Connecting through a Firewall with Reflection FTP Client

  • 7021981
  • 21-Jul-1999
  • 17-Sep-2018

Environment

Reflection FTP Client

Situation

This technical note explains how to configure Reflection FTP Client to connect through different types of firewalls.

The following symptoms may indicate that a firewall is blocking FTP connections:

  • Users can transfer files to and from intranet FTP servers but cannot connect to Internet FTP servers.
  • Users can connect and log in to the FTP server; however, they receive a 425 error and/or cannot see a directory listing or perform a file transfer.
  • Users cannot connect or log in to the FTP server.
  • Users cannot perform file transfers with Reflection but can access files from a web browser such as Microsoft Internet Explorer or Mozilla Firefox using the following syntax: ftp://<FTP Server>

If you are experiencing any of the above symptoms or you suspect that there is a firewall between Reflection and the FTP server you are attempting to connect to, check with the network administrator to determine the type of firewall and how it is configured. Then, use the instructions below to configure Reflection FTP Client to connect to your FTP server through the firewall.

If you are unable to determine the firewall configuration, you still may be able to establish an FTP connection by experimenting with the various configurations described below.

Resolution

Passive Mode FTP

Passive mode FTP transfers use only outward connections for both control and data connections. Reflection FTP uses passive mode by default. If you suspect your firewall is blocking inbound connections, follow the steps below to confirm that Reflection FTP Client is configured for passive mode connections.

  1. Start Reflection FTP Client.
  2. On the Connect to FTP Site dialog box, select the FTP site that you are connecting to, and then click Properties.
  3. In the Site Properties dialog box, click the Connection tab and confirm that the"Use passive mode" check box is selected.

SOCKS Proxy Server Firewalls

SOCKS proxy servers use the SOCKS protocol between the FTP client and the proxy server. Reflection FTP Client includes support for SOCKS servers.

To configure Reflection FTP Client to support a SOCKS proxy server, follow the steps below that correspond to your version of Reflection.

  1. Start Reflection FTP Client.
  2. In the Connect to FTP Site dialog box, select the FTP site that you are connecting to, and then click Security.
  3. Select the Proxy tab> Use proxy server> SOCKS. Click Configure.
  4. Enter the IP address of your SOCKS proxy server.
  5. Click OK to close the open dialog boxes, and then retry your connection.

See the product help for more information about configuring Reflection for multiple SOCKS proxy servers.

Common FTP Passthrough Server Firewalls

Passthrough servers differ from other proxy servers in that they use the FTP protocol to communicate between the FTP client and the firewall. To configure Reflection FTP Client to support common FTP Passthrough servers, follow the steps below.

  1. Start Reflection FTP Client.
  2. On the Connection menu, click Connect. In the Connect to FTP Site dialog box, select the FTP site that you are connecting to, and then click Security.
  3. On the Firewall tab, select the Use Firewall check box.
  4. In the Style drop-down list select the authentication style used by your server. For information about the available options, search on "Firewall Authentication Styles" in the product help.
  5. The Server name and User name fields on this tab become enabled or disabled depending on the authentication style you selected. Enter these values as required by your authentication type.
  6. If you want to avoid entering a required password for future connections, select "Save password" and then enter the password.
  7. If you are using the "username@servername" style and your passthrough server requires a login before the USER command, select the Passthrough authentication check box.
  8. Click OK to close all of the dialog boxes, and then retry your connection.

Uncommon FTP Passthrough Server Firewalls

There is no industry-standardized format for connecting through an FTP passthrough server. Because of the wide variation in authentication methods, you may need to experiment with the information you enter in the passthrough server and general site properties fields in Reflection.

For example, you may need to enter your firewall user name instead of your FTP server user name on the General tab of the Site Properties. Consult your firewall documentation for the required syntax.

HTTP Proxy Server Firewalls

Some firewalls support HTTP proxy connections. To configure the FTP Client to use an HTTP proxy:

  1. Start Reflection FTP Client.
  2. In the Connect to FTP Site dialog box, select the FTP site that you are connecting to, and then click Security.
  3. Select the Proxy tab > Use proxy server > HTTP. Click Configure.
  4. Enter connection information for your HTTP proxy server.
  5. Click OK to close the open dialog boxes, and then retry your connection.

Cause

A firewall is a network security device used to protect organizations from unauthorized connections. Firewalls can be configured to restrict FTP file transfers in various ways, depending on the vendor and configuration. For example, some firewalls can be configured to support FTP transfers in a way that is transparent to users. Other firewalls, however, are more restrictive and allow only pre-authenticated and/or passive-mode FTP connections.

The FTP protocol establishes two distinct connections between the FTP client and FTP server:
  • The control connection is initiated by the client and is used to manage the session
  • The data connection is typically initiated by the server and is used for transferring files and directory listings

Some firewalls may block the inbound FTP data connection from the server, while others may block both the inbound and outbound connections.

Additional Information

For port numbers used by Reflection connections, see KB 7021759.

For a list of products that include Reflection FTP Client, see KB 7021276.

Legacy KB ID

This article was originally published as Attachmate Technical Note 1059.