| Groups | Blog | Home |
iis ftp : 1 IIS, 2 FTP
Hi all,
I have an anonymous FTP (port 21) on my IIS 5 that I need to keep in place. I want to add another FTP site to the same IIS (I only have one IP address). So I added an new FTP site, physical folder, virtual folder, etc... and assigned it a port other than 21 (say 8121). I opened up the port on my linksys router, assigned (for now) anonymous access for testing purposes and the appropriate NTFS permission to the default user account that the FTP session will log in under. I can connect and log in as anonymous, but when I try to list the folders I get an error on the PORT command. Now, the FTP open command uses my 8121 port, So I assume that the problem is with the data port. I have tried both passive and active connections to no avail. I think this is a router/firewall issue? but I'm not sure. My other question is: If and when I get this site working, how do I setup a non-anonymous ftp site? I thought this would be easy and very obvious, but when I uncheck the allow anonymous access check box I can see nowhere to enter user names and PWs. Does this use window accounts? If so I can handle that. Any help would be appreciated! Thanks
You may also need to port-forward 8020
"standard" FTP uses port 21 for a control channel, and port 20 for data. sounds like you need forwarding configured for yours, and default data port is controlport-1. give it a try, let us know. -- Jason Brown Microsoft GTSC, IIS This posting is provided "AS IS" with no warranties, and confers no rights. [quoted text, click to view] "kpg" <ipost@thereforeiam.com> wrote in message news:uRzyqgWVFHA.1148@tk2msftngp13.phx.gbl... > Hi all, > > I have an anonymous FTP (port 21) on my IIS 5 that I need to keep > in place. I want to add another FTP site to the same IIS (I only have > one IP address). > > So I added an new FTP site, physical folder, virtual folder, etc... and > assigned it a port other than 21 (say 8121). I opened up the port on > my linksys router, assigned (for now) anonymous access for testing > purposes and the appropriate NTFS permission to the default > user account that the FTP session will log in under. > > I can connect and log in as anonymous, but when I try to list the > folders I get an error on the PORT command. Now, the FTP open > command uses my 8121 port, So I assume that the problem is with > the data port. I have tried both passive and active connections to > no avail. I think this is a router/firewall issue? but I'm not sure. > > My other question is: If and when I get this site working, how do > I setup a non-anonymous ftp site? I thought this would be easy > and very obvious, but when I uncheck the allow anonymous access > check box I can see nowhere to enter user names and PWs. Does > this use window accounts? If so I can handle that. > > Any help would be appreciated! > Thanks > kpg
FTP Error: 500 Invalid PORT Command
http://support.microsoft.com/?id=281193 so it's the NAT issue. I would suggest one ftp site, you can then secure it with authentication, and different folder access control with NTFS permissions. HOW TO: Limit FTP Access in Windows 2000 http://support.microsoft.com/?id=318712 HOW TO: Create a Secure FTP Directory that Uses Password Authentication http://support.microsoft.com/?id=239120 How To Set Up an FTP Site So That Users Log Onto Their Folders http://support.microsoft.com/?id=201771 -- Regards, Bernard Cheah http://www.microsoft.com/iis/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ [quoted text, click to view] "kpg" <ipost@thereforeiam.com> wrote in message news:uRzyqgWVFHA.1148@tk2msftngp13.phx.gbl... > Hi all, > > I have an anonymous FTP (port 21) on my IIS 5 that I need to keep > in place. I want to add another FTP site to the same IIS (I only have > one IP address). > > So I added an new FTP site, physical folder, virtual folder, etc... and > assigned it a port other than 21 (say 8121). I opened up the port on > my linksys router, assigned (for now) anonymous access for testing > purposes and the appropriate NTFS permission to the default > user account that the FTP session will log in under. > > I can connect and log in as anonymous, but when I try to list the > folders I get an error on the PORT command. Now, the FTP open > command uses my 8121 port, So I assume that the problem is with > the data port. I have tried both passive and active connections to > no avail. I think this is a router/firewall issue? but I'm not sure. > > My other question is: If and when I get this site working, how do > I setup a non-anonymous ftp site? I thought this would be easy > and very obvious, but when I uncheck the allow anonymous access > check box I can see nowhere to enter user names and PWs. Does > this use window accounts? If so I can handle that. > > Any help would be appreciated! > Thanks > kpg
[quoted text, click to view]
"Jason Brown [MSFT]" <i-brjaso@online.microsoft.com> wrote in message news:eZKhm5dVFHA.3488@tk2msftngp13.phx.gbl... > You may also need to port-forward 8020 I tried FTP Port -1 and it did not work. I made the FTP server the DMZ (all ports open) and it still did not work.
