Strange FTP issue (Server 2003)

We have a strange problem with FTP access to one of the sites on Web Server 2003.
Hoping someone can help.

We have a Server 2003 that runs IIS and has about 40-50 sites with FTP access.

No one seems to have this problem except for one website. Granted the site is rather poorly looked after with some filenames containing spaces etc. and with the total folder size of 330MB. Most images on the site are disproportionately large and what have you.

The problem:
In its current state when I attempt to establish a remote FTP connection to the site, it just throws up error: "An error occurred opening that folder on the FTP server. Make sure you have permission to access that folder. Details: The operation timed out" and refuses to load anything.

We have a firewall enabled for the network connection over which FTP requests are transmitted with the exceptions for various FTP services and a range of passive ports: 10001-10100.

When the firewall is enabled for this network connection, the FTP connection to this problematic site is attempted via 5000 range port (i.e. 5003, 5005 etc.) and when I switch the firewall off and retry the connection, it then connects and loads the FTP contents successfully but via 10000 range ports (i.e. 10002, 10006 etc.)
In short when firewall is off it uses 10000 range ports and is successful, when firewall is on it tries to use 5000 range ports instead and fails. Other sites that are hosted on the same server are not affected by this change and are always successful when FTP connection is attempted no matter if Firewall is on or off.
I've tried adding a couple of 5000 range ports (5000-5005 to be precise) to the exception list to see whether that makes any difference but it didn't.

Other weird thing that baffles me is when I take out (delete) one folder from the root of the site which contains web images then I'm able to establish a successful FTP connection to that site even though the firewall is still on. Image folder size in question is 95MB.
What's even weirder is that when I re-create a new BLANK folder in the root of the site and call it "images" (same as the original folder was called) and leave it blank and then retry the FTP connection then it fails immediately again.

The site is written in plain HTML and is rather old and messy (not our fault promise) but we never had problems with it before just recently it suddenly started doing that. I'm not aware of any recent changes in configuration either.

Tried in windows explorer and other FTP clients such as: Filezilla and FireFTP

Plain mystery to me.

Thanks in advance for any tips and help.
SafeserveAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Do you have a single FTP site with virtual directories that lead the user to the root of their site?

If you have multiple sites and firewall is up, the FTP session is such that all connections are initiated from the client versus the client with a non-firewall process where the client initiates the initial port 21 connection and the FTP server initiates the data connection back once the user authenticates.

The IIS FTP can be configured to limit the range of ports used by the FTP server for PASV (passive where the client initiates all connections) once you limit this range of ports, you would need to configure your firewall to allow the port range to reach the server/IP.

In your example port range 5000-5100 as an example alowed to the IIS/FTP server
0
AlexPaceCommented:
The data channel port is negotiated on the fly when a file transfer or traditional directory listing is requested.

If the client wants a passive mode it sends PASV and the server responds with a port number from your chosen range that the client is expected to initiate a connection to that port.  

If the client wants active mode it sends PORT and an ip address and port number that the server is expected use.  The server initiates a connection to that address and port so it is outbound from the server instead of inbound like the control channel.  

People don't use active mode that much anymore because they don't want to open so many ports...  On the server side you'd need to allow outbound connections to any port above 1024 to comply with the FTP spec.  On the client side you need to allow external internet servers to open connections to machines inside your firewall.  

Passive mode allows both sides to have better control over the situation.   Some server admins just decide to only support passive mode for this reason.

Note: Many modern firewalls can open and close FTP data channel ports on the fly by snooping the FTP control channel and watching for PASV and PORT commands.  Of course this doesn't work when you use FTPS because the SSL/TLS encryption can prevent snooping of the control channel.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SafeserveAuthor Commented:
Thanks guys!
0
SafeserveAuthor Commented:
Update: I've decided to give up trying to find what the problem is and instead used filezilla's FTP server software. Works absolutely beautifully and easy to set up. I've given it a unique listeting port (1121) so that the old FTP connections for other users are not affected.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.