Socket(host, 21);

Semetimes it trows connection timeout after 5 minutes of waiting. And the error is timeout exception. All varians are tested with direct connection, global proxy, ftp proxy, http proxy and all combinations of that. All variants are tested both by IP and hostname.

Php-code sample that can not connect too:

<?php

  $host = "ftphost";
  $connect = ftp_connect($host,21);
  if(!$connect)
  {
    echo("Error: $host");
    exit;
  }
  else
  {
    echo("Cheers: $host");  
  }

?>

But FileZilla connects without a problem. Explorer connects without a problem. The Go-written program connects without a problem.

Any ideas what can block java and PHP? How can I figure out the policy or the program settings that are blocking JRE and Apache?

Nmk
  • 1,281
  • 2
  • 14
  • 25
Globber
  • 575
  • 3
  • 14
  • Any ideas what can block java and php? Firewalls and a lot of other things (Your OS, the network, the server, .. not granting access to untrusted software). Also wrong configuration like not using the system proxy. Compare using e.g. [wireshark](http://www.wireshark.org/) – zapl Dec 16 '13 at 10:04
  • had some problems with tmg in the past, find out that it can block some url by ip, but not on pc-name, or vice-versa. Try to play with that – secario Dec 16 '13 at 10:07
  • This is not site-blocking because FileZilla and others connects normaly. – Globber Dec 16 '13 at 10:09
  • FTP-protocol does not differs the client software, as far as I know. – Globber Dec 16 '13 at 10:17
  • For proxy issues try with proxy-vole. To debug network issues use javax.net.debug. – beat Oct 23 '17 at 07:27
  • can you clarify if filezilla connects using SFTP vs FTP? – Felipe Valdes Oct 24 '17 at 04:38
  • 1
    read about the passive/active connections (https://stackoverflow.com/questions/1699145/what-is-the-difference-between-active-and-passive-ftp#1699163) maybe this will help? – Mat Jan 01 '18 at 23:48
  • Do you require a username & password for the connection? And Passive or Active sounds like a good bet too. – BH7 Feb 06 '18 at 07:41
  • Does your ftp server needs credentials or accept anonymous connection? – merdincz Mar 06 '18 at 07:04

2 Answers2

3

You can try to debug the issue with PHP script like below:

<?php
$host = "xx.xx.xx.xx";
$ftpUser = "annonymous";
$ftpPass = null;
$checkPort = @fsockopen($host, 21, $errno, $errstr, 10);
if($checkPort!==false){
    echo "can able to connect ftp server";
    $conn_id = ftp_connect($host);
    if($conn_id!==false){
    echo "\n Ftp server available and connected trying to logged in";
        $loginStatus = ftp_login($conn_id, $ftpUser, $ftpPass);
        if($loginStatus!==false){
            echo "\n Connected to ftp";
        } else {
            echo "\n Please check credentials";
        }
    }
} else {
    echo "server can't reach to ftp server";
}
?>
Riad Baghbanli
  • 3,105
  • 1
  • 12
  • 20
merdincz
  • 427
  • 4
  • 16
0

Just my two cents. This my working Ftp code that I've been using it for two years now and the main problem is server-side if you enable passive mode then you need to open a range of passive ports in your firewall such as 2000:4000 to keep connection not to be broken. Also, make sure that your Ftp server is configured for those passive ports. You can read more in https://slacksite.com/other/ftp.html

import config.AppConfigPropertyReader;
        
        import model.FtpClients;
        import org.apache.commons.io.FileUtils;
        import org.apache.commons.net.ftp.FTP;
        import org.apache.commons.net.ftp.FTPReply;
        import org.apache.commons.net.ftp.FTPSClient;
        import org.apache.log4j.Logger;
        
        import java.io.File;
        import java.io.FileInputStream;
        import java.io.IOException;
        import java.io.InputStream;
        import java.util.ArrayList;
        import java.util.List;
        
        public class ConnectRemote {
        
            private static Logger logger = Logger.getLogger(ConnectRemote.class);
            private static String RemoteFtpLogServerHost = AppConfigPropertyReader.getProperty("RemoteFtpLogServerHost");
            private static String RemoteFtpLogServerTomcatLog = AppConfigPropertyReader.getProperty("RemoteFtpLogServerTomcatLog");
            private static String RemoteFtpLogServerTomcatLogPassword = AppConfigPropertyReader.getProperty("RemoteFtpLogServerTomcatLogPassword");
            private static String LocalTomcatSistemLogPath = AppConfigPropertyReader.getProperty("LocalTomcatSistemLogPath");
        
        
            public static void starttransfers() {
        
                List<FtpClients> ftpuserlist = new ArrayList<FtpClients>();
        
                ftpuserlist.add(new FtpClients(RemoteFtpLogServerTomcatLogPassword, RemoteFtpLogServerTomcatLog, LocalTomcatSistemLogPath));
        
                for (FtpClients ftpuser : ftpuserlist) {
        
                    try {
        
                        ftps = new FTPSClient();
                        //ftps.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out)));
                      
                        ftps.connect(RemoteFtpLogServerHost, 21);
                        int reply = ftps.getReplyCode();
                        if (!FTPReply.isPositiveCompletion(reply)) {
                            ftps.disconnect();
                            throw new IOException("Exception in connecting to FTPS Server");
                        }
                        if (ftps.login(ftpuser.getUser(), ftpuser.getPassword())) {
        
                            ftps.execPBSZ(0);
                            //ftps.execPROT("P"); You have to use reuse ssl enabled ftp server
                            ftps.setBufferSize(1024000);
                            ftps.changeWorkingDirectory("/");
                            ftps.setFileType(FTP.BINARY_FILE_TYPE);
                            ftps.setFileTransferMode(FTP.COMPRESSED_TRANSFER_MODE);
                            ftps.enterLocalPassiveMode();
                            ftps.setControlKeepAliveTimeout(300);
                            
                            //do your logic 
        
                            if (ftps.isConnected()) {
                                try {
                                    ftps.logout();
                                    ftps.disconnect();
                                    ftps = null;
                                    ftpuserlist.clear();
        
                                } catch (IOException e) {
                                    logger.error("Ftps Client Closing " + e.getMessage());
                                }
                            }
        
                        } else {
        
                            logger.error("Cannot Login to Remote Ftps Server");
        
                        }
        
        
                    } catch (Exception e) {
        
                        e.printStackTrace();
                        logger.error("Exception" + e.getMessage());
        
        
                    }
        
        
                }
        
        
            }
    }
Fatih Şennik
  • 1,295
  • 5
  • 12