Re: Passive Mode issue

Then it could be NAT'ing issue between public and internal IP.
I have no further info on that, sorry.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"Synapse120" <Synapse120@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BE184DF6-2594-4A3A-855A-664EF8E4098B@xxxxxxxxxxxxxxxx
I bound the Ftp site to the internal IP, and disabled the firewall and it
worked, as i expected it to. For my internal IP, i never configured the
windows firewall for ftp, so it does fail with the firewall enabled, this
is
a dual NIC server. Normally the FTP site is bound to the public IP, so
even
internal users browse to the external address. I will do more tests on
the
firewall ports, but i think i have all those correct.

"Bernard Cheah [MVP]" wrote:

Mm.. with firewall disabled, internal client works?


--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"Synapse120" <Synapse120@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BC617D56-C579-4271-B4D7-2D1C2F663E93@xxxxxxxxxxxxxxxx
It falls within the specified port range, even with windows firewall
disabled
it fails. I have that port range specified for that IP in the
Sonicwall.
In
my sonicwall i also have port 20 and 21 opened also.

"Bernard Cheah [MVP]" wrote:

I just like to see if the port in use is actually within the port
range
you
specify
p1 x 256 + p2 = ?? is it within 5500 - 5550.

if you disable windows firewall does it works ?

--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"Synapse120" <Synapse120@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:821434E6-5411-4784-BC58-8E6C2AC8D081@xxxxxxxxxxxxxxxx
If i do a quote pasv it passes both internal and externally from the
network.
What does that mean?

"Bernard Cheah [MVP]" wrote:

if you do a quote pasv in ftp.exe. does the calculation falls
inside
the
range ?

--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"Synapse120" <Synapse120@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:FC0D3815-1E41-4633-9C0D-752CCB2639C7@xxxxxxxxxxxxxxxx
In IIS i set the passive port range for 5500 - 5550, and opened
those
ports
in the windows firewall and the network firewall with the same
results.
The
Server is in the DMZ, and the ftp site is bound to a specific
public
IP.
Internally and externally the site only works in active mode,
Command
line
ftp works, telnet connection to force passive results in
connection
lost
by
remote host. From the Server it self browsing works in passive
and
active.
The clients recieve FTP operation Timed out. I have the time out
set
to
400
right now.

"Bernard Cheah [MVP]" wrote:

what port range you set ? without firewall locally does it
works?
and without firewall - remotely on the same LAN, does it works?

--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"Synapse120" <Synapse120@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:861E4B30-9D70-4E46-BA0B-4B76159B7BB9@xxxxxxxxxxxxxxxx
I am running Windows 2003 r2 x64 SP2, and IIS 6 with 2 ftp
sites
and
a
website running. The problem i see is fully related to
passive
mode
FTP,
and
my firewall configuration. All users inside and outside can
connect
if
they
turn off passive FTP from IE or use a ftp client such as
winSCP.

The server will timeout from all users trying passive mode. I
have
set
the
passive port range for IIS and opened those ports in the
firewall,
with
no
luck.

One special configuration i must note is the wan IP's for the
3
sites
are
all run from the same NIC.

I have opened up all ports to that specific IP for the ftp
sites
and
still
fails on pasv mode, and windows firewall turned off as well.
The
clients
return connection timeout when using passive mode. I have
seen
other
posts,
with similar symptoms but, non of the suggestions seem to
help.

I cant put my finger on what i am missing on the config.
Someone
please
help.

thank you,














.

Relevant Pages

  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... add a welcome message to the ftp. ... Bernard Cheah ... list and exception is allowed (of coz tight to the scope of your ... I decided to try adding a port 21 in the firewall exception list ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... it is IE and the "Enable folder view for FTP ... Bernard Cheah ... I decided to try adding a port 21 in the firewall exception list just ... the Advanced section for the Local Area Connection, ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: FTP server behind a PF firewall (including NAT)
    ... Philip> have exactly the same problem. ... Philip> huge range of high ports, and I can't find any information ... IPFW is a real pain compared to most modern firewall software. ... address-translate) the FTP data transfers. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... Bernard Cheah ... FTP service is listed, it should be bi-directional. ... I'm confuse as well:) between the advanced tab and exception tab. ... I decided to try adding a port 21 in the firewall exception list ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... Bernard Cheah ... FTP service is listed, it should be bi-directional. ... I'm confuse as well:) between the advanced tab and exception tab. ... I decided to try adding a port 21 in the firewall exception list ...
    (microsoft.public.inetserver.iis.ftp)