• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Little trouble with IIS FTP server setup

T

thirdlegstump

Banned
Here's how it's setup:

IIS 6 on Server 2003 Std.

Site 1: port 8333 on 192.168.15.8
Specified the domain users with read write and modify permissions on Site 1
to a local folder specified as the FTP root.

Firewall rules allow all incoming connections to 192.168.15.8 on port 8333. Other services work fine such as web servers etc on other servers.

Stopped and restarted services to make sure no setting is left behind.

Checked the root directory NT security priviledges and the users are correctly configured with the proper priviledges.

Here's what's happening:

After connecting and authenticating, FTP client would try and load the directory but times out often with an error:

"An error occurred opening that folder on the FTP Server. Make sure you have permission to access that folder. The operation timed out"

Firewall is a Sonicwall TZ170.
 
Learn how to setup virtual folders with IIS/FTP.

As long as you are port fowarding on your firewall, it shouldn't matter what port you use with IIS/FTP.

**Edit** typo.
 
Originally posted by: Thor86
Learn how to setup virtual folders with IIS/FTP.

As long as you are port fowarding on your firewall, it shouldn't matter what port you use with IIS/FTP.

**Edit** typo.
Click to expand...

It matters a lot how you setup a FTP server (and whatever firewall/NAT/PAT device it is behind) and what the client is going thru, especially if you're running on a non-standard port. If you are running on a non-standard port for FTP you have to some special tweaking to the firewall the server is behind so that it can understand the L7 protocol being used...you only get this flexibility with a "real" firewall. What I'm trying to say is this is normal behavior for these kinds of protocols - similar to H.323, SQLnet, etc.

check out the link I posted, it's a great summary of the issues involved in this very well known aspect of FTP.

It's for this very reason that I ALWAYs setup FTP with a true static one-to-one NAT and then rely on stateful inspection to do the protection. Meaning any port to an external IP address is directly translated to an internal address, both outgoing and incoming.

-edit- and while we're on the topic of protection/security...run any and all file transfer protocols through an inline virus scanner/scrubber.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top