Announcement

Collapse
No announcement yet.

Getting the correct security settings for FTP users on W2K3

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Getting the correct security settings for FTP users on W2K3

    Hello technicians,

    First of all al big hoera vor Daniel!! Great site!
    I'm dutch so maybe my spelling isn't totally right, but i guess you can understand what i'm saying.

    I recently installed windows 2003 server, with an Active Directory but without IIS6. I installed Serv-U 6.0 and tried to share a directory. Internally it works but when i connect from outside my network i'm not able to see the files. I found out that clients can connect but they get a list error :

    CWD /d:/test/
    [R] 250 Directory changed to /d:/test
    [R] PWD
    [R] 257 "/d:/test" is current directory.
    [R] TYPE A
    [R] 200 Type set to A.
    [R] PASV
    [R] 227 Entering Passive Mode (xxx,xxx,xxx,xxx,xxx,xxx)
    [R] Opening data connection IP: xxx.xxx.xxx.xxx PORT: 34030
    [R] Data Socket Error: Connection timed out
    [R] List Error

    ** removed my ip adress **


    though in Serv-u i gave the user permission to list! So i think it might be a windows security error. Or could it be that my RRAS doesn't forward port 34030, which is changeing every time i re-connect.

    What are the correct file permission and security settings for this problem?

    Thanks a lot for any reaction!!!

    Greetz Martin

  • #2
    I haven't used Serv-U in a long time but from I recall permissions for it are handled entirely by the FTP app not windows.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Thanks

      Thank you for your reply!

      But to be sure it is or isn't an ftp-app setting, i uninstalled serv-u and installed bulletproof ftp server.

      Guess what, same problem!

      So i guess it is an Windows 2003 security problem, maybe it has got something to do with service pack 1, cause i have installed 2003 with tons of services before without SP1.

      I really hope someones knows the answer, i'll keep looking on the net for an sollution, when found, i'll post it here!

      Comment


      • #4
        is the windows firewall enabled from windows 2003?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          are you serious?

          Come on Dumber, i posted i was using RRAS

          a.k.a Routing and Remote Access Server

          = not compatible with windows firewall!!!

          and it can't be a firewall problem because a user DOES connect, but simply gets an error when listing.

          Comment


          • #6
            Is the client using Active or a Passive setting?
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: are you serious?

              Originally posted by Mednezz
              Come on Dumber, i posted i was using RRAS

              a.k.a Routing and Remote Access Server

              = not compatible with windows firewall!!!

              and it can't be a firewall problem because a user DOES connect, but simply gets an error when listing.
              I'm afraid this is a firewall setting somewhere. When the user attempts a PASV connection, can log on but cannot obtain a server listing or other types of data connection it is generally a firewall issue.

              Read this article. It's long but it has everything you could possibly want to know about FTP.

              http://www.isaserver.org/articles/Ho..._Security.html

              TIP: Because this article is so long, just focus on the differences between ACTIVE and PASV FTP and the required ports that need to be open.

              Cheers

              Mr Caps....

              Comment


              • #8
                Re: are you serious?

                Originally posted by Mednezz
                Come on Dumber, i posted i was using RRAS

                a.k.a Routing and Remote Access Server

                = not compatible with windows firewall!!!

                and it can't be a firewall problem because a user DOES connect, but simply gets an error when listing.
                I might be talking out of my arse here as it's been a while since I've touched RRAS, but doesn't it come with a built in FW on a 2K3 server ? It definately comes with basic port blocking\filtering at least.

                I think MrCaps is right on the money !!

                topper.
                * Shamelessly mentioning "Don't forget to add reputation!"

                Comment

                Working...
                X