Re: Bug with W2K3, SP1, Windows Firewall and FTP

I only enabled the FTP Server service in advance settings. I also tried
adding a port 20 one for data, but it was no help.

"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%23RSSuL7YGHA.1220@xxxxxxxxxxxxxxxxxxxxxxx
what is closed, not dropped :)
I have no clue already. how do you enable access for ftp in the firewall
setting?
just the 'network connection setting' in the firewall advanced tab or you
have exceptions define for inetinfo.exe ?

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:u%23UI$e3YGHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
Here is the log. At 22:56:06, the port 21 was closed, and when I entered
a "dir" command at the client FTP prompt, I got "Connection closed by
remote host." message.

2006-04-18 22:54:14 DROP UDP 206.190.85.61 255.255.255.255 1215 712
72 - - - - - - - RECEIVE
2006-04-18 22:54:15 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357
21 - - - - - - - - -
2006-04-18 22:54:29 DROP UDP 206.190.85.61 255.255.255.255 1218 712
72 - - - - - - - RECEIVE
2006-04-18 22:54:35 OPEN TCP 206.190.85.61 68.190.234.108 20
4373 - - - - - - - - -
2006-04-18 22:54:39 OPEN TCP 206.190.85.61 68.190.234.108 20
4376 - - - - - - - - -
2006-04-18 22:54:44 DROP UDP 206.190.85.61 255.255.255.255 1219 712
72 - - - - - - - RECEIVE
2006-04-18 22:54:45 OPEN TCP 206.190.85.61 68.190.234.108 20
4382 - - - - - - - - -
2006-04-18 22:54:50 OPEN TCP 206.190.85.61 68.190.234.108 20
4384 - - - - - - - - -
2006-04-18 22:54:51 OPEN TCP 206.190.85.61 68.190.234.108 20
4386 - - - - - - - - -
2006-04-18 22:54:54 OPEN TCP 206.190.85.61 68.190.234.108 20
4388 - - - - - - - - -
2006-04-18 22:54:59 DROP UDP 206.190.85.61 255.255.255.255 1220 712
72 - - - - - - - RECEIVE
2006-04-18 22:55:14 DROP UDP 206.190.85.61 255.255.255.255 1221 712
72 - - - - - - - RECEIVE
2006-04-18 22:55:29 DROP UDP 206.190.85.61 255.255.255.255 1222 712
72 - - - - - - - RECEIVE
2006-04-18 22:55:44 DROP UDP 206.190.85.61 255.255.255.255 1223 712
72 - - - - - - - RECEIVE
2006-04-18 22:55:59 DROP UDP 206.190.85.61 255.255.255.255 1224 712
72 - - - - - - - RECEIVE
2006-04-18 22:56:06 CLOSE TCP 68.190.234.108 206.190.85.61 4357
21 - - - - - - - - -
2006-04-18 22:56:14 DROP UDP 206.190.85.61 255.255.255.255 1225 712
72 - - - - - - - RECEIVE
2006-04-18 22:56:29 DROP UDP 206.190.85.61 255.255.255.255 1226 712
72 - - - - - - - RECEIVE
2006-04-18 22:56:44 DROP UDP 206.190.85.61 255.255.255.255 1227 712
72 - - - - - - - RECEIVE
2006-04-18 22:56:47 CLOSE TCP 206.190.85.61 68.190.234.108 20
4373 - - - - - - - - -
2006-04-18 22:56:48 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357
21 - - - - - - - - -
2006-04-18 22:56:50 CLOSE TCP 206.190.85.61 68.190.234.108 20
4376 - - - - - - - - -
2006-04-18 22:56:57 CLOSE TCP 206.190.85.61 68.190.234.108 20
4382 - - - - - - - - -


"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message
news:eUhqFusYGHA.3328@xxxxxxxxxxxxxxxxxxxxxxx
Geezz. didn't know the reproduce my article.
Now - can you post the firewall log?
I can't repro this. I have firewall enable and I can connect fine. and
only idle timeout after 900 seconds.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:%23pJo4jrYGHA.1888@xxxxxxxxxxxxxxxxxxxxxxx
I actually re-read those articles, and I realized that since ftp.exe is
using active, the PassivePortRange wouldn't fix the problem...


