FTP server

[eclips]

I'm trying to set up an FTP server. I'm no IIS guru! I have installed IIS & have configured the default FTP site to point to a specific port. I have opened up the firewall to allow ftp traffic thru that port. I know I can get to the site because I have tsweb enabled & have no problem getting in.

When I try to connect thru a FTP client I get:
Connecting to: FTP Server
Connection Established
220-Microsoft FTP Service
220 Here it is!!!
Connected to: FTP server
USER anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
PASS
230-Wanna get some files??
230 Anonymous user logged in.
SYST
215 Windows_NT
PWD
257 "/" is current directory.
TYPE A
200 Type set to A.
PORT 1internal ip,18,249
500 Invalid PORT Command.

Here's thru a browser I get the error
FTP Folder Error
Windows cannot access this folder. Make sure you typed the file name correctly & that you have permission to access the folder.


Is it NTFS or Share permissions on the FTP directory? I think it's installed correctly & I'm having a problem somewhere with the configuration.

Please don't tell me to run SSH:>)

 

[SaintTigurius]

i am not that educated on ftp. by FTP foler error does that mean its the a folder, try to create a new one and go throught that one, but i think i am wrong

 

[eclips]

Folder.. Maybe a typo. I didn't alter the folder. It is the ftproot IIS created.

 

[kamper]

IIS is rejecting the PORT command because it's a security vulnerability (who'da thunk it?). Basically your client is telling IIS that it is listening on a certain port for a data connection and that IIS should connect there to send the data. Your client is in active mode but if you switch it to passive mode then the connection will happen the other way around (server binds to another port and tells the client to connect to it for data). The only hitch with that is that you have to have some more ports open on your firewall and you are limited in the number of concurrent client connections. It's probably possible to tell the server to allow active mode though. If you're running an ftp server you're probably not super concerned with security

 

[eclips]

sounds good, but I still get an error in passive mode

 

[eclips]

this is what I get now;
TYPE A
200 Type set to A.
PASV
227 Entering Passive Mode (192,168,5,11,4,38).
LIST
425 Can't open data connection.

 

[kamper]

Any firewall between the client and the server?

 

[eclips]

yes, but I'm allowing that traffic thru. I'm connecting, and even getting to the point where I get my FTP welcome greeting. Once I'm in, I get the data connection error. any ideas why I can't see the ftproot files?

 

[kamper]

You are allowing data through on the common ports, 21 and 20 I imagine. But when you use passive mode the server opens up another port to which the client connects to receive data. That is not a well known port and so you don't have it open on your firewall. The port that is used (it should actually be a range of ports) should be configurable on the server somewhere.

What you need to do is find those ports and open them, or tell the server to allow active connections.

And just to make sure I'm on the right track, try using a client with passive mode from inside the firewall and see if that works first. If what I'm thinking is correct then that will work.

 

[Nothinman]

IIS is rejecting the PORT command because it's a security vulnerability (who'da thunk it?)

I don't know of any FTP servers that outright reject PORT commands. Most won't allow a PORT command to include an IP other than where the control connection is from though, so if something is being taken through NAT/PAT somewhere it might cause problems if the NAT/PAT device sucks.

 

[kamper]

vsftpd does, and that's where pretty much all my experience comes from (not that I'm all that experienced). I thought it was interesting that IIS would take a secure setting like that by default.

Here's another thought though: are both the client and server behind nat firewalls? If they both have 192.168.x.x addresses but are on seperate networks then I suppose they might get confused by the addresses in the POST command and the response to the PASV command. That's pure speculation though, a packet sniff would be the best way to diagnose that.

Edit: whoops, I just realized I basically repeated what you said, Nothinman

Edit: son of a bitc... I was wrong about vsftpd too (misread manpage). What a completely useless post :|

 

[Granorense]

Try to disable passive mode in your ftp program. If you use IE to connect go to tools>Internet Options>Advance, down to browsing and uncheck Use Passive FTP. If everything is configured correctly in your server, this may help.

 

[eclips]

Seems I found how to get it to work, but not a permanent solution. Port 21 works fine, but any specified poft doesn't. I assume something with NAT? Any ideas

 

[Night201]

Does it have to be with IIS? Have you tried Filezilla & Filezilla Server? It's a free FTP server and client and it takes only a few minutes to setup. It's a breeze.