Fog Creek Software
Discussion Board




Knowledge Base
Documentation
Terry's Tips
Darren's Tips

Hosting and ftp questions

I recently tried a new host who seemed to offer better features than my present host for a few dollars less.  As it ends up I couldn't use the new host because they don't allow passive ftp.  I've found that with version 2 of CD I need to use passive option on my ftp.

I wonder if others need to do this.  I suppose it makes it more complicated, but I wonder if the final CD will have the ftp log available for troubleshooting purposes.

Is it just my experience, or is it imperative to check passive ftp for all hosts?  If not, is there some reasonable technical explanation I can give a host as to how CD needs to have ftp set up to work?

Joel Goldstick
Thursday, August 21, 2003

The way traditional FTP works:

1) You connect to the server
2) You tell it you have a file you want to upload
3) The server connects BACK to your computer and gets the file

This causes a problem if YOU have any kind of firewall that prevents incoming connections, because in step 3, when the server connects back to you, your firewall ignores it. So the connection appears to hang.

The way passive FTP works:

1) You connect to the server
2) You tell it you have a file you want to upload
3) You send it the file using the same connection with which you connected in the first place.

This means all connections originate from your machine and go to the server machine, so even if your incoming firewall blocks everything, you can upload files.

I don't understand why any host would not support passive FTP; it's a very standard thing.

The problem is more likely to have to do with a firewall that you're behind, for example, your ISP may have provided a firewall or you may have a software-based firewall on your own computer. Good firewalls, incidentally, can even handle regular FTP, because they listen for your outgoing connection in step 1 and open a special port to allowing incoming connections in step 3. Cheap firewalls do not allow this and this is when you need passive FTP.

Unfortunately there's not much logging information we could provide that would help. That's because the problems people have with FTP are almost always caused by firewalls, and firewalls usually work by silently dropping packets or not allowing incoming packets, and there's just about nothing we can do to debug that for you. It would be great if there were some technically feasable way we could say, "FTP didn't work because you have firewall X installed at location Y which is blocking packets Z" but that's just not the way the Internet works... firewalls generally don't tell you what they're doing, they don't return errors, and the best firewalls are designed to actually be invisible so hackers don't even realize they exist.

Joel Spolsky
Thursday, August 21, 2003

Also read this:


http://www.cybersmarts.net/domain_maint/faqs/cyberfaqs/FTP_Issues/a_technical_ftp_article.html

John

John Cesta
Thursday, August 21, 2003

Have the CD authors thought any about SFTP as well?  It would be nice to be completely off of FTP and send things securely.

Jeff Tulley
Thursday, August 21, 2003

Joel, thanks for the lengthy explaination.  I am using Zone Alarm.  I have been using it for longer than I have been using CityDesk.  But, I did upgrade it a few months back and maybe that is causing the problem.  I will contact them to see if they can tell me how to configure it to let CityDesk do its job.

But, I can use WS_FTP with no problem.  Does that cast any more light on the situation?

Joel Goldstick
Thursday, August 21, 2003

I just looked at Zone alarm.  It wasn't allowing CD to act as a server.  So I changed that.  Then I tried to upload a file and I got stopped again. hmmmm

Joel Goldstick
Thursday, August 21, 2003

Well, I had dinner and a beer.  And I thought, Why don't I just turn off Zone alarm and see what happens.

Eureka!  It works without Passive FTP being set.  But I like Zone Alarm.  It saved me from MSBlaster.  So, Joel, thanks for the insight.  I'll go pester the Zone Alarm people now.

Joel Goldstick
Thursday, August 21, 2003

*  Recent Topics

*  Fog Creek Home