Solved

FTP Service on IIS 6.0 will only work on Primary IP on NIC

Posted on 2011-09-14
3
348 Views
Last Modified: 2012-05-12
I have a problem that is baking my noodle. We have a Win 2003 Server running IIS 6.0. We have five different FTP sites configured, each using a separate IP address (we have hundreds of IPs bound to the NIC, as this server hosts numerous client websites).

The FTP Service was configured to use Passive FTP on ports 5000-5010, and Windows Firewall exceptions added for all relevant ports. The server ran for years without any trouble, servicig all traffic both http and ftp.

Beginning today, for no apparent reason that can be found as yet, the FTP service began dropping connections, due to those connections being denied by the Windows Firewall.

So far what I have done is reset the PassivePortRange in the IIS metabase (now set to 5500-5700 just to ensure we have enough available ports), and created exceptions in the windows firewall for all those same ports (5500-5700), as well as ensured that exceptions exist for port 21.

NOW, the problem is this:

The server is allowing ftp connections to just one ftp site - that site that uses the NIC's primary IP (let's call it 75.85.95.100 just for illustration).

Incoming ftp connections for the other four ftp sites - those sites that use IPs other than the primary one - are refused.

So, for example:

ftp.site1.com - resolves to 75.85.95.100 - connects fine
ftp.site2.com - resolves to 75.85.95.101 - firewall denies connection
ftp.site3.com - resolves to 75.85.95.102 - firewall denies connection
etc.

When I turn off the windows firewall all ftp sites work perfectly. When turned back on only ftp site #1 works.

What am I missing here?
0
Comment
Question by:worthyking1
  • 2
3 Comments
 
LVL 22

Expert Comment

by:eeRoot
ID: 36547130
can you post a few screen shots of the FTP server config and firewall config, (with confidential info blurred out) and the results of the commands "netsh advfirewall show allprofiles" and "netstat -ano"
0
 
LVL 6

Accepted Solution

by:
worthyking1 earned 0 total points
ID: 36551573
System fixed itself. With no changes whatsoever it began working normally today. Turned on the firewall and all ftp sites are working just fine.  I can only guess that Win 2003 has some sort of delay between setting the PassivePortRange and when it actually starts using those ports.

@eeRoot There is nothing wrong with my ftp or firewall config so I'm not going to take the time to make screenshots of those. Also, the netsh advfirewall command is not available on Win 2003.
0
 
LVL 6

Author Closing Comment

by:worthyking1
ID: 36591833
See comments.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now