none
FTP Passive Mode and Remote Configuration in IIS7

    Question

  • Good Day to you all,

    I am having a seriously hard time trying to configure 'remote' FTP access for Win2008R2 server I use as an RRAS box.

    I used this guide: http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings-in-iis-7/#Step1

    My current configuration
    1. Ok so I added an FTP Site and pointed it E:\FTP_DATA and a DNS record for the server
    2. I initially used 127.0.0.1 for the site binding but I was not able to access the FTP site so I used 'All Unassigned', no hostname
    3. I choose 'Allow SSL' and my domain certificate
    4. Basic Authentication with Authorization given to a security group called FTP_Users R/W (added test users)
    5. In firewall support I used a 'Data Port Range' of 5000 - 6000 and the external address of my ASA firewall
    6. Added TCP ports 20, 21, 5000-6000 to the firewall ACL
    7. Added exclusions in my Windows Firewall on the FTP server to allow FTP, FTPS and FTP Passive

    When I try to FTP using DOS internally it works fine in active mode.

    C:\Users\anolan.DOMAIN>ftp ftp.domain.com
    Connected to ftp.domain.com.
    220 Microsoft FTP Service
    User (ftp.mccoysales.com:(none)): admin
    331 Password required for admin.
    Password:
    230 User logged in.
    ftp> dir
    200 PORT command successful.
    150 Opening ASCII mode data connection.
    06-13-12  12:01PM       <DIR>          TEST2
    06-13-12  12:12PM       <DIR>          TEST
    226 Transfer complete.
    ftp: 92 bytes received in 0.00Seconds 92000.00Kbytes/sec.

    When I try to FTP using DOS internally it does not work using passive mode.

    C:\Users\user.DOMAIN>ftp ftp.domain.com
    Connected to ftp.domain.com.
    220 Microsoft FTP Service
    User (ftp.mccoysales.com:(none)): admin
    331 Password required for admin
    Password:
    230 User logged in.
    ftp> QUOTE PASV
    227 Entering Passive Mode (66,195,82,222,232,88).
    ftp> dir
    200 PORT command successful.
    150 Opening ASCII mode data connection.
    425 Cannot open data connection.

    If I try using FileZilla in active mode internally I am also able to get to the FTP server OK

    Status: Connected
    Status: Retrieving directory listing...
    Command: PWD
    Response: 257 "/" is current directory.
    Command: TYPE I
    Response: 200 Type set to I.
    Command: PORT 10,10,0,191,20,94
    Response: 200 PORT command successful.
    Command: LIST
    Response: 125 Data connection already open; Transfer starting.
    Response: 226 Transfer complete.
    Status: Directory listing successful

    If I try using FileZilla in passive mode internally I receive this error. I think it is because the server is returning the address of my server to a local client machine.

    Status: Connected
    Status: Retrieving directory listing...
    Command: PWD
    Response: 257 "/" is current directory.
    Command: TYPE I
    Response: 200 Type set to I.
    Command: PASV
    Response: 227 Entering Passive Mode (66,195,82,222,232,30).
    Command: LIST
    Response: 150 Opening BINARY mode data connection.
    Error: Connection timed out
    Error: Failed to retrieve directory listing

    ------------------Remote Connection Testing------------------------

    Trying to connect using DOS from a remote location using Active mode it fails

    C:\Users\anolan.DOMAIN>ftp ftp.domain.com
    Connected to ftp.domain.com.
    220 Microsoft FTP Service
    User (ftp.mccoysales.com:(none)): admin
    331 Password required for admin.
    Password:
    230 User logged in.
    ftp> dir
    Connection closed by remote host

    Trying to connect using DOS from a remote location using Passive mode it fails

    C:\Users\user.DOMAIN>ftp ftp.domain.com
    Connected to ftp.domain.com.
    220 Microsoft FTP Service
    User (ftp.mccoysales.com:(none)): admin
    331 Password required for admin
    Password:
    230 User logged in.
    ftp> QUOTE PASV
    227 Entering Passive Mode (66,195,82,222,232,88).
    ftp> dir
    Connection closed by remote host

    FileZilla also fails remotely using Passive Mode

    Status: Connected
    Status: Retrieving directory listing...
    Command: PWD
    Response: 257 "/" is current directory.
    Command: TYPE I
    Response: 200 Type set to I.
    Command: PASV
    Response: 227 Entering Passive Mode (66,195,82,222,232,30).
    Command: LIST
    Response: 150 Opening BINARY mode data connection.
    Error: Connection timed out
    Error: Failed to retrieve directory listing

    The output from my log file (FTPSVC2) does not give me much. Basically the control channel is closed as soon as I initiate a conversation:

    2012-06-13 21:44:21 70.196.193.129 DOMAIN\USER 10.10.90.102 21 PASS *** 230 0 0 d22a0726-a230-45e1-85d5-8e643ca2f7be /
    2012-06-13 21:45:20 70.196.193.129 - 10.10.90.102 21 ControlChannelOpened - - 0 0 2e13513c-c64a-4266-8b02-7eab273f7e5b -
    2012-06-13 21:45:22 70.196.193.129 - 10.10.90.102 21 USER USER 331 0 0 2e13513c-c64a-4266-8b02-7eab273f7e5b -
    2012-06-13 21:45:23 70.196.193.129 DOMAIN\USER 10.10.90.102 21 ControlChannelClosed - - 64 0 d22a0726-a230-45e1-85d5-8e643ca2f7be -
    2012-06-13 21:45:25 70.196.193.129 DOMAIN\USER 10.10.90.102 21 PASS *** 230 0 0 2e13513c-c64a-4266-8b02-7eab273f7e5b /
    2012-06-13 21:45:38 70.196.193.129 DOMAIN\USER 10.10.90.102 21 PASV - 227 0 0 2e13513c-c64a-4266-8b02-7eab273f7e5b -
    2012-06-13 21:46:17 - DOMAIN\USER 10.10.90.102 59486 DataChannelClosed - - 258 15 2e13513c-c64a-4266-8b02-7eab273f7e5b -
    2012-06-13 21:46:43 70.196.193.129 DOMAIN\USER 10.10.90.102 21 ControlChannelClosed - - 64 0 2e13513c-c64a-4266-8b02-7eab273f7e5b -

    Any help would be much appreciated..... sorry about the length.

    Noncentz

    Wednesday, June 13, 2012 9:54 PM

Answers

All replies