FTP passive mode

I setup my ftp with port 20 and 21 open, and set an ip. As most people behind a firewall with NAT and SPI I had to use passive mode in IE to get it to be viewable outside of an FTP program. My question is what can I do so I do not have to make people edit settings in IE to allow them to just type it in. Take down NAT? or is there a passive mode in FTP itself when I make the FTP.
productivetechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

m1tk4Commented:
This actually is a firewall issue, and has to be addressed on the firewall. If your firewall is linux-based, you can solve this problem by using ftp_conntrack kernel module (insmod ftp_conntrack). Otherwise, it really depends on how your firewall handles this stuff.

Some FTP servers do have defaults for passive/active modes, what is your FTP server?
0
productivetechAuthor Commented:
I am running server 2003 with IIS, and as far as I recall while configuring IIS or FTP there was no active or passive option. Now I did do a search and found that some people changed internet explorer settings to uncheck allow folder view for ftp and check passive mode and it would work, but I checked and folder view is checked and passive mode is not .  .  . Sorry to repeat myself but I was hoping have said that again would help me clarify. I guess from reading that myself that since enable passive mode is not on in IE that my FTP is active?

I plan on getting a Cisco firewall in the up coming months but for now I have a crappy Netgeat WGT624. It has options for VPN pass through and a SPI firewall but the firewall only has one option and that is to disable it so I am wondering if I need another solution or to just wait till they have an updated firmware for this router so I can specify what I want the router to block.

I have an 3com Office connect router but the thing will not allow port fowarding properly but VPN does work (go figure) and I have a BEFSX41 Linksys but I am leery about using it for this.
0
m1tk4Commented:
See this:
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/0d2a9b2e-b697-4bb3-8a61-0fad73a1fa08.mspx?mfr=true
, scroll down to "Setting the Passive Connection Port Range".

I think I may have misunderstood you a bit - do you have problems because your FTP server is behind that firewall or just the users who are behind that firewall are experiencing difficulties accessing FTP someplace else?

0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

m1tk4Commented:
Here is another one that describes passive vs. active in IIS in a lot of details, might help you understand where the problem is:

http://support.microsoft.com/kb/283679/en-us
0
productivetechAuthor Commented:
I can user Remote Desktop and FTP on the infrastructure, I can use them from the internet at any location too, I just can use FTP with out changing Internet Explorer intenrnet options. The option I have to change is Uncheck "Use Passive FTP (For  Firewalls and DSL modem compatibility). For some reason if I do not IE times out after the prompt for user name and password and says the connection has been reset. I can access it with an ftp program but I just want to be able to access it in IE without changing peoples settings to allow me access from remote locations. Lets say I gave a user rights who was 200 miles away, I don't want to have to walk him or her through IE and change settings. What is sounds like to me is IE is acting like it is using passive ftp, and I ave an active ftp, although at this point I have had no options to choose one or the other in IIS.
0
productivetechAuthor Commented:
Ok thank you very much for the article but I am still a little unsure. I have two ports open, one on 20 and another on 21. Knowing that I believe a active FTP is one half duplex connection for control, another full duplex for data transfer. I lost my place on the page to refrence but thats the way I understand it, but knowing that it sounds like active is more secure and reliable. The only bad thing is it sounds like IE is not supporting both with out a change, it sounds like by default it supports passive only. I read up on the article you gave me and I confirmed I am using IE 6 and it does support both, so why is there an option to only allow passive by default?
0
sleep_furiouslyCommented:
This is a nice page for understanding the details of active vs. passive FTP

http://slacksite.com/other/ftp.html

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.