No announcement yet.

FTP Passive (PASV) Mode Client Issues on SBS 2003 to Remote FTP Servers

  • Filter
  • Time
  • Show
Clear All
new posts

  • FTP Passive (PASV) Mode Client Issues on SBS 2003 to Remote FTP Servers


    I'm hoping someone can help me with what my next step(s) should be.

    My client has an ADSL internet connection, connected to a Netgear DG834 router, connected to a Windows SBS 2003 SP2 Server (external NIC, Realtek RTL8139 Family PCI Fast Ethernet NIC). The Server has a second (internal) NIC, which connects to a switch and all client PC's (Windows XP Pro SP2) connect to the switch. This means that all packet data goes through the server. This is a setup I have inherited.

    My issue is with uploading to remote FTP sites when using a passive connection. When using an FTP client, such as FileZilla, on the Windows XP clients or Windows SBS server, uploading a file results in a connection timeout, zero bytes uploaded and the client then re-requests to upload the file. The file never uploads.

    I am aware that I need to open both FTP port 21 and random high port numbers on the router and server. I have therefore allowed all network traffic between the server and the FTP server address on all ports (essentially ruling out the Netgear's firewall blocking any packets on high ports). I am not sure that this is best practice for security, but I hoped it would help rule out where the problem lies.

    The server appears to use RRAS for its firewall and NAT. I have disabled the firewall in an attempt to rule out the RRAS firewall blocking any passive FTP connection. When connecting to the FTP server, RRAS maps port 21 from the client IP address to the remote FTP server IP address, as well as two random high port numbers (typically sequential). The Netgear router logs:
    Wed, 2008-03-12 08:12:05 - TCP Packet - Source:,12941 Destination:,21 - [Any(ALL) match]
    Wed, 2008-03-12 08:12:34 - TCP Packet - Source:,12951 Destination:,21 - [Any(ALL) match]

    Given that I have enabled logging for all incoming and outgoing traffic on (the remote FTP server), my concern is that I have no incoming traffic log from to (the server) on a random high port.

    I have searched the internet for a number of fixes, including installing hotfixes / ensuring all updates are installed. I also disabled the Application Layer Gateway, which proved to be a fix for some, but not for me.

    I have also attempted connecting to a different passive FTP server (hosted by a different hosting company), with the same symptoms.

    I think my next steps are to attempt FTP uploads by connecting a laptop directly to the Netgear router, bypassing the server to see (or I feel prove) that the server is causing the issue. I am also told updating the NIC drives to support NDIS 5.1 may fix the issue; again this is something I will try today.

    Any help or advice on what to test would be much appreciated.

    Last edited by Mac Sami; 12th March 2008, 09:27.

  • #2
    RESOLVED: FTP Passive (PASV) Mode Client Issues on SBS 2003 to Remote FTP Servers

    To save anyone from scratching their head at this problem, this is just to let you know the issue has been resolved.

    I performed a firmware upgrade on the Netgear DG384 v1 router to v3.01.25, the download can be found at

    This has fixed the issue.


    • #3
      Re: FTP Passive (PASV) Mode Client Issues on SBS 2003 to Remote FTP Servers

      Just to let you know that I have added to your reputation for not only giving a very lucid and clear explanation of the problem, but you also took the trouble to come back and give your own solution

      Well done and to be encouraged.

      Steven Teiger [SBS-MVP(2003-2009)]
      Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

      We donít stop playing because we grow old, we grow old because we stop playing.


      • #4
        Re: FTP Passive (PASV) Mode Client Issues on SBS 2003 to Remote FTP Servers

        Thanks, teiger! I'm more than happy to have found and shared the solution to the problem - it's been bugging me for a while, and took a lot of searching and fault finding to solve it.