Previous Next

• 08-01-2008, 1:16 PM

  boen_robot Joined on 07-31-2008, 11:31 AM Plovdiv Posts 14

  Configuring passive mode Reply Contact I've followed all instructions at http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/ in an attempt to make this working, but I'm still failing. The (MikroTik) router at my public IP (for the sake of example: 10.10.10.1) translates all incoming requests on port 21 to my private IP (for the sake of example: 192.168.0.2) again on port 21. On the global level of the IIS manager, I have specified 10.10.10.1 as the IP, and left the port range to 0-0. I made sure the FTP site also has the same external IP configured. Accessing the FTP (with FileZilla) in either active or passive mode results in the message: 150 Opening BINARY mode data connection. After which the client hangs until finally it receives a timeout error. I tried to adjust the port range in the IIS manager to 5000-6000 and made the router redirect all incoming requests on those ports to the same ports on the server. The result is the same. Windows Firewall has been turned off for all profiles in both cases (just in case).  The server works properly from the local network (the 192.168.0.0/24 subnet), but not outside of it. What am I doing wrong? Any ideas?  [edit]Solved. I had to specify EXACTLY the port range in the example, NAT that, and configure the Windows Firewall to allow the FTP service to use all ports it wants.[/edit]

  Tags: FTP7firewallconfigurationnetwork

• 08-05-2008, 5:56 AM

  In reply to

  Zhao Ji Ma - MSFT Joined on 01-05-2007, 12:36 AM Posts 765

  Re: Configuring passive mode Reply Contact Hi, You can use "0-0" for port range to let IIS FTP Publishing Service use dynamic port range. Zhao Ji Ma Sincerely, Microsoft Online Community Support “Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• 08-09-2008, 11:59 AM

  In reply to

  boen_robot Joined on 07-31-2008, 11:31 AM Plovdiv Posts 14

  Re: Configuring passive mode Reply Contact What should I specify in the router if I do that? Which ports (if any) must I NAT? I don't know of any way I can make MikroTik (or any other router for that matter) NAT ports dynamically based on what a certain program wants.  Scratch that... I know of one possible way (make a script that will connect to MikroTik via SSH and adjust the ports as needed) but I'd still need a way to detect those ports. And even if there's a way to detect them, wouldn't that be just way too painful on performance (after all, there'd be a delay between the port change and the NAT-ing)?