> USER xyz
< 331 Password required for xyz.
> PASS ****
< 230 User xyz logged in.
> SYST
< 215 Windows_NT
> PWD
< 257 "/" is current directory.
> TYPE A
< 200 Type set to A.
> PASV
< 227 Entering Passive Mode (192,168,1,10,5,205).
> LIST

> From: "DAZ" <anonymous@discussions.microsoft.com>
>
> I'm running IIS 6 on Windows 2003 Server. The server is
> behind a Linksys BEFSR41 router and uses a static
> internal address. My ISP only provides me with a dynamic
> IP address and has blocked port 21 so I've configured the
> ftp server to use port 7721. I've also configured
> passive port numbers 7722 to 7730 for ftp. I also have a
> dyndns.org name defined to point to my router's
> connection so I can find the server from out on the
> Internet. The router is configured to forward ports 7721
> to 7730 to my server at the internal static IP address.

> Clients have to connect in PASV mode because of the port
> blockage from my ISP.

> However, when the server responds,
> it sends its internal IP address back to the client which
> then cannot talk to the server because it's now using the
> wrong address. Anyone gotten around this? Here's an
> example log from the client FTP Commander:

>> From: "DAZ" <anonymous@discussions.microsoft.com>
>> I'm running IIS 6 on Windows 2003 Server. The server
is
>> behind a Linksys BEFSR41 router and uses a static
>> internal address. My ISP only provides me with a
dynamic
>> IP address and has blocked port 21 so I've configured
the
>> ftp server to use port 7721. I've also configured
>> passive port numbers 7722 to 7730 for ftp. I also
have a
>> dyndns.org name defined to point to my router's
>> connection so I can find the server from out on the
>> Internet. The router is configured to forward ports
7721
>> to 7730 to my server at the internal static IP address.
>
>The first question I would ask is the obvious non-
technical one -
>presumably your ISP has blocked port 21 because they
particularly don't
>want you running an FTP server, rather than because they
don't want you
>running something that uses a 21 in its destination
port. If you flout
>the rules of your ISP, you will probably be found out
eventually, and your
>service disconnected - possibly without warning, and
possibly even with a
>fine. I strongly recommend that you address this
problem _first_. It may
>be that you can simply ask your ISP to open up port 21
for use as an FTP
>server, and they will grant it - on occasion, this sort
of limit is put in
>to make sure that malware doesn't install a server that
the user is unaware
>of.
>

>> Clients have to connect in PASV mode because of the
port
>> blockage from my ISP.
>
>Only if your ISP is blocking outgoing connection
attempts, or if their ISP
>or firewall is blocking incoming connection attempts.
The former is
>unlikely, the latter more so.
>

>> However, when the server responds,
>> it sends its internal IP address back to the client
which
>> then cannot talk to the server because it's now using
the
>> wrong address. Anyone gotten around this? Here's an
>> example log from the client FTP Commander:
>
>This is because the NAT is unable to tell that the
server is sending FTP
>traffic - the NAT checks for FTP traffic only on port 21.
>
>I have heard that some more expensive NAT routers will
allow you to
>configure them such that they will look for FTP traffic
on whatever port
>you tell them - but I have not found any specific
details on that.
>
>It looks like your best bet is to try and convince your
ISP to let you run
>your FTP server on port 21.
>
>Alun.
>~~~~

> From: <anonymous@discussions.microsoft.com>
>
> Thanks. I'll either have to look into another method for
> transfering files or else at more capable hardware,
> though doing this once every two years doesn't seem like
> it would warrant spending extra $'s for equipment.