[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Cannot connect to FTP sites requiring a login and password

Posted on 2004-09-11
8
Medium Priority
?
270 Views
Last Modified: 2010-04-19
All clients are getting an error 521 when trying to login to any ftp site on the internet that requires a password.

I am running a single Windows server 2003
DHCP
DNS
Routing and remote access
NAT
Basic firewall on the internet side

The ftp software is returning the private ip address 192.168......

It seems I'm missing something basic in my configuration of Routing and remote access.
Is there not a simple method to ensure ip addresses are converted from private to public when sent out to the internet
and converted back to the appropriate private ip address on return?

Thanks!
Goodj
0
Comment
Question by:goodj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12056731
>>Basic firewall on the internet side

OK how is it set up? is it optimised for active or passive FTP?

Passive and Active FTP

There are two types of FTP (File Transfer Protocol) these are Active and Passive

Active FTP

Pros (good for network administrators)
Cons (not so good for the client)

The FTP server will try and make a connection on a lot of high port numbers (these could well be blocked on the clients side Firewall)


Passive FTP

Pros (good for the client)
Cons (Not good for the network administrators)

The client makes the connection to the FTP server, and one will be a high port number that will almost certainly be blocked by the network firewall (server side)


Solution

To strike a happy medium, administrators can make their FTP servers available to many clients by supporting passive FTP; reserving a range of port numbers does this, in this way all other ports can be firewalled, thus decreasing the security risk

Luckily, there is somewhat of a compromise. Since administrators running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. Specifying a limited port range for the FTP server to use can minimize the exposure of high-level ports on the server. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously. See Appendix 1 for more information.

*****Links*****
http://slacksite.com/other/ftp.html
http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac199/about_cisco_ipj_archive_article09186a00800c85a7.html

*********Also*************

Are your clients accessing FTP sites through their browser? if so do you have a proxy server?
0
 
LVL 10

Expert Comment

by:jhautani
ID: 12059319
As you are running RRAS and NAT you have a multihomed server. If possible configure your FTP software to listen to only the internet side IP.
Or configure your NAT to forward FTP from internet to the server's private address.

hope this helps
0
 
LVL 4

Expert Comment

by:sloopeth
ID: 12063730
stupid answer please ignore if annapropriate - is this machine an sbs or domain controller? if so try the domain\username for the ftp site username - i saw this on a similar post with the same problem.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:goodj
ID: 12101159
Thanks for all your input.  Wound up on the phone with Microsoft on this one for over 9 hours.  They discovered that this is actually a bug in Windows Server 2003 with NAT on a multi-homed DC.  The fix is going to be included in SP1.
I disabled NAT, Routing and Remote Access & the 2nd NIC on the server.  Set up NAT on my firewall instead.  All is now working.
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 13795723
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 13899389
Mods - I had trouble with this one. I suggested PAQ/No Refund as the asker has answered himself, but has not requested a closure in the CS forum, despite a hint to a fortnight ago.
0
 

Accepted Solution

by:
PAQ_Man earned 0 total points
ID: 13932588
PAQed with points refunded (500)

PAQ_Man
Community Support Moderator
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question