• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1542
  • Last Modified:

Firewall/FTP 'Connection reset by remote host'

Hi am fairly new at this so please bare with me. Currently we are running IIS 5.0 FTP server in our DMZ behind a Nokia Checkpoint firewall. Every once and a while, we have customers complain that they are getting the error 'Connection reset by remote host'. I have run over the server with a fine tooth comb and haven't come up with anything. I have even gone as far as moving the server out of the DMZ into our regular network and having them test it there. When I do this, no error is recieved. Next, I tried putting it behind a PIX firewall that we have in another DMZ and we were able to reproduce the problem. I found an article on Microsoft's Knowledge Base the describes the exact problem, but no real way to fix it. http://support.microsoft.com/default.aspx?scid=kb;en-us;283679. At this point, I am at a loss of what to do. Our WAN administrator says that the firewalls are setting up to allow ports 20 and 21, however, whenever the server is behind a firewall we get the conneciton error. Can anybody offer any suggestions?
0
kria
Asked:
kria
  • 4
  • 3
1 Solution
 
sudev_shettyCommented:
u must be knowing about active and passive ftp
if not learn about that and u can solve the problem by your own
let me know if u need any help
0
 
kriaAuthor Commented:
You are correct. I do know about the difference about passive and active FTP. The main problem I seem to be having is with our firewalls. I have run several tests and nearly proved beyond a shadow of a doubt that the problem is not the server. However, I don't control the firewalls so I was hoping someone could give me something like an article or reference material that I could take to our WAN team.

Thanks for your help!
0
 
sudev_shettyCommented:
ok if u dont have control on the firewall then enable passive mode in the ftp server and the client it will start working
which ftp server do u have ??
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
kriaAuthor Commented:
We currently use IIS 5.0 for our FTP server, however, this problem has been replicated using IPSwitch's WS_FTP server.
0
 
sudev_shettyCommented:
there is no optinons for active or pasive ftp in iis but u can do it in IPSwitch and WS_FTP server
0
 
kriaAuthor Commented:
Do you think it would be better to switch to WS_FTP server then? I have no problems with this.
0
 
sudev_shettyCommented:
insted of ws_ftp switch to ipswitch imail server its a very good server
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now