Re: FTP port forwarding problem.

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: "Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx>
• Date: Mon, 17 Sep 2007 12:29:45 +0800

---

Mm.. so active mode work while passive mode stuck.
Can you try configure passive port range in iis ftp and then allow those
ports in firewall?

How To Configure PassivePortRange In IIS
http://support.microsoft.com/?id=555022


--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


<worldwidenandhu@xxxxxxxxx> wrote in message
news:1189159115.608255.196660@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

hi i am using linux as a gateway to connect inside local machines to
internet.

linux eth0 :XX.XX.XX.XX
linux eth1 : 192.168.1.1

inside local FTP Server(Win2k3 IIS) : 192.168.1.200

now i want to forward incoming ftp request on eth0, to acces
192.168.1.200 FTP server.

some days before it works well.
but now, my remote office cant able to connect FTP server through
Windows explorer (ftp://XX.XX.XX.XX).
while giving the addrees in above line, the explorer asks for
password, and then it displays as, "Operation timed out."

only command mode ftp.exe works well (start-run-cmd-ok, ftp open
XX.XX.XX.XX)

but from my local network, any system can connect the FTP server
easily (as, ftp://192.168.1.200).
also, wheni assign the XX.XX.XX.XX ip directly to FTP server, we can
access it from remote office..

the problem comes only when we connects it through linux firewall.

i used the following lines in the iptables command:,
**********************************************************************************************************************
iptables -t nat -A PREROUTING -i eth0 -p tcp - -dport 21 -j DNAT - -
to 192.168.1.200:21
iptables -A FORWARD -p tcp -d 192.168.1.200 - -dport 21 -j ACCEPT
**********************************************************************************************************************

but other http port forwarding works well....

pls tell me the solution for these problem......

Thanks and Regards,
Nandhakumar K.

.

---

• References:
  • FTP port forwarding problem.
    • From: worldwidenandhu

• Prev by Date: FTP port forwarding problem.
• Next by Date: Re: Setting up FTP Isolating Users using AD
• Previous by thread: FTP port forwarding problem.
• Next by thread: Re: Setting up FTP Isolating Users using AD
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: FTP on IIS6.0 Not Working ... FTP Error: 500 Invalid PORT Command ... check if your ISA allow connection for port 21/20. ... you configure passiveportrange in IIS 6.0. ... (microsoft.public.inetserver.iis.ftp) Re: Passive Mode FTP & Firewall ... the passiveportrange is at high range of 52xxx ... your firewall and in which direction, this commented FTP network trace may ... Establish FTP Control Channel TCP Connection Through Standard FTP Port 21: ... Server side outbound firewall must allow packets 'from' port 21 ... (microsoft.public.inetserver.iis.ftp) Re: IIS 6.0 FTP ... The IIS is running, along with the FTP ... There is no other FTP service on this server. ... I understand your have the order entry program, ... (microsoft.public.inetserver.iis.ftp) Re: IIS5 Passive FTP Networking problem (long) ... > Yes, it is within the port range, to calculate it. ... > Information About the IIS File Transmission Protocol (FTP) Service ... That leaves me only with the client side Microsoft Base Station router ... (microsoft.public.inetserver.iis.security) Re: IIS 6.0 FTP ... Well IIS FTP does have such a feature, how to use it, I do not know. ... clients are using an order entry program created in Microsoft access. ... (microsoft.public.inetserver.iis.ftp)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet-Server  > microsoft.public.inetserver.iis.ftp  > 2007-09