| Groups | Blog | Home |
iis ftp : FTP service and Windows Firewall on Server 2003
There is an IP address-based ACL in the "Security" tab that allows the
server to accept, or reject traffic from individual or blocks of IP addresses. Your description is consistent with it being that the originating IP is on that list. So it's worth a check in there. [quoted text, click to view] "Viktor Jevdokimov" <viktor@baltsoft.lt> wrote in message news:%23W9xCufyHHA.2224@TK2MSFTNGP02.phx.gbl... > Hi all, > > Environment: > - Windws Server 2003 R2 Standard Edition Service Pack 2 > - IIS with FTP service > - Windows Firewall enabled, TCP ports 21 and 20 are enabled both on > exceptions list and on connection. > > Problem: "Connection closed by remote host." right after user name is > entered when connecting from outside. > > When testing locally on the server or when Windows Firewall is disabled - > everything is fine, no problems. When Firewall is enabled, connection from > outside just drops right after user name is entered. > > IIS log file shows 421 FTP status and 121 win32 status. > > How to configure Windows Firewall properly for FTP service to work from > outside? > > Thanks in advance, > Viktor > > >
Hi all,
Environment: - Windws Server 2003 R2 Standard Edition Service Pack 2 - IIS with FTP service - Windows Firewall enabled, TCP ports 21 and 20 are enabled both on exceptions list and on connection. Problem: "Connection closed by remote host." right after user name is entered when connecting from outside. When testing locally on the server or when Windows Firewall is disabled - everything is fine, no problems. When Firewall is enabled, connection from outside just drops right after user name is entered. IIS log file shows 421 FTP status and 121 win32 status. How to configure Windows Firewall properly for FTP service to work from outside? Thanks in advance, Viktor
No IP restrictions. BTW, if IP is rejected, why it is starting an FTP
connection and asking for a user name? If IP is restricted, connection should be dropped before FTP welcome line and user name prompt. [quoted text, click to view] ".._.." <.._..@yourmom.mil> wrote in message news:q5Kni.36677$G23.20324@newsreading01.news.tds.net... > There is an IP address-based ACL in the "Security" tab that allows the > server to accept, or reject traffic from individual or blocks of IP > addresses. > > Your description is consistent with it being that the originating IP is on > that list. So it's worth a check in there. > > "Viktor Jevdokimov" <viktor@baltsoft.lt> wrote in message > news:%23W9xCufyHHA.2224@TK2MSFTNGP02.phx.gbl... >> Hi all, >> >> Environment: >> - Windws Server 2003 R2 Standard Edition Service Pack 2 >> - IIS with FTP service >> - Windows Firewall enabled, TCP ports 21 and 20 are enabled both on >> exceptions list and on connection. >> >> Problem: "Connection closed by remote host." right after user name is >> entered when connecting from outside. >> >> When testing locally on the server or when Windows Firewall is disabled - >> everything is fine, no problems. When Firewall is enabled, connection >> from >> outside just drops right after user name is entered. >> >> IIS log file shows 421 FTP status and 121 win32 status. >> >> How to configure Windows Firewall properly for FTP service to work from >> outside? >> >> Thanks in advance, >> Viktor >> >> >> > >
ya. it checked for access ip before prompt for login.
