Re: IIS FTP Server setup behind a router firewall?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

=?Utf-8?B?QWxhbg==?= <Alan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:59394581-AD2B-47B1-B409-A8B746453928@xxxxxxxxxxxxx:

I have been using a the FTP server running on Windows XP
Professional with a static IP for years with no trouble.
I have recently added a router as a firewall and port forwarded
port 80 for the web server no problem there and port 20 & 21 for
the FTP server. I don't think I have all of the necessary ports
open to allow file transfers. I keep getting permission errors.
You can get a connection but transfers fail. Has anyone set this
up before without opening so many ports that the firewall is
useless. Is the version of IIS released with Windows XP
Professional capable of assigning ports for these transfers I
understand you need 2 ports per connection. Any help with this
problem would be appreciated.

Strictly speaking, if a FTP _server_ is behind a NAT router, then only
active mode FTP should work. If a FTP _client_ is behind a NAT router,
then only Passive mode FTP should work. If both are behind NAT
routers, then FTP won't work. This is irrespective of port forwarding.

The reason for this is that when it comes time to establish the data
connection, depending on active or passive mode one side will tell the
other to "connect to me at the following IP address and Port". Because
they are behind a NAT router, the IP address they think they have is a
non internet-routable address like 192.168.1.x. and they tell the other
side to connect to this 192.168.x.x address which the other side simply
can't do -- and the connection fails.

Some FTP clients realize this limitation and provide work-arounds to
get FTP to work by ignoring the IP address it is told to use and
instead use the IP address of the original connection. "Filezilla",
for example, has a setting for passive mode that reads: "Some
misconfigured remote servers which are behind a router may reply with
their local IP address:
o Use the server's external IP address instead."

I'm not familiar with the server you're using, but check to see if it
has a setting for you to provide an external IP address for
establishing data connections in passive mode. This can get dicey if
your external IP address changes.

HTH,
John
.

Relevant Pages

  • Re: Cannot connect to RWW from home PC
    ... That would be the address you need a DNS record for. ... You say "And in the router you need to forward to your external nic IP" ... Still can't telnet to any of your ports at your public ip address. ... Heres' the info for our server: ...
    (microsoft.public.windows.server.sbs)
  • Re: Simultaneous DSL and cable modem access on a SBS network...sorf ot.
    ... Internet Connection wizard on the SBS box, ... "More Information" button on what ports need to be opened to the SBS. ... The server and the fax (the line the DSL modem ... The cable modem already has a router attached to it as well, ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 20003 R2 Newbie
    ... Try using a smarthost to send outbound mail from your SBS server. ... you may have better luck using the Earthlink ... In the router, you need to forward some ports to your SBS NIC: ...
    (microsoft.public.windows.server.sbs)
  • Re: Set up Remote Connection
    ... To know what ports you need to forward for RWW and/or OWA, VPN, etc: ... Configuring Virtual Servers on Belkin Router: ... run my internet connection directly from the cable modem to the ... server, and then to the router through the second NIC. ...
    (microsoft.public.windows.server.sbs)
  • Re: Home Networking Question: Bridging/IP Forwarding between 2 LAN segments
    ... WAN port to the switch. ... Connect server 6 to the Westell and configure as necessary to allow ... Connect the WAN port on the Linksys router to the Westell device (or ... Linksys LAN ports. ...
    (microsoft.public.win2000.networking)