| Groups | Blog | Home |
iis ftp : Accessing FTP over nonstandard port
to hit the URL of the server using Internet Explorer and either view or change files on the server depending on the instance they log into and the rights they have in each instance. The instance I created has been set to use port 21. I configured it to allow anonymous access and it works just fine. The instance that was created by default has been set to use port 2121 and required a login. I can browse to the server using that port, (after opening up a bunch of things in my Internet Explorer) and can get the login screen. When I add a username and password, it says that it's searching for the files and then times out. Is there another port I need to open on my firewall for data from the instance using the nonstandard port? At the moment ports 20, 21 and 2121 are open. Is there anything else I'm missing?
On Fri, 22 Apr 2005 18:04:06 -0700, "Paul Smith"
[quoted text, click to view] <PaulSmith@discussions.microsoft.com> wrote: >I have configured two instances of an FTP server. I want people to be able >to hit the URL of the server using Internet Explorer and either view or >change files on the server depending on the instance they log into and the >rights they have in each instance. > >The instance I created has been set to use port 21. I configured it to >allow anonymous access and it works just fine. > >The instance that was created by default has been set to use port 2121 and >required a login. I can browse to the server using that port, (after opening >up a bunch of things in my Internet Explorer) and can get the login screen. >When I add a username and password, it says that it's searching for the files >and then times out. Is there another port I need to open on my firewall for >data from the instance using the nonstandard port? At the moment ports 20, >21 and 2121 are open. Is there anything else I'm missing? 2120 would be a good one to open. Also use the FTP command line client so you can see the response codes.
I won't have the chance to open the port until Monday, but when I used the
command line to connect, I got the error, "500 Invalide Port Command". I checked information on it in the Knowledgebase, but the resolution listed there was rather vague. Any more bright ideas before I work on it Monday? Paul [quoted text, click to view] "Jeff Cochran" wrote:
> On Fri, 22 Apr 2005 18:04:06 -0700, "Paul Smith" > <PaulSmith@discussions.microsoft.com> wrote: > > >I have configured two instances of an FTP server. I want people to be able > >to hit the URL of the server using Internet Explorer and either view or > >change files on the server depending on the instance they log into and the > >rights they have in each instance. > > > >The instance I created has been set to use port 21. I configured it to > >allow anonymous access and it works just fine. > > > >The instance that was created by default has been set to use port 2121 and > >required a login. I can browse to the server using that port, (after opening > >up a bunch of things in my Internet Explorer) and can get the login screen. > >When I add a username and password, it says that it's searching for the files > >and then times out. Is there another port I need to open on my firewall for > >data from the instance using the nonstandard port? At the moment ports 20, > >21 and 2121 are open. Is there anything else I'm missing? > > 2120 would be a good one to open. Also use the FTP command line > client so you can see the response codes. > > Jeff
Paul I tried this a while ago (not for serious use) and had loadsa trouble.
Since then I have read that "Some" routers can't do NAT on FTP packets because they don't accurately record the internal IPs being used on the intranet unless the default port 21 is being used. I don't know how valid this is, but in your case if the second server still appears to behave oddly (mine was fine from the local net but useless on the internet) it may be that despite opening ports on the router your connection is still not making it through. I only mention this in case it's of interest as a theory - by the time I discovered it pressure of work had taken over my little experiment :) Best of luck, Charlie [quoted text, click to view] "Paul Smith" <PaulSmith@discussions.microsoft.com> wrote in message news:CC75500E-B614-4F24-934E-9EE1D5058947@microsoft.com... >I won't have the chance to open the port until Monday, but when I used the > command line to connect, I got the error, "500 Invalide Port Command". I > checked information on it in the Knowledgebase, but the resolution listed > there was rather vague. Any more bright ideas before I work on it Monday? > > Paul > > > > "Jeff Cochran" wrote: > >> On Fri, 22 Apr 2005 18:04:06 -0700, "Paul Smith" >> <PaulSmith@discussions.microsoft.com> wrote: >> >> >I have configured two instances of an FTP server. I want people to be >> >able >> >to hit the URL of the server using Internet Explorer and either view or >> >change files on the server depending on the instance they log into and >> >the >> >rights they have in each instance. >> > >> >The instance I created has been set to use port 21. I configured it to >> >allow anonymous access and it works just fine. >> > >> >The instance that was created by default has been set to use port 2121 >> >and >> >required a login. I can browse to the server using that port, (after >> >opening >> >up a bunch of things in my Internet Explorer) and can get the login >> >screen. >> >When I add a username and password, it says that it's searching for the >> >files >> >and then times out. Is there another port I need to open on my firewall >> >for >> >data from the instance using the nonstandard port? At the moment ports >> >20, >> >21 and 2121 are open. Is there anything else I'm missing? >> >> 2120 would be a good one to open. Also use the FTP command line >> client so you can see the response codes. >> >> Jeff >>
