I’m trying to get secure ftp working on SBS 2011. Here’s what I’ve done so far:
FTP is installed on the server, and I see that windows firewall already has a rule for “FTP Server Secure (FTP SSL traffic in)” which uses port 990, and it allows incoming ftp traffic on ports 1024-65535.
On the router I opened port 990, directing its traffic to the server.
I added the DNS forward lookup entry for ftp.domain.com
On the server, under IIS, I set up an FTP site, called ftp.domain.com
that binds to port 990.
On the ftp site, I turned on basic authentication, and the default domain is set to the domain. I set the outside ip address under ftp firewall support, and under FTP SSL settings I set it to allow ssl connections and use the 3rd party certificate.
Under IIS manager permissions, I set my windows account as enabled for log in.
That’s all I’m aware of needing to do on the server.
Then on the client (which is presently inside the domain), I set up filezilla as this is capable of secure ftp.
It is configured to go to ftp.domain.com
(or 192.168.0.2 when inside the domain) using port 990, with my user name as user/password.
It times out when it tries to connect.
I tried to use filezilla to connect using “FTPS – ftp over explicit TLS/SSL” using the internal ip address, and it says:
Status: Connecting to 192.168.0.2:990...
Status: Connection established, waiting for welcome message...
Error: Could not connect to server
I was following along with a SBS 2008 tutorial at http://www.smallbizserver.net/Articles/tabid/266/Id/322/PageID/574/How-to-install-FTP-75-on-a-SBS-2008-server.aspx
and when I tried to browse to ftp://localhost
while on the server, it says the page can’t be displayed. Tried this with the firewall off, with the same result.
Found instructions at http://blogs.iis.net/jaroslad/archive/2007/09/29/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0.aspx
and it recommended running these commands:
1) sc sidtype ftpsvc unrestricted
2) net stop ftpsvc
3) net start ftpsvc
4) netsh advfirewall firewall add rule name="FTP for IIS7" service=ftpsvc action=allow protocol=TCP dir=in
5) netsh advfirewall set global Statefulftp disable
6) C:\Windows\system32>netsh advfirewall show global
BootTimeRuleCategory Windows Firewall
FirewallRuleCategory Windows Firewall
StealthRuleCategory Windows Firewall
ConSecRuleRuleCategory Windows Firewall
Can anyone spot problems, or recommend a fix?