We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

Server 2016 - FTP behind a NAT - Failed to retrieve directory listingRSS

4 replies

Last post Jan 23, 2019 09:35 AM by DessieD

  • Server 2016 - FTP behind a NAT - Failed to retrieve directory listing

    Jan 18, 2019 05:07 PM|DessieD|LINK

    I am trying to setup an IIS FTP server on Windows 2016, works fine locally but when I try externally the Filezilla client logs in ok, but then displays "Error: Failed to retrieve directory listing" and after 20 seconds or so drops the connection. I think I'm getting my ports / addresses etc mixed up so to explain my setup:..

    My external IP is behind a router that I have no access to. The external facing ip address is 111.222.333.444 and port 6400 has been setup for FTP (obviously fictitious address info). Port 6400 is being forwarded to an internal IP address, let's say 999.999.999.999. That's as much as I've been told anyway. For now I've disabled my local windows firewall to rule it out.

    From what I've read on this topic so far (which is a lot), the problem appears to be the port range used in passive mode is being blocked, but think I've got confused what addresses and ports to use in my local FTP config.

    1 - FTP Firewall Support (At the Server level in IIS) - I've used range 0-0, and specified 111.222.333.444 as the external IP - Q: Is that correct or should I use 999.999.999.999 and assume port forwarding will route the traffic?

    2 - Bindings on my FTP Site - I've set it to 111.222.333.444 port 6400. Q: Is this correct or should I use port 21 and again assume the port forwarding will route it to port 6400?

    3 - Do I need to ask the router guys to open a range of outbound ports for me?

    Sorry for the long winded explanation, hope someone can help.

  • Re: Server 2016 - FTP behind a NAT - Failed to retrieve directory listing

    Jan 18, 2019 08:18 PM|lextm|LINK

    DessieD

    3 - Do I need to ask the router guys to open a range of outbound ports for me?

    Your FTP firewall settings obviously set a wrong port range. Not only ask your router guys on that, but ask them everything they know about FTP setup. They know how to manage routers, and surely they have enough knowledge on computer networking.

    If possible, those guys should also teach you how to troubleshoot such by using a tool like Wireshark, and you can easily track how FTP works internally and figure out which ports/IP addresses are in use in the packets.

    Lex Li
    Want to have a chat on the issues you meet? Book an appointment at https://buy.stripe.com/cN24ia0yi7sAdIA7sv
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Server 2016 - FTP behind a NAT - Failed to retrieve directory listing

    Jan 22, 2019 12:06 PM|DessieD|LINK

    lextm

    Your FTP firewall settings obviously set a wrong port range

    OK, well thanks for the advice.  I'm afraid it's not that kind of relationship, my contact that I'm trying to help on this is sitting behind a NAT that is externally administered and there is no service contract etc - difficult to explain.  I was hoping my assumptions / understanding on port forwarding, particularly outbound passive traffic was correct i.e. do I need to request a range of outbound ports to be opened up?  Once an expert from here, such as you, confirms that, well then I can go back to them confidently requesting the change.  And also would be good to know if my other assumptions on the IP addresses to use in IIS are ok too. 

    Appreciate I'm no expert in this area, which is why I've made best endeavours and only used this forum for help.

  • Re: Server 2016 - FTP behind a NAT - Failed to retrieve directory listing

    Jan 23, 2019 12:08 AM|lextm|LINK

    https://docs.microsoft.com/en-us/iis/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7#step-1-configure-the-passive-port-range-for-the-ftp-service

    You still need to learn FTP packets so as to better understand Microsoft documentation, as well as what others talk about FTP protocol. In short, at IIS level you must configure which ports should be used for passive mode, and that's also what port range your router administrators must open.

    Many articles can be found on Google to help understand the concepts, such as

    https://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified 

    Lex Li
    Want to have a chat on the issues you meet? Book an appointment at https://buy.stripe.com/cN24ia0yi7sAdIA7sv
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Server 2016 - FTP behind a NAT - Failed to retrieve directory listing

    Jan 23, 2019 09:35 AM|DessieD|LINK

    lextm

    you must configure which ports should be used for passive mode, and that's also what port range your router administrators must open

    That's exactly what I was hoping to confirm, I've requested the ports I specified in IIS to be open but using a port checker tool it is clear they have not been opened (despite being told they were which adds to the problem).  I've had fun reading up on all this, certainly know more than I did 5 days ago - many thanks for your replies.