Hokay,
It took a while to get back to it, but the upshot is...so far no luck. I've had a brainstorm, though. I'm using a PIX for my firewall, and I've got a DMZ card attached to my FTP server. I can give the DMZ NIC a secondary address on a different network and then connect it to a switch. Then I can connect the switch to the FTP server on the current server NIC and on another NIC that I add to the server using an IP in the secondary network. My question now is, "Can I make the second FTP site work only off of the second network card using the standard FTP ports? Will this be a viable solution to the problem?" Any thoughts, anyone? Paul [quoted text, click to view] "Charlie Tame" wrote:
> Paul I tried this a while ago (not for serious use) and had loadsa trouble. > > Since then I have read that "Some" routers can't do NAT on FTP packets > because they don't accurately record the internal IPs being used on the > intranet unless the default port 21 is being used. I don't know how valid > this is, but in your case if the second server still appears to behave oddly > (mine was fine from the local net but useless on the internet) it may be > that despite opening ports on the router your connection is still not making > it through. > > I only mention this in case it's of interest as a theory - by the time I > discovered it pressure of work had taken over my little experiment :) > > Best of luck, > > Charlie > > "Paul Smith" <PaulSmith@discussions.microsoft.com> wrote in message > news:CC75500E-B614-4F24-934E-9EE1D5058947@microsoft.com... > >I won't have the chance to open the port until Monday, but when I used the > > command line to connect, I got the error, "500 Invalide Port Command". I > > checked information on it in the Knowledgebase, but the resolution listed > > there was rather vague. Any more bright ideas before I work on it Monday? > > > > Paul > > > > > > > > "Jeff Cochran" wrote: > > > >> On Fri, 22 Apr 2005 18:04:06 -0700, "Paul Smith" > >> <PaulSmith@discussions.microsoft.com> wrote: > >> > >> >I have configured two instances of an FTP server. I want people to be > >> >able > >> >to hit the URL of the server using Internet Explorer and either view or > >> >change files on the server depending on the instance they log into and > >> >the > >> >rights they have in each instance. > >> > > >> >The instance I created has been set to use port 21. I configured it to > >> >allow anonymous access and it works just fine. > >> > > >> >The instance that was created by default has been set to use port 2121 > >> >and > >> >required a login. I can browse to the server using that port, (after > >> >opening > >> >up a bunch of things in my Internet Explorer) and can get the login > >> >screen. > >> >When I add a username and password, it says that it's searching for the > >> >files > >> >and then times out. Is there another port I need to open on my firewall > >> >for > >> >data from the instance using the nonstandard port? At the moment ports > >> >20, > >> >21 and 2121 are open. Is there anything else I'm missing? > >> > >> 2120 would be a good one to open. Also use the FTP command line > >> client so you can see the response codes. > >> > >> Jeff > >> > >
[quoted text, click to view]
"Paul Smith" <PaulSmith@discussions.microsoft.com> wrote in message news:EEF47701-8594-4F18-BBA7-DC419F452933@microsoft.com... > It took a while to get back to it, but the upshot is...so far no luck. > I've > had a brainstorm, though. I'm using a PIX for my firewall, and I've got a > DMZ card attached to my FTP server. I can give the DMZ NIC a secondary > address on a different network and then connect it to a switch. Then I > can > connect the switch to the FTP server on the current server NIC and on > another > NIC that I add to the server using an IP in the secondary network. My > question now is, "Can I make the second FTP site work only off of the > second > network card using the standard FTP ports? Will this be a viable solution > to > the problem?" Any thoughts, anyone? You could simply create a second IP address on the original NIC, but adding another NIC is also a valid solution to this. The key appears to be simply that your NAT firewall is not recognising traffic as being "FTP" unless it comes in to the server at port 21. Alun. ~~~~ -- Software Design Engineer, Internet Information Server (FTP) This posting is provided "AS IS" with no warranties, and confers no rights.
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |