Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 960
  • Last Modified:

Settin up FTP on ISS Windows7

Hi, I am trying to setup FTP on my local PC.
I have configured my Router to redirect the trafic to my PC.

It works locally, but when using my public ip address I am getting error:
425 Cannot open data connection.

Here is the log:

Connect to: (16/01/2014 13:30:06)
hostname=ip_address
username=username
startdir=
220 Microsoft FTP Service
USER username
331 Password required for username.
PASS ***********
230 User logged in.
SYST
215 Windows_NT
FEAT
211-Extended features supported:
 LANG EN*
 UTF8
 AUTH TLS;TLS-C;SSL;TLS-P;
 PBSZ
 PROT C;P;
 CCC
 HOST
 SIZE
 MDTM
 REST STREAM
211 END
Connect ok!
PWD
257 "/" is current directory.
Get directory
TYPE A
200 Type set to A.
PORT 192,168,0,13,197,86
501 Server cannot accept argument.
PASV
227 Entering Passive Mode (192,168,0,13,197,87).
LIST
150 Opening ASCII mode data connection.
Download
Waiting for server...
425 Cannot open data connection.

Any idea?
0
RafalKa
Asked:
RafalKa
  • 2
2 Solutions
 
dextermainCommented:
1. Are you on a static or dynamic IP connection?
2. Have you tried using passive FTP instead of active (in the case of if you are on a dynamic Ip & sitting behind a firewall)

Try the following that was posted at: http://forums.iis.net/t/1157854.aspx

1: If there is a firewall involved server side check what ports are allowed for FTP Passive mode
2: In IIS set "Data Channel Port Range" under "FTP Firewall Support" to the passive port range gleamed from step 1 (normally this is 49152-65535) (Click on the server not the FTP Site to set the port range)
3: Check the passive port range is actually in effect by opening a command prompt and typing:

netsh int ipv4 show dynamicport tcp

If the range is not as it should be then adjust it with:

netsh int ipv4 set dynamicport tcp <Start Port> <number of ports> persistent

(for the default 49152-65535 this would be 49152 16383)

4: Set your FTP client to use Passive mode

I think the reason for using Passive mode is, with FTP Active mode your router firewall or whatever is expected to find out which port you are using from inspecting the FTP traffic, it cannot do this if the control channel is encrypted so I think you have to use Passive mode FTP.

The problem came when I changed the Passive mode Data Channel Port Range under "FTP Firewall Support" to the silly range the ISP had set up 20000-21000 and it didn't actually update the the ftp server.
0
 
AlexPaceCommented:
The problem is clearly shown in the log:

227 Entering Passive Mode (192,168,0,13,197,87)

The server's PASV response includes its private IP address on the 192.168.x.x subnet in the first four numbers.  Change your server configuration so it uses the external public IP address of your firewall in the PASV response.

This problem is so common that some FTP client software programs automatically ignore the address in the PASV response when it is a private address.  Also be sure that the ports are correct.... you can figure out the port by multiplying the fifth number by 256 and then adding the value of the sixth number.  For the PASV response above that would be:
(197 x 256) + 87 = 50519
So your firewall will need to forward an inbound connection request on that port to the computer where the FTP server is actually running.
0
 
RafalKaAuthor Commented:
I was testing it from the inside of network. But from the outside it works just fine. Thank you for help anyway.


Best regards
0
 
RafalKaAuthor Commented:
Resolved by my self.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now