FTP / SSL working internally but stopping at Listing Directory

Posted on 2014-08-05
Last Modified: 2014-09-09

We have a basic FTP server which runs FTP / SSL on port 21, it works fine internally and almost externally apart from the fact it wont list the directories, I have all the firewall rules correct as it is connecting just not listing the directories.

I have heard this has something to do with Passive/Active modes and NAT but as this is the first FTP / SSL system I have built I am not sure how to get this sorted.

FYI: this runs on a DC with only IIS FTP services installed.
Question by:mfg1
    LVL 14

    Accepted Solution

    FTP uses two ports, a control port and a data port.  You'll need to open additional ports, depending on whether you're supporting active mode, passive mode, or both.

    Active Mode
    Passive Mode
    Active requires both 20/TCP and 21/TCP.

    Passive requires a defined data channel port range...

    Enter a range of values for the Data Channel Port Range.
    This works internally because you do not have an internal firewall blocking 21/TCP and 20/TCP (active)  or 21/tcp and the predefined data channel range (passive).
    LVL 4

    Author Comment

    Since this post we have tried the options you mentioned above, but we are still having issues with the directory listing,  we do t use the local windows firewall on this server and we have specified the dynamic port range and allowed through our hardware firewall.

    Still cannot list the directories. Also I have open ports 20,21.
    LVL 14

    Expert Comment

    by:Giovanni Heward
    Try enabling logging on your firewall to see what data port(s) are being blocked.  Did you try switching between active and passive mode using the FTP client when testing?  If you intend to support both modes, try performing a directory listing with both modes when logging at the firewall.  

    Alternatively, you can run TCPView on both sides (server and client) to see what connections are attempted when performing a directory listing.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
    This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now