-
Posted to
IIS7 - Publishing
by
NeanDuhTall
on
05-27-2009, 8:08 PM
OK - I finally got FTPS working thru my Firewalls (there are actually two hardware firewalls in series, plus the Windows Firewall running on the Win 2008 Web/FTP Server).
The final problem with being unable to establish a Data channel connection on the specified port range was traced back to the Port Redirection rules in my Router (which is ...
-
Posted to
IIS7 - Publishing
by
NeanDuhTall
on
05-27-2009, 2:28 AM
OK, analyzing the error on the Hardware firewall shows a fundamental problem with plain (un-encrypted) FTP thru this device - the conntrack_ftp module is opening the reply packet from the server and silently dropping it because the IP address specified in the reply (which is the IP address specified in the FTP Firewall Support ...
-
Posted to
IIS7 - Publishing
by
NeanDuhTall
on
05-27-2009, 1:15 AM
Ah, man I'm tired now. I've spent the whole day looking this one over, researching and trying different things and I am still stuck on this:
The reply from the FTP server 227 Entering Passive Mode (192,170,1,1,19,41)., which contains the Data port range info for the client to connect on just doesn't appear to be getting to the ...
-
Posted to
IIS7 - Publishing
by
NeanDuhTall
on
05-26-2009, 7:42 PM
OK, I found a post that Lex had replied to elsewhere (here) in the Forum that described the problem with FTP 7.5 not honouring the data port range set in the IIS FTP Firewall Support settings.
Apparently, you need to restart the Microsft FTP Service to get it to pick up the new port range.
I did this and now the server is replying ...
-
Posted to
IIS7 - Publishing
by
NeanDuhTall
on
05-26-2009, 7:05 PM
Thanks for the reply Steve.
And, thanks for putting my attention back on the Hardware firewall - there was indeed a problem with it's settings - I only had Destination NAT rules in place and I needed to add in a couple of Source NAT rules to alter the source of the traffic to be the Firewalls LAN port IP address.
Once I added these, I was ...
-
Posted to
IIS7 - Publishing
by
NeanDuhTall
on
05-25-2009, 5:39 PM
Hi Lex,
thanks for taking the time to reply. In reply to your question - yes, the destination addresses of the packets from the test client are the same as that which the FTP service is bound to in IIS.
The test setup is as follows:-
Laptop Test Client (connected to WAN side of Hardware Firewall for testing):-
Windows Server 2008 ...
-
Posted to
IIS7 - Publishing
by
NeanDuhTall
on
05-25-2009, 3:51 AM
Hi all,
I've downloaded and set up the FTP 7.5 server software from Microsoft, on a Windows Server 2008 Enterprise SP1 machine with IIS7 (actually a Hyper-V VM). I've then published a couple of existing basic public websites using the FTP software, using the FTP managment tools in IIS and have opened the necessary ports to allow ...