|
Home > Archive > IIS FTP Server > March 2004 > Alternate port for FTP site
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Alternate port for FTP site
|
|
| Giuseppe Pellegrino 2004-03-02, 7:34 am |
|
Hello,
I have a problem with a FTP site I'm configuring.
There are two FTP sites on this server (IIS 5.0 on Windows 2000 ADV SP4): a
default FTP site is configured on default port 21 and it works with no
hassles, connections are successful from both internal and external clients.
Another FTP site has been configured to respond through port 65001 and
here's the deal: internal clients connect immediately to this other site but
external clients go timeout right after authentication negotiation.
Apparently there is no problem with FTP publishing service for it responds
and authenticates as expected on port 65001, instead it hangs when it says
"receiving content folders" (or sort of) and only from external clients
after they authenticate.
One would say there's some kind of firewall filter for incoming connections
on port 65001 from the outside but this can't be for the following reasons:
- No firewall is present on this network (yet)
- No IIS lockdown Tool or Urlscan is installed/configured (yet)
- FTP is reachable and responds with required authentication as I said
before.
- Plain Windows98 and Windows 2000 clients with no firewall were used for
testing connections from the outside.
I have tried moving the site to some other ports such as 8080, 8081, 3333
and so on and it is always the same. Thought the ports might have been busy,
but as I configure test WWW sites (not FTP) on those same ports they all go
fine wherever the connection comes from in both passive and active mode.
For those who would like to experience the problem I'm having, they can
access the FTP sites with these addresses, they both contain one text
document..
FTP Site #1 (working) redirects to C:\Inetpub\ftproot
ftp://213.199.5.252:21
FTP Site #2 (not working) redirects to C:\Inetpub\ftproot2
ftp://213.199.5.252:65001
For testing purposes I set NTFS permission to grant full control to the
Everyone group and FTP authentication granted to the following user:
username: test
password: test
Can someone please help me figure this out?
Any help would be appreciated, thanks in advance.
Giuseppe Pellegrino
-----------------------------------
MCSA - MCSE - MCT
-----------------------------------
| |
| Bernard 2004-03-03, 2:34 am |
| If it's work perfectly inside but not remotely, meaning something somewhere
is blocking the connection.
do you NAT your ftp machine ?
what router are you using ?
Active mode uses 2 ports, default is 21 and 20, if you change it to X, then
data port will be X-1. in your case will be 65000. Passive mode uses dynamic
range from 1024-5000. With SP4, you can customize the port range.
I can connect to first site without problem, next site, I got 500 invalid
port command when I do a dir listing in ftp.exe, you might want to review
the following kbs
FTP Error: 500 Invalid PORT Command
http://support.microsoft.com/?id=281193
kb indicated, because you running NAT other than port 21, can you try set
this registry and see if it work for active mode.
http://www.microsoft.com/technet/tr..._ftpservice.asp
EnablePortAttack = 1
restart Ftp service and try ftp.exe to connect again.
c:\> ftp
ftp> open 213.199.5.252 65001
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Giuseppe Pellegrino" <pellegrino@despammed.com> wrote in message
news:uTFE6$EAEHA.4080@TK2MSFTNGP09.phx.gbl...
>
> Hello,
> I have a problem with a FTP site I'm configuring.
>
> There are two FTP sites on this server (IIS 5.0 on Windows 2000 ADV SP4):
a
> default FTP site is configured on default port 21 and it works with no
> hassles, connections are successful from both internal and external
clients.
>
> Another FTP site has been configured to respond through port 65001 and
> here's the deal: internal clients connect immediately to this other site
but
> external clients go timeout right after authentication negotiation.
> Apparently there is no problem with FTP publishing service for it responds
> and authenticates as expected on port 65001, instead it hangs when it says
> "receiving content folders" (or sort of) and only from external clients
> after they authenticate.
>
> One would say there's some kind of firewall filter for incoming
connections
> on port 65001 from the outside but this can't be for the following
reasons:
> - No firewall is present on this network (yet)
> - No IIS lockdown Tool or Urlscan is installed/configured (yet)
> - FTP is reachable and responds with required authentication as I said
> before.
> - Plain Windows98 and Windows 2000 clients with no firewall were used for
> testing connections from the outside.
>
> I have tried moving the site to some other ports such as 8080, 8081, 3333
> and so on and it is always the same. Thought the ports might have been
busy,
> but as I configure test WWW sites (not FTP) on those same ports they all
go
> fine wherever the connection comes from in both passive and active mode.
>
> For those who would like to experience the problem I'm having, they can
> access the FTP sites with these addresses, they both contain one text
> document..
>
> FTP Site #1 (working) redirects to C:\Inetpub\ftproot
> ftp://213.199.5.252:21
>
> FTP Site #2 (not working) redirects to C:\Inetpub\ftproot2
> ftp://213.199.5.252:65001
>
> For testing purposes I set NTFS permission to grant full control to the
> Everyone group and FTP authentication granted to the following user:
>
> username: test
> password: test
>
> Can someone please help me figure this out?
> Any help would be appreciated, thanks in advance.
>
> Giuseppe Pellegrino
> -----------------------------------
> MCSA - MCSE - MCT
> -----------------------------------
>
>
|
|
|
|
|