|
filosad
Anon
2013-Oct-15 9:31 pm
[Networking] FTP Server over FIOSHello, I am attempting to setup a FTP Server using Win2003 Server. I can access it internally using a standard FTP client w/o any issues. I setup a friendly name (via dyndns) which I can picg externally (out of my network) w/o any issues. When I attempt to access from the outside with any FTP Client, I cannot access my FTP site. I have port forward enabled. I configured NAT, nothing works. What am I doing wrong ? Any help would be appreciated...Thx....filosad |
|
mikev Premium Member join:2002-05-04 Leesburg, VA ·Verizon FiOS (Software) pfSense Panasonic KX-TGP600
|
mikev
Premium Member
2013-Oct-15 9:38 pm
Make sure that your FTP client is configured to use PASV mode. PASV mode will usually work through most NAT setups.
If you're using a command line client, usually typing pasv as the command (some older clients you may need to use quote pasv to send the command directly to the server) will enable this mode.
If you use a GUI FTP client doesn't have an option for PASV mode, find a new one. There are plenty that do. |
|
Mahalo join:2000-12-20 united state
2 recommendations |
to filosad
Make sure you have 20 & 21 port forward to the internal address. I find that most people leave out 20.
Post a screenshot of you rules if it does not work. |
|
|
to filosad
Actually from a server perspective passive is less likely to work correctly because it will listen on random ports. On proftp (on linux) I had to set specifically what ports are used for passive via:
PassivePorts 3000 3200
In the config file and then have ports 3000-3200 forwarded to the machine behind the NAT to get passive working. Regular mode worked without this for me but passive would not. |
|
|
filosad to mikev
Anon
2013-Oct-22 2:41 pm
to mikev
I am using FileZilla as the FTP Client. I have checked that I am using passive mode. Still have connection issues. Following error from client (via external):
Connection attempt failed with "ECONNREFUSED - Connection refused by server". Error: Could not connect to server
Same client on the internal network, no issues. Hope that helps....filosad |
|
Mahalo join:2000-12-20 united state |
Mahalo
Member
2013-Oct-22 4:28 pm
Try it without using passv mode or use Windows FTP client. Make sure 20 & 21 are forwarded to the correct server. Post rules if that does not work. |
|
dmine45 join:2002-11-03 Fredericksburg, VA |
to filosad
Are you sure that you haven't enabled the Windows firewalls and preventing the FTP servers from being seen?
Like others have said, make sure both ports 20 and 21 are forwarded. FTP is the only protocol that I know of that uses two ports for transmission. All other ones are single ports. |
|
Mahalo join:2000-12-20 united state |
Mahalo
Member
2013-Oct-22 10:20 pm
Since he could get to it on the inside, the MS firewall should not be in the way. 20 is transfer and 21 is for control. There are other apps that use multiple ports. Take a stroll through the common port list |
|
nh5 join:2006-01-21 Old Bethpage, NY |
nh5
Member
2013-Oct-23 2:15 am
You have to set the external IP in IIS settings plus set the port range for passive mode when using behind NAT |
|
|
dmine45 join:2002-11-03 Fredericksburg, VA |
to Mahalo
Well aware of that list. I was trying to simplify it for those who aren't IT Experts. |
|
|
filosad to nh5
Anon
2013-Oct-24 8:51 pm
to nh5
Presently, I have IIS bound to the internal network address. If I attempt to do what is suggested, will I still be able to access my FTP server from the inside (internal network) ? It is more likely, I will be using the FTP server from the outside so that should not be an issue. Do I still need to port forward ports 20 & 21 ? Do I still need to configure NAT on the Actiontec Router (Fios). What is the preferred method. Thx so far fro your help.......filosad. |
|
|
non passive mode should 100% work on the internal LAN just use the LAN IP instead of the WAN IP. Sometimes it won't work internally so I assume you are testing from a remote machine. Not all arouters forward back internal IP to the public IP back to the internal LAN (like a loopback). That being said some passive protocols will have a 'masquerade IP address' it uses when using passive mode making it not work on the LAN but I am not sure if that would be the case with windows/IIS stuff as I am more of a unix guy. |
|
Mahalo join:2000-12-20 united state
1 recommendation |
to filosad
Just leave the bound IP to All in IIS and everything will work fine. Use the internal IP for FTP when you are on the LAN and use the external IP from the outside.
You need to forward 20 & 21 from the outside in. |
|
|
to filosad
Use FileZilla Server instead, it's a much more modern FTP server. Also you might want to look at upgrading to a more recent server OS, or linux. |
|