Announcement

Collapse
No announcement yet.

FTP Problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • FTP Problem

    Hi,

    I am running an FTP server on IIS6, on my 2003 Server machine. I am using a Linksys BEFSR41 router.

    Users are unable to view the contents of the FTP unless they disable passive mode. This isnt a solution for me, as I dont wish to ask people to disable passive connections, rather they connect automatically whether using passive mode or otherwise.

    When connecting (default IE settings) the error code is "426 Connection closed transfer aborted", bottom left in the status bar states "getting folder list". At this point, it fails.

    I have -

    Enabled port 21 (TCP)

    Enabled port 20 (TCP) *Shields up port scanning site states this port is closed though..??

    Allowed anonymous connections

    Permissioned IUSR account on FTP dir to Read\List access via NTFS permissions

    Disabled windows firewall

    Disabled McAfee AV (for testing) so no possible port blocking is occuring

    Opened port range 5500 to 5700 on router according to this KB - http://support.microsoft.com/?id=555022

    Updated firmware to 1.5

    An example of the log is as follows -

    22:22:53 192.168.1.1 [17]USER anonymous 331 0
    22:22:53 192.168.1.1 [17]PASS [email protected] 230 0
    22:22:53 192.168.1.1 [17]sent / 550 2
    22:22:53 192.168.1.1 [17]sent / 426 2
    22:22:53 192.168.1.1 [17]CWD / 250 0
    22:23:33 192.168.1.1 [18]USER anonymous 331 0
    22:23:33 192.168.1.1 [18]PASS [email protected] 230 0
    22:23:49 192.168.1.1 [18]QUIT - 426 0

    If anyone is able to suggest steps I can take to resolve this I would be grateful.

    Thanks for looking

  • #2
    Re: FTP Problem

    Opened port range 5500 to 5700 on router according to this KB
    What does this mean? Did you configure your FTP server to only use those ports for the data channel in passive mode?
    Did you configure the Linksys to forward those ports to the FTP server?
    You need to do both if you want passive mode to work.

    BTW - don't worry about port 20. If active mode is working then port 20 is getting out OK.
    Last edited by JeremyW; 5th December 2006, 04:11. Reason: grammar and clarification
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: FTP Problem

      Hi, thanks for the reply

      I have set my router to port forward the range 5500-5700 to the IP of my FTP server.

      I also ran the KB document mentioned earlier, to limit the port range to 5500-5700.

      "Did you configure your FTP server to only use those ports for the data channel in passive mode?"

      I cant see anything on the FTP server config itself which would help, but Im assuming the above is what needed to be done here.

      Comment


      • #4
        Re: FTP Problem

        Passive port range on your Windows 2003 ftp server can be configured using ADSUTIL script.
        For more detail see:
        http://support.microsoft.com/?id=555022
        Regards,
        Csaba Papp
        MCSA+messaging, MCSE, CCNA
        ...............................
        Remember to give credit where credit is due and leave reputation points where appropriate
        .................................

        Comment


        • #5
          Re: FTP Problem

          I have run the script and it would appear to of been run successfully, and I have opened TCP port range 5500-5700 on my router accordingly. Stop/started the FTP service, but still the same problem.

          I tested internally, and am able to use passive connection on both Active and Passive methods within IE but ONLY when I use IP address of my FTP server. When I use the dyndns address I set up (ftp://servername.dyndns.org) it only connects using Active. Passive mode still gives the error "Make sure you have permission to access that FTP server, connection has been reset".

          The internet user account is set up to have read access to my FTP dir, and as it connects using Active mode I doubt its a permissioning issue.

          Comment


          • #6
            Re: FTP Problem

            Originally posted by marcus2704 View Post
            I have run the script and it would appear to of been run successfully, and I have opened TCP port range 5500-5700 on my router accordingly. Stop/started the FTP service, but still the same problem.

            I tested internally, and am able to use passive connection on both Active and Passive methods within IE but ONLY when I use IP address of my FTP server. When I use the dyndns address I set up (ftp://servername.dyndns.org) it only connects using Active. Passive mode still gives the error "Make sure you have permission to access that FTP server, connection has been reset".

            The internet user account is set up to have read access to my FTP dir, and as it connects using Active mode I doubt its a permissioning issue.
            I'd check with your ISP to see they're letting all traffic through. Sometimes ISPs will block traffic coming in on the Ephemeral Port Range. (and sometimes even more ports)
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: FTP Problem

              Did you test the connection from the Internet or just from your LAN using the FTP server's public IP ?
              If you don't have a SPLIT DNS, servername.dyndns.org is mapped to your servers's public IP. This is why the PASSIVE mod din't work.
              Regards,
              Csaba Papp
              MCSA+messaging, MCSE, CCNA
              ...............................
              Remember to give credit where credit is due and leave reputation points where appropriate
              .................................

              Comment


              • #8
                Re: FTP Problem

                Im not sure Im understanding you correctly. The DYNDNS service updates the IP which I am provided by my ISP from an agent running on the server. I thought that IP was mapped to my router which in turn forwards traffic through the FTP port to the server running the FTP.

                When accessing through the internet (external), I can only connect to the FTP by using Active connection. Passive connection does not work. Internally passive works but only when using IP, whereas Active works with IP and internet domain.
                Last edited by marcus2704; 6th December 2006, 22:16.

                Comment

                Working...
                X