• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 577
  • Last Modified:

Server 2008 R2 FTP server SNAFU

I have an FTP server configured on an '08 R2 box behind a Cisco ASA 5505.  I have no problems accessing the server internally.  I can telnet from outside into the server on port 21.  When I try to use the web browser (IE8 or Firefox) it prompts me for the credentials and then fails to connect.  I have used both IIS7 and FileZilla (I even tried the FileZilla client) and nothing will connect.  To me, this thing is screaming firewall issue and I think NAT might be getting underfoot, but I cannot find any reason for it.  I have ports 20 and 21 open from outside and they are forwarded right to the server.  I have tried passive and active mode with no avail...any ideas?
0
219com
Asked:
219com
1 Solution
 
jramsierCommented:
i think firewall.  on the cisco you say you have it fwed.  On the outside try to tellnet port 21 and check the logs on the cisco to see if you got traffic.  If you do it might be the firewall on Windows 2008 R2, ensure that port 21 is open to the public firewall (windows 2008 have muiple section of the firewall)
0
 
219comAuthor Commented:
I have disabled the Windows firewall all together.  When I check the ASA logs it is showing the inbound TCP connection to the correct port as does it when I try to connect with the web browser from outside.  It builds and instantly tears down the TCP connection.
0
 
Jeff MorlenNetwork EngineerCommented:
Within Filezilla you will need to configure the PASV ports to be used.
On the firewall you will need to map those back to the server.

Usually when you get "part" of an FTP server running, it is the firewall that is blocking the communications.  In this case, possibly TCP/UDP traffic on port 20 or PASV ports.
0
 
gavvingCommented:
The ASA needs to have "inspect ftp" enabled.  You might also need the command "ftp mode passive".  \

Have you checked the Windows 2008 FTP server config to ensure that it's setup to allow FTP connections from non-local IP addresses?  

This walkthrough may not completely apply to you, but has some good information:
http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/

0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now