do you have inetinfo.exe defined in the firewall exception list? if you try ftp.exe command line to connect remotely, will it drop again after you entered the user name or ? -- Regards, Bernard Cheah http://www.iis.net/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Viktor Jevdokimov" <viktor@baltsoft.lt> wrote in message news:u$9GjMhyHHA.3564@TK2MSFTNGP04.phx.gbl... > No IP restrictions. BTW, if IP is rejected, why it is starting an FTP > connection and asking for a user name? If IP is restricted, connection > should be dropped before FTP welcome line and user name prompt. > > ".._.." <.._..@yourmom.mil> wrote in message > news:q5Kni.36677$G23.20324@newsreading01.news.tds.net... >> There is an IP address-based ACL in the "Security" tab that allows the >> server to accept, or reject traffic from individual or blocks of IP >> addresses. >> >> Your description is consistent with it being that the originating IP is >> on that list. So it's worth a check in there. >> >> "Viktor Jevdokimov" <viktor@baltsoft.lt> wrote in message >> news:%23W9xCufyHHA.2224@TK2MSFTNGP02.phx.gbl... >>> Hi all, >>> >>> Environment: >>> - Windws Server 2003 R2 Standard Edition Service Pack 2 >>> - IIS with FTP service >>> - Windows Firewall enabled, TCP ports 21 and 20 are enabled both on >>> exceptions list and on connection. >>> >>> Problem: "Connection closed by remote host." right after user name is >>> entered when connecting from outside. >>> >>> When testing locally on the server or when Windows Firewall is >>> disabled - >>> everything is fine, no problems. When Firewall is enabled, connection >>> from >>> outside just drops right after user name is entered. >>> >>> IIS log file shows 421 FTP status and 121 win32 status. >>> >>> How to configure Windows Firewall properly for FTP service to work from >>> outside? >>> >>> Thanks in advance, >>> Viktor >>> >>> >>> >> >> > >
Have added inetinfo.exe to the Firewall - no changes.
Probably I need to try to reinstall SP2, since FTP service was added after SP2 was installed. BTW, locally with Firewall enabled, FTP works fine, while from external IP's connection is dropped right after I entered user name. [quoted text, click to view] "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message news:u2IPxxPzHHA.3768@TK2MSFTNGP06.phx.gbl... > ya. it checked for access ip before prompt for login. > > do you have inetinfo.exe defined in the firewall exception list? > > if you try ftp.exe command line to connect remotely, will it drop again > after you entered the user name or ? > > -- > Regards, > Bernard Cheah > http://www.iis.net/ > http://msmvps.com/blogs/bernard/ > > > "Viktor Jevdokimov" <viktor@baltsoft.lt> wrote in message > news:u$9GjMhyHHA.3564@TK2MSFTNGP04.phx.gbl... >> No IP restrictions. BTW, if IP is rejected, why it is starting an FTP >> connection and asking for a user name? If IP is restricted, connection >> should be dropped before FTP welcome line and user name prompt. >> >> ".._.." <.._..@yourmom.mil> wrote in message >> news:q5Kni.36677$G23.20324@newsreading01.news.tds.net... >>> There is an IP address-based ACL in the "Security" tab that allows the >>> server to accept, or reject traffic from individual or blocks of IP >>> addresses. >>> >>> Your description is consistent with it being that the originating IP is >>> on that list. So it's worth a check in there. >>> >>> "Viktor Jevdokimov" <viktor@baltsoft.lt> wrote in message >>> news:%23W9xCufyHHA.2224@TK2MSFTNGP02.phx.gbl... >>>> Hi all, >>>> >>>> Environment: >>>> - Windws Server 2003 R2 Standard Edition Service Pack 2 >>>> - IIS with FTP service >>>> - Windows Firewall enabled, TCP ports 21 and 20 are enabled both on >>>> exceptions list and on connection. >>>> >>>> Problem: "Connection closed by remote host." right after user name is >>>> entered when connecting from outside. >>>> >>>> When testing locally on the server or when Windows Firewall is >>>> disabled - >>>> everything is fine, no problems. When Firewall is enabled, connection >>>> from >>>> outside just drops right after user name is entered. >>>> >>>> IIS log file shows 421 FTP status and 121 win32 status. >>>> >>>> How to configure Windows Firewall properly for FTP service to work from >>>> outside? >>>> >>>> Thanks in advance, >>>> Viktor >>>> >>>> >>>> >>> >>> >> >> > >
