• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1578
  • Last Modified:

FTP passive mode

I setup my ftp with port 20 and 21 open, and set an ip. As most people behind a firewall with NAT and SPI I had to use passive mode in IE to get it to be viewable outside of an FTP program. My question is what can I do so I do not have to make people edit settings in IE to allow them to just type it in. Take down NAT? or is there a passive mode in FTP itself when I make the FTP.
0
productivetech
Asked:
productivetech
  • 3
  • 3
1 Solution
 
m1tk4Commented:
This actually is a firewall issue, and has to be addressed on the firewall. If your firewall is linux-based, you can solve this problem by using ftp_conntrack kernel module (insmod ftp_conntrack). Otherwise, it really depends on how your firewall handles this stuff.

Some FTP servers do have defaults for passive/active modes, what is your FTP server?
0
 
productivetechAuthor Commented:
I am running server 2003 with IIS, and as far as I recall while configuring IIS or FTP there was no active or passive option. Now I did do a search and found that some people changed internet explorer settings to uncheck allow folder view for ftp and check passive mode and it would work, but I checked and folder view is checked and passive mode is not .  .  . Sorry to repeat myself but I was hoping have said that again would help me clarify. I guess from reading that myself that since enable passive mode is not on in IE that my FTP is active?

I plan on getting a Cisco firewall in the up coming months but for now I have a crappy Netgeat WGT624. It has options for VPN pass through and a SPI firewall but the firewall only has one option and that is to disable it so I am wondering if I need another solution or to just wait till they have an updated firmware for this router so I can specify what I want the router to block.

I have an 3com Office connect router but the thing will not allow port fowarding properly but VPN does work (go figure) and I have a BEFSX41 Linksys but I am leery about using it for this.
0
 
m1tk4Commented:
See this:
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/0d2a9b2e-b697-4bb3-8a61-0fad73a1fa08.mspx?mfr=true
, scroll down to "Setting the Passive Connection Port Range".

I think I may have misunderstood you a bit - do you have problems because your FTP server is behind that firewall or just the users who are behind that firewall are experiencing difficulties accessing FTP someplace else?

0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
m1tk4Commented:
Here is another one that describes passive vs. active in IIS in a lot of details, might help you understand where the problem is:

http://support.microsoft.com/kb/283679/en-us
0
 
productivetechAuthor Commented:
I can user Remote Desktop and FTP on the infrastructure, I can use them from the internet at any location too, I just can use FTP with out changing Internet Explorer intenrnet options. The option I have to change is Uncheck "Use Passive FTP (For  Firewalls and DSL modem compatibility). For some reason if I do not IE times out after the prompt for user name and password and says the connection has been reset. I can access it with an ftp program but I just want to be able to access it in IE without changing peoples settings to allow me access from remote locations. Lets say I gave a user rights who was 200 miles away, I don't want to have to walk him or her through IE and change settings. What is sounds like to me is IE is acting like it is using passive ftp, and I ave an active ftp, although at this point I have had no options to choose one or the other in IIS.
0
 
productivetechAuthor Commented:
Ok thank you very much for the article but I am still a little unsure. I have two ports open, one on 20 and another on 21. Knowing that I believe a active FTP is one half duplex connection for control, another full duplex for data transfer. I lost my place on the page to refrence but thats the way I understand it, but knowing that it sounds like active is more secure and reliable. The only bad thing is it sounds like IE is not supporting both with out a change, it sounds like by default it supports passive only. I read up on the article you gave me and I confirmed I am using IE 6 and it does support both, so why is there an option to only allow passive by default?
0
 
sleep_furiouslyCommented:
This is a nice page for understanding the details of active vs. passive FTP

http://slacksite.com/other/ftp.html

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now