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:uns$pzpYGHA.1192@xxxxxxxxxxxxxxxxxxxxxxx
Hey Bernard, I found your Microsoft Help and Support article on
configuring PassivePortRange in IIS, and I also found this one on
Windows 2003 Server w/SP1 Firewall that basically says to do the same
thing. Does it make sense?

http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:uPJlX5jYGHA.1228@xxxxxxxxxxxxxxxxxxxxxxx
From the Windows Firewall log, it looks like that the Firewall closes
the port 21 connection for some reasons. The client then gets the
connection disconnected by remote host/service not available, and
since the server did not get a proper response from the client, it is
still waiting for the next command (that's why the session is still
going) until the session times out. So the real question is why is
the Windows Firewall doing this?

Oh, I also tested it from the server itself. Since the Firewall is
not involved in this case, everything went fine. Any thought on this
Windows Firewall behavior?


"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message
news:ey49yJhYGHA.4168@xxxxxxxxxxxxxxxxxxxxxxx
Well, even with the refresh button. it's only as 'real' as you
thought.
it will only 'clear' from the list when the tcp connection no longer
appear when you do 'netstat -an' at command prompt.
that's what I have tested in the past.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:%232uxMmAYGHA.3448@xxxxxxxxxxxxxxxxxxxxxxx
here is a refresh button. I could see the connection time updated
after I clicked the button. BTW, the client I used was the
Microsoft FTP.exe.


"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in
message news:uM8cPHsXGHA.3448@xxxxxxxxxxxxxxxxxxxxxxx
As for the FTP MMC connection status, I believe it is not refresh
realtime. so it may take someting to reflect even after the client
has disconnected.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:OvNjv8LXGHA.3492@xxxxxxxxxxxxxxxxxxxxxxx
You mean running FTP on the IIS/FTP server? Hmmm...I'll try that
and let you know the outcome.


"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in
message news:ebu2U74WGHA.4212@xxxxxxxxxxxxxxxxxxxxxxx

Weird indeed. same behavior if you try connect via ftp.exe on
the machine itself ??


--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Jimmy Chu" <reply@xxxxxxxxxxxxx> wrote in message
news:ORvcyC1WGHA.752@xxxxxxxxxxxxxxxxxxxxxxx
I'm encountering a bad behavior with Windows Firewall on too.
With the Windows Firewall on, the FTP sessions (using the
command line FTP on the client) would be disconnected (the
message says something about connection disconnect by server)
in about less than 1 minute, but the IIS manager would still
show the session is active. If the Windows Firewall is off,
everything is well.


"EuroMaverick" <EuroMaverick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message
news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@xxxxxxxxxxxxxxxx
Hello people,

I don't know if this is a documented bug or if the information
is wide
spread, but since we spend about two days tracking this down,
I think it
makes sense to share this information with whoever is
interested in it.

This is the setup where this will occur:
- Windows 2003 server with SP1
- Windows firewall turned on
- IIS on the same machine
- FTP within that IIS

Now, add a welcome message to the ftp. As soon as this welcome
message
contains a <return>, your browser will hang when you navigate
to the
ftp-site. It does not actually hang, but returns an error much
later and your
ftp-site is not accessible.

Remove all returns from the welcome message, and the
ftp-server works just
fine...

Regards,

Benoit Somers.



























.

Relevant Pages

  • Re: Ftp connection - it worked
    ... I installed Comodo and it really allows me to connect to my ftp sites. ... strange behavior since the windows firewall allow my Limewire and MSN ... I would recommend that you install either ZoneAlarm ...
    (microsoft.public.windowsxp.general)
  • Re: Being hacked...
    ... Are you offering a webserver and ftp server to users on the internet as per having ... FTP and HTTP open? ... For internet attacks what I would look for is patterns in the firewall ... I am not an expert on IIS by any means but I do know if you are using FTP and IIS you ...
    (microsoft.public.win2000.security)
  • Re: Windows 2003 SP2 and FTP
    ... with the windows firewall for our exchange servers. ... connect to the exchange server, we must disable the protect all connections ... Do you have anonymous access to your ftp enabled? ... "Connection closed by remote host". ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... Port) in the Exceptions tab and uncheck the pre-defined FTP Server in the ... list and exception is allowed (of coz tight to the scope of your exception ... I decided to try adding a port 21 in the firewall exception list just to ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Windows 2003 SP2 and FTP
    ... If you turn Windows Firewall off on the server, ... 220 Microsoft FTP Service ... "Connection closed by remote host". ...
    (microsoft.public.inetserver.iis.ftp)