[quoted text, click to view]
On Jul 23, 3:29 am, "Viktor Jevdokimov" <vik...@baltsoft.lt> wrote: > Have added inetinfo.exe to the Firewall - no changes. > Probably I need to try to reinstall SP2, since FTP service was added after > SP2 was installed. > BTW, locally with Firewall enabled, FTP works fine, while from external IP's > connection is dropped right after I entered user name. > > "Bernard Cheah [MVP]" <qbern...@hotmail.com.discuss> wrote in messagenews:u2IPxxPzHHA.3768@TK2MSFTNGP06.phx.gbl... > > > ya. it checked for access ip before prompt for login. > > > do you have inetinfo.exe defined in the firewall exception list? > > > if you try ftp.exe command line to connect remotely, will it drop again > > after you entered the user name or ? > > > -- > > Regards, > > Bernard Cheah > >http://www.iis.net/ > >http://msmvps.com/blogs/bernard/ > > > "Viktor Jevdokimov" <vik...@baltsoft.lt> wrote in message > >news:u$9GjMhyHHA.3564@TK2MSFTNGP04.phx.gbl... > >> No IP restrictions. BTW, if IP is rejected, why it is starting an FTP > >> connection and asking for a user name? If IP is restricted, connection > >> should be dropped before FTP welcome line and user name prompt. > > >> ".._.." <.....@yourmom.mil> wrote in message > >>news:q5Kni.36677$G23.20324@newsreading01.news.tds.net... > >>> There is an IP address-based ACL in the "Security" tab that allows the > >>> server to accept, or reject traffic from individual or blocks of IP > >>> addresses. > > >>> Your description is consistent with it being that the originating IP is > >>> on that list. So it's worth a check in there. > > >>> "Viktor Jevdokimov" <vik...@baltsoft.lt> wrote in message > >>>news:%23W9xCufyHHA.2224@TK2MSFTNGP02.phx.gbl... > >>>> Hi all, > > >>>> Environment: > >>>> - Windws Server 2003 R2 Standard Edition Service Pack 2 > >>>> - IIS with FTP service > >>>> - Windows Firewall enabled, TCP ports 21 and 20 are enabled both on > >>>> exceptions list and on connection. > > >>>> Problem: "Connection closed by remote host." right after user name is > >>>> entered when connecting from outside. > > >>>> When testing locally on the server or when Windows Firewall is > >>>> disabled - > >>>> everything is fine, no problems. When Firewall is enabled, connection > >>>> from > >>>> outside just drops right after user name is entered. > > >>>> IIS log file shows 421 FTP status and 121 win32 status. > > >>>> How to configure Windows Firewall properly for FTP service to work from > >>>> outside? > > >>>> Thanks in advance, > >>>> Viktor Hi, Does your FTP client use passive mode? I was having similar problem, and disabling the passive mode solved the case. IIS 6 FTP service does not work properly in passive mode (high ports) while Windows Firewall is enabled. Or you can try what Bernard says, use ftp command line utility to see if you can connect, which doesn't send any PASV commands to the server. In my case, directory listing hangs at certain point when I use passive mode. I tried whatever was suggested (defining passive mode port range in Meta Base explorer and adding those ports to the Windows Firewall) but nothing helped but using active mode. I hope this helps. Deniz Deniz
I've used commandline FTP and other clients. PASV mode is for transfer, when
you're logged in, but I can't login! Connection hangs just right after user name is sent, server won't ask for password and this behaviour is just for all external clients, while locally I can login without problem. Reinstalling SP2 did fix the problem. Only disabling Windows Firewall can help. [quoted text, click to view] "Deniz" <deniz.turkmen@gmail.com> wrote in message news:1185229505.928213.105790@e16g2000pri.googlegroups.com... > On Jul 23, 3:29 am, "Viktor Jevdokimov" <vik...@baltsoft.lt> wrote: >> Have added inetinfo.exe to the Firewall - no changes. >> Probably I need to try to reinstall SP2, since FTP service was added >> after >> SP2 was installed. >> BTW, locally with Firewall enabled, FTP works fine, while from external >> IP's >> connection is dropped right after I entered user name. >> >> "Bernard Cheah [MVP]" <qbern...@hotmail.com.discuss> wrote in >> messagenews:u2IPxxPzHHA.3768@TK2MSFTNGP06.phx.gbl... >> >> > ya. it checked for access ip before prompt for login. >> >> > do you have inetinfo.exe defined in the firewall exception list? >> >> > if you try ftp.exe command line to connect remotely, will it drop again >> > after you entered the user name or ? >> >> > -- >> > Regards, >> > Bernard Cheah >> >http://www.iis.net/ >> >http://msmvps.com/blogs/bernard/ >> >> > "Viktor Jevdokimov" <vik...@baltsoft.lt> wrote in message >> >news:u$9GjMhyHHA.3564@TK2MSFTNGP04.phx.gbl... >> >> No IP restrictions. BTW, if IP is rejected, why it is starting an FTP >> >> connection and asking for a user name? If IP is restricted, connection >> >> should be dropped before FTP welcome line and user name prompt. >> >> >> ".._.." <.....@yourmom.mil> wrote in message >> >>news:q5Kni.36677$G23.20324@newsreading01.news.tds.net... >> >>> There is an IP address-based ACL in the "Security" tab that allows >> >>> the >> >>> server to accept, or reject traffic from individual or blocks of IP >> >>> addresses. >> >> >>> Your description is consistent with it being that the originating IP >> >>> is >> >>> on that list. So it's worth a check in there. >> >> >>> "Viktor Jevdokimov" <vik...@baltsoft.lt> wrote in message >> >>>news:%23W9xCufyHHA.2224@TK2MSFTNGP02.phx.gbl... >> >>>> Hi all, >> >> >>>> Environment: >> >>>> - Windws Server 2003 R2 Standard Edition Service Pack 2 >> >>>> - IIS with FTP service >> >>>> - Windows Firewall enabled, TCP ports 21 and 20 are enabled both on >> >>>> exceptions list and on connection. >> >> >>>> Problem: "Connection closed by remote host." right after user name >> >>>> is >> >>>> entered when connecting from outside. >> >> >>>> When testing locally on the server or when Windows Firewall is >> >>>> disabled - >> >>>> everything is fine, no problems. When Firewall is enabled, >> >>>> connection >> >>>> from >> >>>> outside just drops right after user name is entered. >> >> >>>> IIS log file shows 421 FTP status and 121 win32 status. >> >> >>>> How to configure Windows Firewall properly for FTP service to work >> >>>> from >> >>>> outside? >> >> >>>> Thanks in advance, >> >>>> Viktor > > Hi, > > Does your FTP client use passive mode? I was having similar problem, > and disabling the passive mode solved the case. IIS 6 FTP service does > not work properly in passive mode (high ports) while Windows Firewall > is enabled. Or you can try what Bernard says, use ftp command line > utility to see if you can connect, which doesn't send any PASV > commands to the server. > > In my case, directory listing hangs at certain point when I use > passive mode. I tried whatever was suggested (defining passive mode > port range in Meta Base explorer and adding those ports to the Windows > Firewall) but nothing helped but using active mode. I hope this helps. > > Deniz > > > Deniz >
[quoted text, click to view]
