I have a problem that is baking my noodle. We have a Win 2003 Server running IIS 6.0. We have five different FTP sites configured, each using a separate IP address (we have hundreds of IPs bound to the NIC, as this server hosts numerous client websites).
The FTP Service was configured to use Passive FTP on ports 5000-5010, and Windows Firewall exceptions added for all relevant ports. The server ran for years without any trouble, servicig all traffic both http and ftp.
Beginning today, for no apparent reason that can be found as yet, the FTP service began dropping connections, due to those connections being denied by the Windows Firewall.
So far what I have done is reset the PassivePortRange in the IIS metabase (now set to 5500-5700 just to ensure we have enough available ports), and created exceptions in the windows firewall for all those same ports (5500-5700), as well as ensured that exceptions exist for port 21.
NOW, the problem is this:
The server is allowing ftp connections to just one ftp site - that site that uses the NIC's primary IP (let's call it 188.8.131.52 just for illustration).
Incoming ftp connections for the other four ftp sites - those sites that use IPs other than the primary one - are refused.
So, for example:
- resolves to 184.108.40.206 - connects fine
- resolves to 220.127.116.11 - firewall denies connection
- resolves to 18.104.22.168 - firewall denies connection
When I turn off the windows firewall all ftp sites work perfectly. When turned back on only ftp site #1 works.
What am I missing here?