We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

View Complete Thread
  • Re: FTP IIS Server while connected to VPN?

    Aug 17, 2016 08:26 AM|seanvree|LINK

    2016-08-17 08:02:34 192.168.1.1 - 192.168.1.20 21 ControlChannelOpened - - 0 0 dcc49917-0505-4347-8984-bbe51e55bf6b -
    2016-08-17 08:02:34 192.168.1.1 - 192.168.1.20 21 USER plexguest 331 0 0 dcc49917-0505-4347-8984-bbe51e55bf6b -
    2016-08-17 08:02:34 192.168.1.1 VREEPLEXDESKTOP\PlexGuest 192.168.1.20 21 PASS *** 230 0 0 dcc49917-0505-4347-8984-bbe51e55bf6b /
    2016-08-17 08:02:34 192.168.1.1 VREEPLEXDESKTOP\PlexGuest 192.168.1.20 21 opts utf8+on 200 0 0 dcc49917-0505-4347-8984-bbe51e55bf6b -
    2016-08-17 08:02:34 192.168.1.1 VREEPLEXDESKTOP\PlexGuest 192.168.1.20 21 PWD - 257 0 0 dcc49917-0505-4347-8984-bbe51e55bf6b -
    2016-08-17 08:02:34 192.168.1.1 VREEPLEXDESKTOP\PlexGuest 192.168.1.20 21 CWD /FTP/Movies/ 250 0 0 dcc49917-0505-4347-8984-bbe51e55bf6b /FTP/Movies
    2016-08-17 08:02:34 192.168.1.1 VREEPLEXDESKTOP\PlexGuest 192.168.1.20 21 TYPE A 200 0 0 dcc49917-0505-4347-8984-bbe51e55bf6b -
    2016-08-17 08:02:34 192.168.1.1 VREEPLEXDESKTOP\PlexGuest 192.168.1.20 21 PASV - 227 0 0 dcc49917-0505-4347-8984-bbe51e55bf6b -
    2016-08-17 08:02:34 192.168.1.1 VREEPLEXDESKTOP\PlexGuest 192.168.1.20 40017 DataChannelOpened - - 0 0 dcc49917-0505-4347-8984-bbe51e55bf6b -
    2016-08-17 08:02:34 192.168.1.1 VREEPLEXDESKTOP\PlexGuest 192.168.1.20 40017 DataChannelClosed - - 0 0 dcc49917-0505-4347-8984-bbe51e55bf6b 

    right now my settings are as follows: 

    Windows:
    Windows firewall OFF .
    IIS FTP listening on Port 21 (bound to static IP 192.168.1.20). Can access from internal LAN

    Data channel range:  40000-65000

    Router settings:

    DDWRT (router) Port forwarding: 
    port 20 tcp&upd-> 192.168.1.20 port 20 
    port 21 tcp&upd -> 192.168.1.20 port 21 
    port 1024 tcp&upd -> 192.168.1.20 port 1024 

    Port Range forwarding 40000- 65000  tcp&upd -> 192.168.1.20 

    Firewall comand (IP tables): 

    iptables -I INPUT -i `nvram get wan_ifname` -p tcp --dport 20 -j ACCEPT 
    iptables -I INPUT -i `nvram get wan_ifname` -p tcp --dport 21 -j ACCEPT 
    iptables -I INPUT -i `nvram get wan_ifname` -p tcp --dport 1024: -j ACCEPT 
    iptables -I INPUT -m helper --helper ftp -j ACCEPT 
    iptables -I INPUT -m conntrack --ctstate RELATED -j ACCEPT 
    iptables -I OUTPUT -p tcp --sport 20 -j ACCEPT 

    it seems that there is a problem with the data ports as it works internal LAN, and FTP active external, but no PASV external. 

    I can't figure this out!