[quoted text, click to view]
"Bernard" <qbernard@hotmail.com.discuss> wrote in message news:O93fP7dVFHA.2676@TK2MSFTNGP10.phx.gbl... > FTP Error: 500 Invalid PORT Command > http://support.microsoft.com/?id=281193 > > so it's the NAT issue. I would suggest one ftp site, you can then secure > it with authentication, and different folder access control with NTFS > permissions. That article seems to indicate that the NAT router would not correctly change the IP address. My router seems to be doing that OK based on the following log: <log> WINSOCK.DLL: WinSock 2.0 WS_FTP Pro 6.01 99.01.29, Copyright © 1992-1999 Ipswitch, Inc. - - connecting to 69.14.199.5:8021 <- WAN Ip address munged :-) Connected to 69.14.199.5 port 8021 220 svr-003 Microsoft FTP Service (Version 5.0). USER anonymous 331 Anonymous access allowed, send identity (e-mail name) as password. PASS (hidden) 230-Welcome To My FTP 230 Anonymous user logged in. PWD 257 "/" is current directory. Host type (I): Microsoft NT PORT 192,168,1,117,5,147 <- this is my LAN ip address 500 Invalid PORT Command. ! Failed "port": ! Retrieve of folder listing failed (0) </log> So it appears that it is a port issue, but I set the router to see the server as the DMZ and I still have the problem. You said I should have one FTP site and use different account/folders. I know how to do that but I was trying this first because what I really want is an Anonymous FTP AND a Password protected FTP Site. I have a lot of client side (in the field) code that relies on my Anonymous FTP and I don't want to break that. But I would like to add a password protected FTP along side the Anonymous one. Thanks for your input. kpg
I noticed that when I log in to the 'normal' FTP site i get:
<log> 230 Anonymous user logged in. PWD 257 "/" is current directory. SYST 215 Windows_NT version 5.0 Host type (S): Microsoft NT PORT 192,168,1,117,6,223 200 PORT command successful. </log> But with the higher PORT FTP site I get: <log> 230 Anonymous user logged in. PWD 257 "/" is current directory. Host type (I): Microsoft NT PORT 192,168,1,117,6,231 500 Invalid PORT Command. </log> Notice there is no SYST command echoed on the high PORT site. Also the Host Type is (I) instead of (S). What is Host Type I and S? kpg
Again, from your log. it shows that NAT can't really handle non default port
ftp requests. Very simple test, swap the binding port of the two ftp sites. site 1 to 8021 and the problematic one site 2 to 21. I believe you will get site 2 no problem but site 1 invalid port command again. Another way to have two sites to fulfill your need is to two IPs two ftp sites. -- Regards, Bernard Cheah http://www.microsoft.com/iis/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ [quoted text, click to view] "kpg" <ipost@thereforeiam.com> wrote in message news:untnuXkVFHA.2684@TK2MSFTNGP09.phx.gbl... > "Bernard" <qbernard@hotmail.com.discuss> wrote in message > news:O93fP7dVFHA.2676@TK2MSFTNGP10.phx.gbl... >> FTP Error: 500 Invalid PORT Command >> http://support.microsoft.com/?id=281193 >> >> so it's the NAT issue. I would suggest one ftp site, you can then secure >> it with authentication, and different folder access control with NTFS >> permissions. > > That article seems to indicate that the NAT router would not correctly > change the IP address. My router seems to be doing that OK based > on the following log: > > <log> > WINSOCK.DLL: WinSock 2.0 > WS_FTP Pro 6.01 99.01.29, Copyright © 1992-1999 Ipswitch, Inc. > - - > connecting to 69.14.199.5:8021 <- WAN Ip address munged :-) > Connected to 69.14.199.5 port 8021 > 220 svr-003 Microsoft FTP Service (Version 5.0). > USER anonymous > 331 Anonymous access allowed, send identity (e-mail name) as password. > PASS (hidden) > 230-Welcome To My FTP > 230 Anonymous user logged in. > PWD > 257 "/" is current directory. > Host type (I): Microsoft NT > PORT 192,168,1,117,5,147 <- this is my LAN ip address > 500 Invalid PORT Command. > ! Failed "port": > ! Retrieve of folder listing failed (0) > </log> > > So it appears that it is a port issue, but I set the router to see the > server as > the DMZ and I still have the problem. > > You said I should have one FTP site and use different account/folders. I > know > how to do that but I was trying this first because what I really want is > an > Anonymous FTP AND a Password protected FTP Site. > > I have a lot of client side (in the field) code that relies on my > Anonymous FTP > and I don't want to break that. But I would like to add a password > protected > FTP along side the Anonymous one. > > Thanks for your input. > kpg
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |