Previous Next

• 04-16-2007, 3:31 AM

  awinkler Joined on 04-16-2007, 7:12 AM Posts 7

  FTP setup for remote clients Reply Contact I'm trying to set up an ftp site using Windows Server 2003; however, I am unable to access my ftp site from other computers.  I followed all the instructions about setting up the ftp site, like picking the IP address, the home directory, the security settings, etc. in the IIS Manager.  I'm able to "ftp localhost" from the server computer but cannot connect to the ftp site from any other computer.  The error I am receiving is:  "An error occurred reading the contents of the folder.  Make sure the file name is valid and you have permission to access the location specified.  Details:  The connection with the server was reset." I think perhaps the problem is my firewall.  I modified my settings under "Remote Access/VPN Server->ServerName->IP Routing->NAT/Basic Firewall-> (right click) Local Area Connection->Properties-> (tab) Services and Ports" by checking "FTP".  I also tried opening the Windows Firewall, but I get an error when I try to open this service:  "Windows Firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)." But the problem could be something completely different.  This is the first time I've set up an ftp site using Windows Server 2003...  Please help!

  Tags: IIS 6.0publish

• 04-16-2007, 8:42 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 6:27 AM Lawrenceville, NJ Posts 4,035	Re: FTP setup for remote clients Reply Contact Yes sounds like a firewall issue.  Check the documentation for proper setup to allow FTP.  As far as Windows firewall, are you running any other security software? Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 04-16-2007, 12:56 PM

  In reply to

  awinkler Joined on 04-16-2007, 7:12 AM Posts 7

  Re: FTP setup for remote clients Reply Contact Hi Tom, Thanks for replying!  I followed the directions from this website:  http://support.microsoft.com/kb/323384.  I've also done some additional reading, but everything seems to indicate I've done everything correctly.  Is there possibly some conflict with the Remote Access stuff or anything?  I'm not sure where else to look to be sure I'm getting through the firewall.  As far as other security software, I'm not running any that I'm aware of.  The only security stuff should be what installed with Windows Server 2003. Amy

  Tags: IIS 6.0publish

• 04-16-2007, 9:35 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 2,538

  Re: FTP setup for remote clients Reply Contact If you are using RRAS as your firewall, you need to open up port 21 and map it to the internal IP address of your FTP server.   I'd make sure you have port 21 opened on your RRAS box and potentially another router connecting you to the internet are enabled.  http://www.auditmypc.com/firewall-test.asp is a place that can scan your pc to show what ports are opened.  The windows firewall is not enabled if you are using RRAS.  Make sure FTP service is listening on the correct IP or All Unassigned.  Do you see anything in the event logs or FTP logs?  try using the command line FTP from outside your network or another 3rd party FTP client.  Passive settings can sometimes cause issues like this. Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 04-16-2007, 11:55 PM

  In reply to

  qbernard Joined on 03-25-2003, 10:12 PM Malaysia Posts 2,443	Re: FTP setup for remote clients Reply Contact do you really need RRAS ? if it just ftp and is connected to your network etc, just allow ftp connection in the windows firewall will do. Cheers, Bernard Cheah

• 04-17-2007, 1:44 PM

  In reply to

  awinkler Joined on 04-16-2007, 7:12 AM Posts 7

  Re: FTP setup for remote clients Reply Contact Ok, I believe I'm using RRAS as my firewall and not the windows firewall.  That makes sense.  My network is internal to the building's network, so I assume that my server is connected to some router out there.  But I was able to ftp earlier - by using a router instead of a computer as the dhcp, etc. and downloading some ftp freeware.  Now, I'm running a computer with Windows Server 2003 and it acts as our dhcp server.  If I disable RRAS, none of the computers on my network are able to see the internet, so I've kept RRAS. I don't know how to open up port 21 on this server.  (It was fairly straightforward on the router.)  I have gone to RRAS and set up my local area connection to allow ftp and vpn.  I also checked my TCP connections using netstat in a DOS command window.  Local port 21 is set to "LISTEN" but doesn't have a local or remote IP address ("TCP 0.0.0.0:21  0.0.0.0:0  LISTENING").  How do I map it to the ftp server's IP? The event logs for ftp show that the "connection was closed" when I tried to ftp from a remote computer.  I have also tried ftp from the command line with the same results.  Any ideas?  Thank you!! Amy

  Tags: IIS 6.0publish

• 04-17-2007, 10:10 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 2,538

  Re: FTP setup for remote clients Reply Contact On my RRAS server, I have a public IP and a private lan connected.  To open the service, go to RRAS admin in 'administrative tools', Server >> IP Routing >> NAT / Basic Firewall > Right click on properties of the interface, click on Services and Ports >> Click Edit and fill in the 'internal' address.  That is what I did. Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 04-17-2007, 10:57 PM

  In reply to

  awinkler Joined on 04-16-2007, 7:12 AM Posts 7	Re: FTP setup for remote clients Reply Contact Yes, I've done that part.  When you look up the TCP connection (Server >> IP Routing >> General > Right click interface, click Show TCP Connections...), does it show 0.0.0.0 on port 21 or your actual IP address?  Mine shows 0.0.0.0 and I think that means that ftp is not getting forwarding to the correct IP (?).
  	Tags: IIS 6.0publish

• 04-17-2007, 11:25 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 2,538

  Re: FTP setup for remote clients Reply Contact My RRAS server is also my FTP server so I set the IP address in the Services / Ports section.  I would replace the 0.0.0.0 with the actual IP address of the FTP server.  In my case, since the RRAS server has a public NIC and a private NIC.  I set the ip address to 192.168.0.1.  Yours might be different, if the FTP server is on a different box.  Have you tried that? Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 04-17-2007, 11:30 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 2,538	Re: FTP setup for remote clients Reply Contact Here is a picture of my RRAS FTP setup http://iislogs.com/images/ftprras.jpg Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 04-17-2007, 11:39 PM

  In reply to

  awinkler Joined on 04-16-2007, 7:12 AM Posts 7

  Re: FTP setup for remote clients Reply Contact My RRAS server is my FTP server as well.  I replaced 0.0.0.0 with both the public IP address, the private IP address (192.168.1.100), and another weird IP address that I don't understand (127.0.0.1) but appears by default on some of my VPN things.  After each change I tried to connect to the ftp server from a remote machine without success.  Anyhow, I did find that when I'm connected to the ftp server from this machine (the ftp server), the TCP connections show that my public IP address is on port 21 (listed as "established").  I suppose that means my IP address is somehow able to talk to port 21 - which seems to be a good thing.  Although now I'm back to having no idea what the problem is... :-j lost and confused...  Amy

  Tags: IIS 6.0publish

• 04-17-2007, 11:51 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 2,538

  Re: FTP setup for remote clients Reply Contact Arggg!  Try this, go to the command prompt and type in ipconfig /all.   Find out the ip address of the NIC that is the 'internal' NIC.  Put this ip address in the services and ports thing.  Wait a few seconds or minutes so RRAS can rebind the settings.  Secondly, make sure your FTP service is started and listening on all unassigned IP's.   Then retry.  If you are still stuck, I suggest checking out the networking newsgroups in news://msnews.microsoft.com  They might be able to suggest something different.   I'm out of ideas, mine just works. :-| Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 04-18-2007, 12:07 AM

  In reply to

  awinkler Joined on 04-16-2007, 7:12 AM Posts 7

  Re: FTP setup for remote clients Reply Contact Darn!  It still won't work!  When I "ipconfig /all"-ed I got three IP addresses:  one PPP RAS Server interface (192.168.2.101 - I configured RAS to give out this IP address for remote connections), one for NIC 2 (private), and one for NIC 1 (public).  The new one I just tried was 192.168.2.101 as it was the only one I hadn't tried.  I have 3 ftp sites set up in IIS.  All are running and are on port 21.  The first ftp site takes "all unassigned", the second takes my public IP address, and the last takes my private IP address.  I'm testing my ftp connection on one of the machines on my local network.  I go to the DOS command window, type "ftp", and then type "open <<IP address>>".  The DOS command window responds that I'm connected and need to give a user name.  I know I'm providing the correct user name (and I have the accept only anonymous users unchecked in my ftp set up).  Then the command window responds with "connection terminated by remote host".  Agh!! Thank you so much for your continued response to this issue.  (My remarks of frustration are directed at these dammed computers!)  Amy

• 04-19-2007, 11:41 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 2,538

  Re: FTP setup for remote clients Reply Contact I truly understand your frustation.  Here is what I'd do based on what you have described.  Lets get 1 FTP site working locally, then try to access it remotely.   I'm assuming people who are 'remote' are coming from the 'public' ip address side of the network.  1) Turn off the private FTP sites 2) Make sure your 'public' FTP site is turned on and you can access it locally on the box using the FTP.exe 3) Open up the services and ports on the FTP service type 0.0.0.0 or public IP using the RRAS admin tool 4) from a 'remote' machine on the public network side, type 'telnet PublicIPAddress 21'  for example telnet 192.168.1.10 21 (there are spaces between each command) This will test connectivity from a remote box to your FTP site. 5) If that works, try the command line ftp from that client to your 'public' site.  6) Make sure you have logging enabled on the FTP site, this defaults to c:\windows\system32\logfiles\msftpsvc1 That is where I'd start.  If you get this far, you have proven the network, firewalls, and connectivity is correct.  If not, you have something on your network blocking somewhere.  Good luck! Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 05-24-2007, 5:04 PM

  In reply to

  awinkler Joined on 04-16-2007, 7:12 AM Posts 7

  Re: FTP setup for remote clients Reply Contact First off, a big thank you for all the replies and suggestions.  I finally caved and got rid of the RRAS and DHCP on that computer.  I set up my router to be the internet gateway and dole out IP addresses.  Then, after simplifying the server, the ftp site starting working.  The firewall was constantly an issue though, so I had to turn it off - not a good long term solution by any means but I plan to switch to something else like secure shell (SSH) in the near future.  I also have to access the ftp site by using "active" ftp instead of "passive".  (From internet explorer, there is a checkbox under Internet Options -> Advanced -> "Use passive ftp".  I had to uncheck that box.  This may have something to do with how our building's router works; perhaps it won't assign any other ports?  In any case, I don't control that router.)   After many months, I thought it might be a good idea to bring some closure to this thread.  I wish I could say that the ftp is working wonderfully, but having to turn off the firewall has dampened my enthusiasm.  Better luck to other ftp-ers!   On another note, I have been strongly discouraged from using ftp since the passwords via ftp are not encrypted.  Secure shell has some sort of secure ftp - sftp - which encrypts.  It also somehow avoids the complication of assigning two different ports on the router, eliminating much stress and frustration in setting up an ftp site.  There's a user friendly student version out there very cheap.  I believe it's called open ssh.