Re: FTP service and Windows Firewall on Server 2003

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Viktor Jevdokimov" <viktor@xxxxxxxxxxx>
• Date: Tue, 24 Jul 2007 11:19:03 +0300

---

I've used commandline FTP and other clients. PASV mode is for transfer, when
you're logged in, but I can't login! Connection hangs just right after user
name is sent, server won't ask for password and this behaviour is just for
all external clients, while locally I can login without problem.
Reinstalling SP2 did fix the problem. Only disabling Windows Firewall can
help.

"Deniz" <deniz.turkmen@xxxxxxxxx> wrote in message
news:1185229505.928213.105790@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Jul 23, 3:29 am, "Viktor Jevdokimov" <vik...@xxxxxxxxxxx> wrote:

Have added inetinfo.exe to the Firewall - no changes.
Probably I need to try to reinstall SP2, since FTP service was added
after
SP2 was installed.
BTW, locally with Firewall enabled, FTP works fine, while from external
IP's
connection is dropped right after I entered user name.

"Bernard Cheah [MVP]" <qbern...@xxxxxxxxxxxxxxxxxxx> wrote in
messagenews:u2IPxxPzHHA.3768@xxxxxxxxxxxxxxxxxxxxxxx

ya. it checked for access ip before prompt for login.

do you have inetinfo.exe defined in the firewall exception list?

if you try ftp.exe command line to connect remotely, will it drop again
after you entered the user name or ?

--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/

"Viktor Jevdokimov" <vik...@xxxxxxxxxxx> wrote in message
news:u$9GjMhyHHA.3564@xxxxxxxxxxxxxxxxxxxxxxx

No IP restrictions. BTW, if IP is rejected, why it is starting an FTP
connection and asking for a user name? If IP is restricted, connection
should be dropped before FTP welcome line and user name prompt.

".._.." <.....@xxxxxxxxxxx> wrote in message
news:q5Kni.36677$G23.20324@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

There is an IP address-based ACL in the "Security" tab that allows
the
server to accept, or reject traffic from individual or blocks of IP
addresses.

Your description is consistent with it being that the originating IP
is
on that list. So it's worth a check in there.

"Viktor Jevdokimov" <vik...@xxxxxxxxxxx> wrote in message
news:%23W9xCufyHHA.2224@xxxxxxxxxxxxxxxxxxxxxxx

Hi all,

Environment:
- Windws Server 2003 R2 Standard Edition Service Pack 2
- IIS with FTP service
- Windows Firewall enabled, TCP ports 21 and 20 are enabled both on
exceptions list and on connection.

Problem: "Connection closed by remote host." right after user name
is
entered when connecting from outside.

When testing locally on the server or when Windows Firewall is
disabled -
everything is fine, no problems. When Firewall is enabled,
connection
from
outside just drops right after user name is entered.

IIS log file shows 421 FTP status and 121 win32 status.

How to configure Windows Firewall properly for FTP service to work
from
outside?

Thanks in advance,
Viktor

Hi,

Does your FTP client use passive mode? I was having similar problem,
and disabling the passive mode solved the case. IIS 6 FTP service does
not work properly in passive mode (high ports) while Windows Firewall
is enabled. Or you can try what Bernard says, use ftp command line
utility to see if you can connect, which doesn't send any PASV
commands to the server.

In my case, directory listing hangs at certain point when I use
passive mode. I tried whatever was suggested (defining passive mode
port range in Meta Base explorer and adding those ports to the Windows
Firewall) but nothing helped but using active mode. I hope this helps.

Deniz


Deniz

.

---

• References:
  • FTP service and Windows Firewall on Server 2003
    • From: Viktor Jevdokimov
  • Re: FTP service and Windows Firewall on Server 2003
    • From: .._..
  • Re: FTP service and Windows Firewall on Server 2003
    • From: Viktor Jevdokimov
  • Re: FTP service and Windows Firewall on Server 2003
    • From: Bernard Cheah [MVP]
  • Re: FTP service and Windows Firewall on Server 2003
    • From: Viktor Jevdokimov
  • Re: FTP service and Windows Firewall on Server 2003
    • From: Deniz

• Prev by Date: Re: AD user ftp account
• Next by Date: Re: IIS6 MSFTPSVC
• Previous by thread: Re: FTP service and Windows Firewall on Server 2003
• Next by thread: Re: FTP service and Windows Firewall on Server 2003
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Windows 2003 SP2 and FTP ... with the windows firewall for our exchange servers. ... connect to the exchange server, we must disable the protect all connections ... Do you have anonymous access to your ftp enabled? ... "Connection closed by remote host". ... (microsoft.public.inetserver.iis.ftp) Re: Passive means what during FTP? ... :227 Entering Passive Mode ... :ftp: connect: No route to host ... The FTP data transfer uses a connection that is separate from the ... address and port number to connect to for the data transfer. ... (comp.os.linux.setup) Re: Windows 2003 SP2 and FTP ... If you turn Windows Firewall off on the server, ... 220 Microsoft FTP Service ... "Connection closed by remote host". ... (microsoft.public.inetserver.iis.ftp) Re: Windows 2003 SP2 and FTP ... If you turn Windows Firewall off on the server, ... 220 Microsoft FTP Service ... "Connection closed by remote host". ... (microsoft.public.inetserver.iis.ftp) Re: Windows 2003 SP2 and FTP ... If you turn Windows Firewall off on the server, ... 220 Microsoft FTP Service ... Connection closed by remote host. ... (microsoft.public.inetserver.iis.ftp)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet-Server  > microsoft.public.inetserver.iis.ftp  > 2007-07