Re: Bug with W2K3, SP1, Windows Firewall and FTP

Here is the log. At 22:56:06, the port 21 was closed, and when I entered a
"dir" command at the client FTP prompt, I got "Connection closed by remote
host." message.

2006-04-18 22:54:14 DROP UDP 206.190.85.61 255.255.255.255 1215 712
72 - - - - - - - RECEIVE
2006-04-18 22:54:15 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357
21 - - - - - - - - -
2006-04-18 22:54:29 DROP UDP 206.190.85.61 255.255.255.255 1218 712
72 - - - - - - - RECEIVE
2006-04-18 22:54:35 OPEN TCP 206.190.85.61 68.190.234.108 20
4373 - - - - - - - - -
2006-04-18 22:54:39 OPEN TCP 206.190.85.61 68.190.234.108 20
4376 - - - - - - - - -
2006-04-18 22:54:44 DROP UDP 206.190.85.61 255.255.255.255 1219 712
72 - - - - - - - RECEIVE
2006-04-18 22:54:45 OPEN TCP 206.190.85.61 68.190.234.108 20
4382 - - - - - - - - -
2006-04-18 22:54:50 OPEN TCP 206.190.85.61 68.190.234.108 20
4384 - - - - - - - - -
2006-04-18 22:54:51 OPEN TCP 206.190.85.61 68.190.234.108 20
4386 - - - - - - - - -
2006-04-18 22:54:54 OPEN TCP 206.190.85.61 68.190.234.108 20
4388 - - - - - - - - -
2006-04-18 22:54:59 DROP UDP 206.190.85.61 255.255.255.255 1220 712
72 - - - - - - - RECEIVE
2006-04-18 22:55:14 DROP UDP 206.190.85.61 255.255.255.255 1221 712
72 - - - - - - - RECEIVE
2006-04-18 22:55:29 DROP UDP 206.190.85.61 255.255.255.255 1222 712
72 - - - - - - - RECEIVE
2006-04-18 22:55:44 DROP UDP 206.190.85.61 255.255.255.255 1223 712
72 - - - - - - - RECEIVE
2006-04-18 22:55:59 DROP UDP 206.190.85.61 255.255.255.255 1224 712
72 - - - - - - - RECEIVE
2006-04-18 22:56:06 CLOSE TCP 68.190.234.108 206.190.85.61 4357
21 - - - - - - - - -
2006-04-18 22:56:14 DROP UDP 206.190.85.61 255.255.255.255 1225 712
72 - - - - - - - RECEIVE
2006-04-18 22:56:29 DROP UDP 206.190.85.61 255.255.255.255 1226 712
72 - - - - - - - RECEIVE
2006-04-18 22:56:44 DROP UDP 206.190.85.61 255.255.255.255 1227 712
72 - - - - - - - RECEIVE
2006-04-18 22:56:47 CLOSE TCP 206.190.85.61 68.190.234.108 20
4373 - - - - - - - - -
2006-04-18 22:56:48 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357
21 - - - - - - - - -
2006-04-18 22:56:50 CLOSE TCP 206.190.85.61 68.190.234.108 20
4376 - - - - - - - - -
2006-04-18 22:56:57 CLOSE TCP 206.190.85.61 68.190.234.108 20
4382 - - - - - - - - -


"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message
news:eUhqFusYGHA.3328@xxxxxxxxxxxxxxxxxxxxxxx
Geezz. didn't know the reproduce my article.
Now - can you post the firewall log?
I can't repro this. I have firewall enable and I can connect fine. and
only idle timeout after 900 seconds.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:%23pJo4jrYGHA.1888@xxxxxxxxxxxxxxxxxxxxxxx
I actually re-read those articles, and I realized that since ftp.exe is
using active, the PassivePortRange wouldn't fix the problem...


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:uns$pzpYGHA.1192@xxxxxxxxxxxxxxxxxxxxxxx
Hey Bernard, I found your Microsoft Help and Support article on
configuring PassivePortRange in IIS, and I also found this one on
Windows 2003 Server w/SP1 Firewall that basically says to do the same
thing. Does it make sense?

http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:uPJlX5jYGHA.1228@xxxxxxxxxxxxxxxxxxxxxxx
From the Windows Firewall log, it looks like that the Firewall closes
the port 21 connection for some reasons. The client then gets the
connection disconnected by remote host/service not available, and since
the server did not get a proper response from the client, it is still
waiting for the next command (that's why the session is still going)
until the session times out. So the real question is why is the Windows
Firewall doing this?

Oh, I also tested it from the server itself. Since the Firewall is not
involved in this case, everything went fine. Any thought on this
Windows Firewall behavior?


"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message
news:ey49yJhYGHA.4168@xxxxxxxxxxxxxxxxxxxxxxx
Well, even with the refresh button. it's only as 'real' as you
thought.
it will only 'clear' from the list when the tcp connection no longer
appear when you do 'netstat -an' at command prompt.
that's what I have tested in the past.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:%232uxMmAYGHA.3448@xxxxxxxxxxxxxxxxxxxxxxx
here is a refresh button. I could see the connection time updated
after I clicked the button. BTW, the client I used was the Microsoft
FTP.exe.


"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message
news:uM8cPHsXGHA.3448@xxxxxxxxxxxxxxxxxxxxxxx
As for the FTP MMC connection status, I believe it is not refresh
realtime. so it may take someting to reflect even after the client
has disconnected.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:OvNjv8LXGHA.3492@xxxxxxxxxxxxxxxxxxxxxxx
You mean running FTP on the IIS/FTP server? Hmmm...I'll try that
and let you know the outcome.


"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in
message news:ebu2U74WGHA.4212@xxxxxxxxxxxxxxxxxxxxxxx

Weird indeed. same behavior if you try connect via ftp.exe on the
machine itself ??


--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:ORvcyC1WGHA.752@xxxxxxxxxxxxxxxxxxxxxxx
I'm encountering a bad behavior with Windows Firewall on too.
With the Windows Firewall on, the FTP sessions (using the command
line FTP on the client) would be disconnected (the message says
something about connection disconnect by server) in about less
than 1 minute, but the IIS manager would still show the session
is active. If the Windows Firewall is off, everything is well.


"EuroMaverick" <EuroMaverick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@xxxxxxxxxxxxxxxx
Hello people,

I don't know if this is a documented bug or if the information
is wide
spread, but since we spend about two days tracking this down, I
think it
makes sense to share this information with whoever is interested
in it.

This is the setup where this will occur:
- Windows 2003 server with SP1
- Windows firewall turned on
- IIS on the same machine
- FTP within that IIS

Now, add a welcome message to the ftp. As soon as this welcome
message
contains a <return>, your browser will hang when you navigate to
the
ftp-site. It does not actually hang, but returns an error much
later and your
ftp-site is not accessible.

Remove all returns from the welcome message, and the ftp-server
works just
fine...

Regards,

Benoit Somers.























.