FTP Passive Mode on Different Port

Posted on 2005-03-09
Medium Priority
Last Modified: 2008-01-09
Hey everyone! I'm having a little problem and was wondering if anyone can help.

Here's what I have set up, i have an FTP on port 21 that works excellent. Its Passive, so after connecting, it connects to a port in the 24XXX range. I wanted a seperate FTP to run off of port 1773. When I connect to that port, it logs in and everything, but then creates a PASV command using a LOCAL ip.

It connects and authenticates to then says this:

            227 Entering Passive Mode (192,161,0,9,13,206).
STATUS:>        Connecting FTP data socket

How can i get it to create a passive connection using the EXTERNAL ip? Again, the FTP on port 21 creates a passive connection (using PASV command) using the EXTERNAL ip. Why does it change when i try to change the port?

Thank you!
Question by:bick2000
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 34

Accepted Solution

Dave_Dietz earned 2000 total points
ID: 13502781
I think you forgot to tell us you have a NAT device of some sort in front of the FTP server.....  ;-)

IIS 6.0 FTP will *always* respond to a PASV command with the IP address of the interface that it received the request on.  If it receives the request on IP it will send back in the 227 response (shows up as 10, 0, 0, 5, high, low).

Your NAT device is watching traffic on port 21 and properly translating the IP in the 227 response to the external IP address and everything is working properly.  Unfortunately unless you can configure your NAT device to also expect FTP command channel traffic on port 1773 it will not know to watch for 227 responses and will not translate them properly.

I would be willing to bet money that if you move the 'working' site to a different port for testing it will show the same symptoms as the one currently failing.

Short answer - you're probably out of luck unless you have or are going to buy an expensive NAT/Firewall device that you can configure to watch for FTP on port 1773 and translate it accordingly.

Dave Dietz

Author Comment

ID: 13511110
Ok, I guess that makes sense... Is there no way around this?


LVL 34

Expert Comment

ID: 13513855
Only ways around it would be to use a different non-RFC compliant FTP serverthat allows you to hardcode the 227 response or to get a different firewall.

Sucks, but this is happening more and more often with firewalls and NAT devices springing up everywhere.....

Dave Dietz

Author Comment

ID: 13514195
ok thanks for the help


Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question