August 30, 2008 01:42am pdt

1. giltjr 42,425
2. omarfarid 28,775
3. b0lsc0tt 8,750
4. meverest 6,400
5. rwaldicott 6,100
6. AllKnowing1 5,600
7. shakoush... 4,900
8. jason1178 4,500
8. and235... 4,500
10. mihapi 4,300
11. Cyclops3... 4,000
11. RubalJ 4,000
11. 2PiFL 4,000
11. stevenb01 4,000
15. mwecom... 3,875
16. keith_ala... 3,725
17. nedvis 3,600
18. rionroc 3,500
18. arrkerr1... 3,500
18. PeturIngiE... 3,500
21. sunnycoder 3,350
22. ravenpl 3,175
23. Chris-Dent 3,000
23. CoyotesIT 3,000
23. complexit... 3,000

1. giltjr 52,625
2. omarfarid 34,075
3. rwaldicott 21,039
4. arrkerr1... 10,500
5. meverest 9,900
6. b0lsc0tt 8,750
7. ygoutham 7,900
8. keith_ala... 7,525
9. AllKnowing1 5,600
10. ravenpl 5,550
11. shakoush... 4,900
12. uetian1707 4,500
12. jason1178 4,500
12. and235... 4,500
15. mihapi 4,300
16. stevenb01 4,000
16. RubalJ 4,000
16. knightEkni... 4,000
16. BradGroux 4,000
16. 2PiFL 4,000
16. JDettman 4,000
16. Cyclops3... 4,000
23. mwecom... 3,875
24. ajarvey 3,750
24. bhnmi 3,750

04.17.2008 at 01:36PM PDT, ID: 23332464

	[x] Attachment Details

How do I get passive FTP working on IIS 6.0 behind a PIX-520 firewall?

Asked by SmarterTechnology in FTP Servers, File Transfer Protocol (FTP), Cisco PIX Firewall

Tags: Microsoft, IIS, 6.0, Passive FTP behind a Cisco PIX 520 firewall, 227 Entering Passive Mode (ex,tern,al,ip,21,144)., Just sits at that message. No errors.

PIX 520 v 6.3(1)

Relevant config lines:
fixup protocol ftp 21
..
name Ex.tern.al.IP ServerName
..
access-list outside_access_in permit tcp any host ServerName eq ftp
access-list outside_access_in permit tcp any host ServerName eq ftp-data
access-list outside_access_in permit tcp any host ServerName range 5500 5600
..
static (inside,outside) ServerName In.tern.al.IP netmask 255.255.255.255 0 0

IIS 6.0 on Windows 2003 Server. Set the passive ports to 5500-5600 per http://support.microsoft.com/kb/555022/en-us

Can connect fine. Can transfer fine with active FTP, always could. When I try a passive transfer (even a directory listing,) all the client shows is "227 Entering Passive Mode (Ex,ter,nal,IP,21,144)." and eventually times out.

Using active transfer, the PIX log shows (when grepping for the client's external IP):
302013: Built inbound TCP connection 7092630 for outside:Cl.ie.nt.IP/31535 (Cl.ie.nt.IP/31535) to inside:In.tern.al.IP/20 (Ex.tern.al.IP/20)
302014: Teardown TCP connection 7092630 for outside:Cl.ie.nt.IP/31535 to inside:In.tern.al.IP/20 duration 0:00:01 bytes 68 TCP FINs
106015: Deny TCP (no connection) from In.tern.al.IP/20 to Cl.ie.nt.IP/31535 flags ACK on interface inside

When trying a passive transfer, all I see in the PIX log is:
302013: Built inbound TCP connection 7092859 for outside:Cl.ie.nt.IP/31655 (Cl.ie.nt.IP/31655) to inside:In.tern.al.IP/5522 (Ex.tern.al.IP/5522)

Nothing shows up in the Windows event logs except the timeout warning event.

Any ideas what to check next?? This is driving me bonkers.Start Free Trial

Keywords: How do I get passive FTP working on II…

	Title
1	Cisco ASA not allowing passive ftp?
2	Fixup Protocol
3	PIX FTP timeout issue
4	FTPs and Passive FTP not working beh…
5	PIX FTP Fixup
6	Windows VPN Connection through PIX …

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628

How do I get passive FTP working on IIS 6.0 behind a PIX-520 firewall?

Asked by SmarterTechnology in FTP Servers, File Transfer Protocol (FTP), Cisco PIX Firewall

Tags: Microsoft, IIS, 6.0, Passive FTP behind a Cisco PIX 520 firewall, 227 Entering Passive Mode (ex,tern,al,ip,21,144)., Just sits at that message. No errors.

About this solution