AP Tempe FTP notes using a Linux system
We are just using a .netrc file to connect to the server and a put command to place the files there.
ftp 158.52.2.14
Connected to 158.52.2.14 (158.52.2.14).
220 FTP Server ready.
331 Password required for aptempe.
230 User aptempe logged in.
Remote system type is UNIX.
ftp> ls
227 Entering Passive Mode (158,52,2,14,215,131)
ftp: connect: Connection timed out

And here's where it hangs....

It hangs on entering passive mode, that could be a firewall issue. You have probably opened up the FTP command port (port 20) but the passive port range (data) is most likely still blocked. Are you using iptables, firewalld or a hardware firewall? I'd check there first. I have to admit to forgetting the most secure way of configuring iptables for Passive Ranges, assuming it is iptables or firewalld that is.

Just a note, normal FTP is unencrypted and thus not safe for anything sensitive in anyway. If you need things encrypted I'd use SFTP instead which is the preferred method of transferring files to a Linux Server. Personally I don't like the idea of transmitting passwords in plaintext, something normal FTP will do.

FTP command port on serve is 21 and not 20. 20 is thee data port on server when client is in active mode.

SFTP cant be used in this case : .netrc file wont support SFTP.

Firewall issue : Not very sure becuase we have 100s of clients sending files through FTP to our server. Facing issue with this client only.

We are not using iptables, only firewall with NAT.

No, but SFTP does support a batch mode when using keys.

can you elaborate?

Yes, you can set up SFTP to authenticate using keys, as per established best practice. Then you can load the SFTP commands you want into a text file and read them into the SFTP client using the -b option. Again this only works with keys, but also again keys are the established best practice.

1 members found this post helpful.

See here i cant make any changes. Becuase people who are establishing FTP connection with us are our clients and they said they wont be using SFTP.

And they are not ready to change anything on their side.

Any help on this existing issue would be much appreciated.

It still could be firewall, if it only one client then it could be THEIR firewall. I did make a mistake on the port but you failure is at the point of creating a passive connection and so still indicate it'd be firewall related since the data connection isn't being made.

you know the tricky part is they are able to send the data to our test servers but not to production server. And, in case of passive mode i dont think client firewall has any role to play.ALso, client is able to send files through filezilla but not through Linux .netrc file.