So... One day I go to login to this FTP server and it gets stopped at the MSLD command (a fancy LIST command) and as a result, I don't get to see any directory listings. It's kind of hard to do much when you can't see what's there... It was working the day before though.
Hmmm... I wonder to myself what could be wrong? I setup the FTP server myself. Granted, I'm not the only one with administrator access to this particular server, but everyone else that has access is highly skilled but I'm the only one that knows this particular FTP server software.
I'm pretty darn careful when I do things, and rarely ever have any problems like this. But, you never know. Everyone makes mistakes. Time to check all the configurations again... Fast forward like a week or so, and still no answer. I've already reconfigured the server a few times. I've even uninstalled it and reinstalled it, being careful to backup all the settings and delete EVERYTHING from the installation. Reinstalling and reconfiguring doesn't work. I've asked everyone else with access if they've done anything to the server. Nope. Nobody's done anything that could possibly affect that.
The wierd thing is that I run an another almost identical server where I'm a bit more 'cowboy' in my approach to things. But on this server with the FTP problem, I'm ultra-conservative. Everything gets tested before anything gets done.
Firewalls? Nope. Not running any firewalls. Double check it all. None. Hmmm... Perhaps at the router/switch level? Start a support ticket with the host... Nope. No blocked ports there either...
Ok... Time to get support from the FTP server vendor... Fast forward about 5 weeks (SIC and a short vacation chewed 2 weeks there) and there's still no resolution.
At this point I've done everything possible and left no stone unturned... Unless...
So I go to the system administrator for this place and talk to him about blocked ports and how things aren't working. I explain things in detail about how other server software doesn't work either (I tested other servers on other port numbers) and ask him if he's done anything to the server. He says no.
He then goes on about how since the server has some high CPU usage that must be the cause. Yeah. Right. I tell him that's not it and that CPU usage isn't related to blocked ports. Especially when other ports are working fine and reliably, and that you just can't connect to other ports at all. It doesn't make sense at all. He insists that it's a CPU usage problem... Whatever...
Fast forward another 2 weeks and another guy has a problem connecting to the server. He needs to access a database, but can't. Hmmm... I explain to him that this problem has been going on for a long time and tell him about the sys admin's "CPU" story. He laughs at it and I tell him that I'm not kidding. The guy actually said that.
Well... 5 minutes later he comes back after talking to the sys admin with the answer... The sys admin configured TCP/IP filtering in the network connection for the server to block all but a couple ports. Here's where you configure TCP/IP filtering (from an XP box - not the server):
THE GUY LIED TO ME~!
I SEE RED... AN ALL CONSUMING BLOODLUST!
I could kill the incompetent lying bastard!
Anyways, I fixed the screwup.
But the story only gets better...
I'm pretty security conscious and take precautions wherever possible. One of the things that I do for non-public FTP servers is to configure them to run on a different port than 21. These other guys know that as I'm the one that gave them FTP accounts and all that jazz.
So the sys admin knows what port I'm using for FTP... Now this guy is a senior IT administrator. He's not a newbie and he's not an amateur. He should know his stuff.
So how many ports does he leave unblocked? One.
If you don't know much about FTP, suffice it to say that you need two ports for FTP to work properly. You need 1 port for the command channel, and one for the communications channel. He's left just one open. FTP won't work.
Now there's no way I can possibly write about just how angry I was over this. Much less what I'd like to do to this guy. But suffice it to say that if you've seen any really twisted horror movies like "The Devil's Rejects", well, what I'd like to do makes that look like Mary Poppins.
However, the problem is now fixed. No... I don't mean he's dead... I mean I can finally use the ports that I need to.
Cheers,
Ryan