Re: How do you set Passive Port Range for IIS 5.0 on XP Pro

Yes, as I posted. you can't customize passive port range on XP

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"Delta Mike" <DeltaMike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:79E3490C-36DC-4BA8-84CD-76B9E884AB36@xxxxxxxxxxxxxxxx
not allowed to test locally (except for on the same system, which does not
get routed so - no it works fine when ftping to/from itself), neither
port
20 or 21 is blocked - verified several times with "boundary protection"
folks.

When doing a netstat, the service has already auto-negotiated a random
port,
so I gather that to mean the port 20 traffic has been successful.

Lets say I want the system to know that it can only auto-negotiate ports
10001 to 102001, would I do it in XP?

Thank you for your assistance thus far (non-sarcastically), I am thinking
that MS did not build it into the function for XP.

DM

"Bernard Cheah [MVP]" wrote:

Hard to tell, it could be connection... or blocking.
can you test locally? same behavior?

it hang there ? is port 20 outbound allow from the server?



--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"Delta Mike" <DeltaMike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:799A5B31-04FC-4AAA-AEC3-51FE6E67FE48@xxxxxxxxxxxxxxxx
C:\>ftp <IP address>
Connected to <IP address>
220 Microsoft FTP Service
User (<IP adress>:(none)): testftp
331 Password required for testftp.
Password:
230 User testftp logged in.
ftp> dir
200 PORT command successful.
<blinking cursor>

That's it, it will sit there. Since I cannot test from a nearby system
(another organization controls the backbone) and I can only test over
the
phone with the distant end, I don't know if/when it will time out.

But if the user executes a cd <dirname> (assuming he has access to it),
it
is successfull, as is a pwd.

If the user attempts to put a file, he gets the blinking cursor and I
get
a
zero size file with the appropriate file name. The distant end will
never
be
pulling data, so I did not have him test the get function.

Performing a netstat -p tcp shows his connection and the random port.
After
some research, I gathered this to mean I need to have a port range set
up
for
passive mode.

Thank you,
DM

"Bernard Cheah [MVP]" wrote:

The article doesn't applies to XP.
and the syntax is hyphen or dash.

as for you issue. have you try connect via ftp.exe ? post the output
here.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"Delta Mike" <Delta Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EBD2F8AF-538F-4A81-89BE-79A2091D3170@xxxxxxxxxxxxxxxx
I am setting up an FTP server; I have a range of ports available for
use; I
have looked at: http://support.microsoft.com/kb/555022 ; Windows
Firewall
has
been disabled.

How do you set the range? If the above settings work (from the 2K
section),
what is the syntax for the registry entry? (tried comma, space,
dash/hyphen,
and colon)

Symptoms:
Local login to the FTP site works, remote login happens, commands
are
sent,
but no data. eg cd <dir> and pwd work as expected, dir returns no
data
and
no
prompt, and put only touches a file - no data transfered

Thank you,
DM








.

Relevant Pages

  • Re: Extremely abnormal behaviour: ftp client does show a file list in a folder occasionally
    ... from the first log u see the port range is within the range. ... IIS FTP to take effects. ... connecting to xxx.xxx.xx.xx:5013 ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Iptables rule for windows file sharing?
    ... If I disable the Fedora firewall, ... UDP Port 137: NetBIOS name service. ... TCP Port 139: NetBIOS-SSN. ... TCP Port range 32800:32900: the upper end of all SMB TCP conversations. ...
    (Fedora)
  • Re: Firewall issues with setting up vsftp server
    ... >#Specifies the highest possible port sent to the FTP clients for passive mode connections. ... >#is used to limit the port range so that firewall rules are easier to create. ...
    (Fedora)
  • Re: Ephemeral port range (patch)
    ... I'm planning to implement the scheme described in the port randomization internt-draft I referenced, ... That way you can exclude whichever ports you want, without "wasting" the 1024-9999 port range. ... knowledge about how the applications you must NAT actually behave. ... The patch just changes the default case. ...
    (freebsd-net)
  • Re: IIS home directory/port mixup
    ... "Richard Walker" wrote in message ... > I've now tried binding the service on port 81 to port 80 and using a host ... >> The config file varies by OS. ... >>>> Bernard Cheah ...
    (microsoft.public.inetserver.iis)