Link to home
Start Free TrialLog in
Avatar of EddieWieder
EddieWieder

asked on

How can I set up IIS 7.5 FTP Service to accept internal and external traffic using Passive (SSL/TLS)

What I am trying to do is set up a FTP server that goes through ISA 2006.  I have it working from external sites using the proper configation of setting up specific ports on both the fiewall and IIS.  Both encryypted and unencrypted traffic work as expected. (BTW, I am not using the built in windows firewall).

My problem is when I try and connect from inside our network and use any passive connection.  It fails to give me a directory listing.  The reason for this is because you have to program in the outside IP address in the firewall config on IIS.  That tells IIS to use the outside IP address even though we are inside.

Is there the possibility to get this to work without having to send our users out the firewall and back into a DMZ port. (No I am not currently using a DMZ for this box)
Avatar of Dave_Dietz
Dave_Dietz
Flag of United States of America image

If your network configuration is such that you have to use the "Firewall Configuration" options for FTP in IIS then your only real option to support internal users would be to create a second FTP site for your internal users pointing to the same content.

The Firewall Configuration options in FTP are only there to act as a band-aid for poorly behaving NAT and Firewall/router devices that can't properly support FTP connections.  If you have to use these they modify the underlying responses sent by the FTP service and generally render it inoperative for connections that don;t go through the errant device(s).

Dave Dietz
ASKER CERTIFIED SOLUTION
Avatar of EddieWieder
EddieWieder

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of EddieWieder
EddieWieder

ASKER

After trial and error I finally figured out the issue.
Always restart the service in services.msc after making changes to either ports or firewall ip in the iis manager.