SBS Server 2003 FTP Error 521 Illegal PORT command & 200 Type set to A.

I have set up an ftp server using SBS Server 2003.  The problem I am having is logging into the ftp server using IE.  I can log in fine through command line, I can open the page via IE(or firefox): it asks for my uname and pword, I log in(tried both local admin and domain admin unames) and then I get the error:

An error Occurred opening that folder on the FTP Server.  Make sure you have permission to access that folder.

200 Type set to A.
521 Illegal PORT command

I know that I have ports 20 and 21 forwarded through the router and I have rights to the folders
I can ping my
I can log in through my internal network by typing in and everything works as it should
Justin CollinsIT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

try to login to the internally from a work station which is not in the domain.

Justin CollinsIT ManagerAuthor Commented:
That worked fine also.
Instead of authenticating the Users at the ISA server

I guess the FTP server is fine,
You have a problem at the ISA server at the authentication.
check the logs, atempt an FTP connection from outside of your network,
you will see some entries which will light the problem.

Try to create the port 20 and port 21 tunnels to the FTP Server from the ISA server.
by this the firewall does not process the authentication requests it will forward directly to the FTP server for authentication.

but first check the logs

SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

where is the FTP server setup, is it on the ISA or some where on the LAN?
Justin CollinsIT ManagerAuthor Commented:
I am running everything on one server.  This is in my house and for my own personal use.
I am not running ISA at all.  
I have no firewall on the server as it's behind my router.

Error Logs shows the same message:

Event ID: 10

User someone at host has timed-out after 120 seconds of inactivity
from outside type

and command prompt type
telnet 20
telnet 21

and see if the connection establishes or not??

Justin CollinsIT ManagerAuthor Commented:
I can telnet to it, I can log in, but when I do a list it gives me that same 521 Illegal port command.
Port 20 denies, which as far as I know should deny.
Just check this out, and try from browser

For Users WITH Microsoft XP
If you receive the error message “521 illegal port command – An error occurred opening that folder on the FTP Server.  Make sure you have permissions to access the folder. Details: 200 Type Set to A” it means the passive configuration is checked on your browser settings.  

To allow you to perform the download or conduct your upload, click the “Tools” menu, click on “Internet Options,” select the “Advanced” Tab and unclick “Use Passive FTP (for firewall and DSC modem compatibility).  The click “OK.”

NOTE: If you prefer the passive configuration option for other downloads, please recheck this option under the “Advanced” tab of “Internet Options” once the download is complete.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I am not sure about your firewall settings,

IF the FTP is working from inside it should work from outside too.
did you forwarded Both TCP and UDP ports???

Justin CollinsIT ManagerAuthor Commented:
Sweet!!!  It works.  Can you change that on the server so that you don't have to have that unchecked?  Or what do i ask If I make a new post?
Justin CollinsIT ManagerAuthor Commented:
Yes, both are forwarded
i think you should be fine, i will try to fix,

did you forwarded both protocols ???TCP and UDP??
forward both of them..
and test with the browser again with default settings??
its a bit complicate process.
may be someone from the web servers team can help on passive mode setup

Do you still need any more help on this???
Justin CollinsIT ManagerAuthor Commented:
I will make a new post under Web Servers about the passive mode setup.  thank you for all your help
thanks :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.