Re: Changing the way IIS answers to PASV commands?
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 09/20/04
- Next message: Jeffrey Hayes: "Preventing multiple downloads"
- Previous message: Bernard: "Re: Multiple FTP sites"
- In reply to: Selroth: "Re: Changing the way IIS answers to PASV commands?"
- Next in thread: Selroth: "Re: Changing the way IIS answers to PASV commands?"
- Reply: Selroth: "Re: Changing the way IIS answers to PASV commands?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 20 Sep 2004 11:57:15 +0800
Regarding the IP issue, it's not an IIS FTP issue.
This is how NAT works, translating address and port from external request to
internal ip and port.
you can put it as a NAT bug or etc.
Those detail are necessary for NAT to correctly map between internal and
external ports.
as for you last question, the IP address list field in IIS MMC.
what you see in the list box is ip addresses configured to the box.
since you external IP is doesn't belong here, how can IIS FTP bind to that
address and route it correctly ?
-- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "Selroth" <Selroth@discussions.microsoft.com> wrote in message news:68004B66-4AA6-4067-92B0-BB83FE48EFD6@microsoft.com... > Thank you for your response. I made a mistake before. For one, I'm running > IIS 5, not 4. That was a typo. Second, I managed to fix the passive port > range stuff. Like an idiot, after modifying the registry I went to try it > and complained it didn't work. Forgot I had to reboot :) Woops. Well, that > works now. > > However, there is still the issue of the IP address. What you said doesn't > really help me at all but sounds like it's hopeless? I just need to tell IIS > my external IP address. I mean, just about every network program has that > field. And it's not like no one runs IIS behind a router. NAT, on my > router, I beleive is set up just fine. It'd get thoroughly confusing and > require an additional computer to give my FTP server an IP address the same > as my internet IP. > > I've found no registry values I can add to modify this. I've found none I > can modify. The only relevant thing is in the IIS plugin for MMC, going into > properties of the FTP site, under the name of the FTP server there's > the-ever-so-vague field of "IP Address". I was thinking this was what I was > looking for. However, it's a drop-down and the only listed IP addresses are > the IP addresses specified in Network Properties of my computer (in control > panel). I can add my internet IP address as a secondary IP harmlessly > enough, and then select it from the list. However, doing that, the FTP > service no longer seems to run when any computer but itself connects to it. > It goes through, but when telnetting to it, it just says "Press any key to > continue..." then kicks me off. > > I'd think that field is for IP addresses the FTP service will only work for, > but then why the list of IP addresses only configured in Network Properties?? > I am thoroughly confused with this field, if it's even what I want, or how I > use it. And the help file is worth shiznit! > > "Bernard" wrote: > > > The local IP address you see is by design. > > Some thing to do with NAT, and it's related to invalid port command error > > msgs. > > > > about the passive port range. if you configured correctly it will work. > > double check again. > > How To Configure PassivePortRange In IIS > > http://support.microsoft.com/?id=555022 > > > > > > -- > > Regards, > > Bernard Cheah > > http://www.tryiis.com/ > > http://support.microsoft.com/ > > http://www.msmvps.com/bernard/ > > > > > > > > "Selroth" <Selroth@discussions.microsoft.com> wrote in message > > news:9FE90F62-EC75-4A93-AB9A-8E7328C53795@microsoft.com... > > > Running a Win2k (SP4) IIS 4 FTP server behind a Linksys router (or trying > > to). > > > LAN IP address of server is 192.168.1.5 > > > LAN IP of router is 192.168.1.1 > > > LAN IP of my PC is 192.168.1.2 > > > > > > First of all, I thank you for your time and effort. > > > > > > Now, I set up IIS and have gotten it to the stage where I can connect to > > it > > > through my LAN, but not the WAN (Internet). There are two issues I'd like > > to > > > address: > > > > > > Primarily, when I connect through the WAN (from 192.168.1.2 to > > > 192.168.1.5:21), send the PASV command, it replied with "227 Entering > > Passive > > > Mode (192,168,1,5,4,90)." Perfect, I can do that. It works. > > > HOWEVER, when I connect through the WAN, (from 68.35.78.247 to > > > 68.35.78.247:21), send the PASV command, it replies with "227 Entering > > > Passive Mode (192,168,1,5,4,91)." But wait, I can't connect to that! > > It's > > > giving me a local IP address when I need a WAN IP address. So, how do I > > tell > > > IIS it's WAN IP address so people on the internet can connect,? > > > > > > Secondly, port 1024-4000~ are used for other things on my network, and I > > > don't really want them to be FTP data ports. I found documentation that > > says > > > you can add a registry key to the tcpip service with regedit. I did, but > > for > > > one, it didn't have an effect on the PASV replies, and two, that's just > > the > > > tcpip port range. Microsoft documentation also says the security risk of > > > listing PASV ports sequentially has been fixed with SP4, but it wasn't; > > they > > > still seem pretty darn sequential to me. > > > > > > Lil' help? And IIS 6 I tried a while ago and had the same problems (my PC > > > is WinXP, but I don't have another legal copy of it so I have to use Win2k > > on > > > my FTP server). Again, thank you. I eagerly await replies. > > > > > >
- Next message: Jeffrey Hayes: "Preventing multiple downloads"
- Previous message: Bernard: "Re: Multiple FTP sites"
- In reply to: Selroth: "Re: Changing the way IIS answers to PASV commands?"
- Next in thread: Selroth: "Re: Changing the way IIS answers to PASV commands?"
- Reply: Selroth: "Re: Changing the way IIS answers to PASV commands?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
