[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20010205: FTP access from .com addresses (cont.)

Subject: 20010205: FTP access from .com addresses (cont.)
Date: Mon, 05 Feb 2001 13:11:23 -0700

>From: "Neilley, Peter" <address@hidden>
>Organization: WSI Corportation
>Keywords: 200102051425.f15EPsX03731 FTP access

Peter,

>Thanks Tom.
>
>I'm running into more fundamental problems where the Unidata ftp
>server won't even let me connect.  e.g.>
>
>> ftp ftp.unidata.ucar.edu
>Connect to ftp.unidata.ucar.edu
>421 Service not available, remote server has closed connection.
>
>I've also tried pftp (passive-mode ftp) incase the firewall was the issue.

This comment showed me that I really didn't understand the security
setup here.  One quick comment, however: we are not behind the UCAR
security perimeter, so using a passive-mode FTP is not needed.

>If I try to click one of Unidata's ftp links from one of the Unidata
>web pages from within a browser I get:
>
>   FTP Error
>   Could not login to FTP server

OK.

>I have no problem contacting other UCAR ftp servers (e.g. ftp.rap.ucar.edu
>or ncardata.ucar.edu), just the unidata ftp server.
>
>Hmmmm.....
>
>Anyway, I back-doored the files by transferring it to RAP first and
>then to WSI.... but it would be nice to figure out this problem.  Do
>your FTP logs indicate and connections from WSI (.wsi.com, .wsicorp.com)?

I got together with Mike Schmidt, our system administrator, and learned
more about how we have security setup for FTP.  Our setup requires that
we can do a forward and reverse name lookup for hosts attempting to
connect.  It seems that the host that you were coming in from is
not recognized by a DNS server.  Someone else from WSI, however, has
successfully FTPed to ftp.unidata.ucar.edu in the past several days:

>From laraine:/var/adm/tcpd.log

>Feb  2 08:34:13 laraine.unidata.ucar.edu wuftpd[3296]: connect from 
>wsi-200-156.wsi.com
>Feb  5 09:49:46 laraine.unidata.ucar.edu wuftpd[10574]: warning: can't verify 
>hostname: gethostbyname(wsi-204-185.wsi.com) failed

nslookup wsi-200-156.wsi.com
Server:  laraine.unidata.ucar.edu
Address:  128.117.140.62

Non-authoritative answer:
Name:    wsi-200-156.wsi.com
Address:  4.36.200.156

nslookup wsi-204-185.wsi.com
Server:  laraine.unidata.ucar.edu
Address:  128.117.140.62

*** laraine.unidata.ucar.edu can't find wsi-204-185.wsi.com:Non-existent 
host/domain

The nslookup output shows that wsi-200-156.wsi.com is a name that one
can do a lookup on while wsi-204-185.wsi.com is not.  It is likely that
the wsi-204-185.wsi.com is newer and has not yet been added to the DNS
server tables at WSI (or elsewhere).

So, you will have to use a different machine for your FTPs until
wsi-204-185.wsi.com is recognized.

I hope that this helps...

Tom

Prev by Date: Re: 20010130: C++ Interface
Next by Date: Re: 20010205: C++ Interface (cont.) (fwd)
Previous by thread: Re: 20010130: C++ Interface
Next by thread: Re: 20010205: C++ Interface (cont.) (fwd)
Index(es):
- Date
- Thread