Re: Changing the way IIS answers to PASV commands?

From: Selroth (Selroth_at_discussions.microsoft.com)
Date: 09/20/04 

Date: Mon, 20 Sep 2004 14:37:03 -0700

Again, I wish to thank you for your time, Bernard. It is most appreciated
and you are helping me understand things further.

However, my questions still pretty much remain. I appologize, but maybe I
have been misunderstood.

The critical thing I need is for IIS to reply to PASV commands with an IP
address the client can connect to. IN the IIS snap-in, if I leave the "IP
Address" drop-down box to "<all unassigned> I get these results:

Working in front of the server with telnet:

--> o localhost 21
220 BLITZ Microsoft FTP Service (Version 5.0).
--> USER Selroth
331 Password required for Selroth.
--> PASS ******
230 User Selroth logged in.
--> PASV
227 Entering Passive Mode (127,0,0,1,195,82).
-->QUIT

--> o 192.168.1.5 21
220 BLITZ Microsoft FTP Service (Version 5.0).
--> USER Selroth
331 Password required for Selroth.
--> PASS ******
230 User Selroth logged in.
--> PASV
227 Entering Passive Mode (192,168,1,5,195,83).
--> QUIT

--> o 68.35.78.247 21
220 BLITZ Microsoft FTP Service (Version 5.0).
--> USER Selroth
331 Password required for Selroth.
--> PASS ******
230 User Selroth logged in.
--> PASV
227 Entering Passive Mode (192,168,1,5,195,84).
--> QUIT

I get the same results (excluding the first, localhost) when connecting from
my PC 192.168.1.2. Asking friends to connect with telnet, they get the same
as well.

This is how my simple home network is set up:

Internet
|
|}68.35.78.247
|
Modem
|
|}68.35.78.247
|
Linksys Router w/ 4-port switch (192.168.1.1)
| | | |
| | | |
| | | |}192.168.1.5
| | | Server
| | |
| | |}192.168.1.4
| | Laptop
| |
| |}192.168.1.3
| Secondary PC
|
|}192.168.1.2
Primary PC

Now, NAT is Network Address Translation, correct? The router's job is to
perform that. It interfaces with 68.35.78.247 on one end, and breaks it up
to 192.168.1.* on the other (I have a mask of 255.255.255.0). It is not
running DHCP, all the computers are assigned an IP address manually.

Where is the problem in this NAT setup? Where is this bug? My server
should indeed only see 192.168.1.5, unless something tells it to use the
external IP address of 68.35.78.247. Does the software not allow me to have
my server behind a router, but rather a raw and direct connection to the
Internet (or at least, modem)?

If there is a way for the server to gain the external IP address, I would
like to know it. I'm not afraid to play with the registry or metafile if
that's what it takes. However, it seems to me that what I'm trying to do
here is a common thing, I just have a blind spot or such.

Thanks for your understanding. I'd like to reward you somehow if I could,
but I can't think of anyhow to do so reasonably.