On Jul 24, 5:43 am, "Viktor Jevdokimov" <vik...@baltsoft.lt> wrote: > Problem solved: > > 1. Uncheck "FTP Server" in Windows Firewall Extended tab for every location > 2. Add 21 port to exceptions > > "Viktor Jevdokimov" <vik...@baltsoft.lt> wrote in message > > news:%23W9xCufyHHA.2224@TK2MSFTNGP02.phx.gbl... > > > Hi all, > > > Environment: > > - Windws Server 2003 R2 Standard Edition Service Pack 2 > > - IIS with FTP service > > - Windows Firewall enabled, TCP ports 21 and 20 are enabled both on > > exceptions list and on connection. > > > Problem: "Connection closed by remote host." right after user name is > > entered when connecting from outside. > > > When testing locally on the server or when Windows Firewall is disabled - > > everything is fine, no problems. When Firewall is enabled, connection from > > outside just drops right after user name is entered. > > > IIS log file shows 421 FTP status and 121 win32 status. > > > How to configure Windows Firewall properly for FTP service to work from > > outside? > > > Thanks in advance, > > Viktor Hi Viktor, Incredibly, your small recipe solved my problem too. I could never guess that unchecking the FTP service in firewall would actually yield a better result. Oh well, we are learning new things everyday thanks to MS ;) Thanks very much! Deniz
Problem solved:
1. Uncheck "FTP Server" in Windows Firewall Extended tab for every location 2. Add 21 port to exceptions [quoted text, click to view] "Viktor Jevdokimov" <viktor@baltsoft.lt> wrote in message news:%23W9xCufyHHA.2224@TK2MSFTNGP02.phx.gbl... > Hi all, > > Environment: > - Windws Server 2003 R2 Standard Edition Service Pack 2 > - IIS with FTP service > - Windows Firewall enabled, TCP ports 21 and 20 are enabled both on > exceptions list and on connection. > > Problem: "Connection closed by remote host." right after user name is > entered when connecting from outside. > > When testing locally on the server or when Windows Firewall is disabled - > everything is fine, no problems. When Firewall is enabled, connection from > outside just drops right after user name is entered. > > IIS log file shows 421 FTP status and 121 win32 status. > > How to configure Windows Firewall properly for FTP service to work from > outside? > > Thanks in advance, > Viktor > > >
I am having the same problems.
Scenario: Windows 2003 Server - firewalled on a Broadband DSL conn. Can DOS FTP and Explorer FTP with no issues Windows XP SP2 Workstation - Connected via LAN Gets "Connection close by remote host" after entering username in DOS FTP and "Windows cannot access this folder...The connection with the server was reset." If you have solved this issue, please detail the steps you took. THANK YOU!!!! Dan
Hi,
did you read this article http://support.microsoft.com/kb/283679 ? Most of time, the problem is related to the ports which are not open to the Internet (the ftp-data port). On Microsoft FTP sites, the dynamic port is choosen between 1024 and 5000 which means you may have to open all theses ports. With ISA Server, there is a filter (like an addon) which opens and closes the ftp-data ports on demand. Try to open theses ports for a limited time just to see what happens when you try again to connect to your ftp server. Thierry [quoted text, click to view] "Daniel Abbott" <daniel.abbott@kleffmann.us> wrote in message news:ui8ceRU1HHA.4492@TK2MSFTNGP05.phx.gbl... >I am having the same problems. > > Scenario: > Windows 2003 Server - firewalled on a Broadband DSL conn. > Can DOS FTP and Explorer FTP with no issues > > Windows XP SP2 Workstation - Connected via LAN > Gets "Connection close by remote host" after entering username in DOS > FTP and "Windows cannot access this folder...The connection with the > server was reset." > > If you have solved this issue, please detail the steps you took. > > THANK YOU!!!! > Dan > > > *** Sent via Developersdex http://www.developersdex.com ***
Thank you for the post, but my problem is on the other side of that
scenario. Our corp office has an FTP server. We are a remote office with a DSL highspeed connection. If I connect directly to the DSL modem, I can FTP through both DOS and Explorer. If I try the same thing on the server directly, I get the same result, success. Yet, if I try from any workstation on the domain, I get the error I've posted. HELP!!
Found it. Stop the Application Layer Gateway service on the server. That will fix the issue almost instantly. This was posted on a TechNet news posting under "XP clients ftp". Dan
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |