Active29 days ago
- Windows Server 2008 R2 Ftp Connection Timeout
- Windows Server 2008 R2 Ftp Passive Mode
- Windows Server 2008 R2 Ftp Firewall Settings
During the last few days I have been setting up a Windows Server 2008 R2 in a VMware. I installed the standard FTP-Server on it by using the Webserver (IIS)-role.
Everything works fine with accessing my FTP-Site with
ftp://localhost
in Firefox. I can also get access to it via the local IP of my Server. Actually everything works fine in my LAN. But here's my problem:
I want to get access 'from outside', using the external IP or a dyndns-URL. I have a LinkSys-Router in front of my Server, therefore I'm forwarding all the important ports.
I want to get access 'from outside', using the external IP or a dyndns-URL. I have a LinkSys-Router in front of my Server, therefore I'm forwarding all the important ports.
Windows Server 2008 R2 Ftp Connection Timeout
Verified and Tested Introduction. We will show you how to install FTP on a Windows Server 2008 R2. Web Server (IIS) – If you haven’t yet, check out our article How to install IIS on Windows Server 2008 R2. Installing FTP on Windows Server 2008 R2.
If you may now think 'this idiot has probably forgotten some ports', I must dissappoint you. It even works getting access to my Server-Website and messing around in some WebInterfaces.
FTP Server: Set up FTP on a Web server when you want to let users transfer files to or from a site, Watch this step by step tutorial to know how to install Windows IIS and configure FTP Server. To install the FTP service on Windows Server 2008. On the Start menu, click Administrative Tools, and then clickServer Manager. In the Server Manager Pane, in the Roles Summary section, clickWeb Server (IIS). In the Web Server (IIS) section, click Add Role Services. I have a newly installed W2K8 R2 which I use it as web server. I have already enabled all the things under the 'web server(IIS)' and I also checked that the Windows Firewall had all the FTP-related. In both cases, you can use an optional FTP Server component of the IIS. It can be installed standalone or along with a Web Server.1. Installing FTP Server. On Windows Server 2016 and Windows Server 2012; On Windows Server 2008 R2; On Windows Desktop (Windows 10, Windows 8, Windows 7 and Windows Vista) Opening IIS Manager. Install IIS on Server 2008 1. Click Start, point to Administrative Tools and then click Server Manager. In Roles Summary, click Add Roles. Use the Add Roles Wizard to add the Web server role. Install the FTP service on Windows Server 2008 1. On the Start menu, click.
The problem is my passive FTP (active works for me). I always get a timeout, when e.g. FileZilla waits for a response to the
LIST
-command. The one big thing I don't get, is, why my Server sends a response to the PASV
-command, naming a port like 40918, even if I have restricted the data port range for my passive FTP ( in the IIS-Manager) to e.g. [5000-5009]. I simply don't want to open and forward all possible data ports!
And another thing is, I can't specify a static external IP address for my server, since I don't own any.
I have already tried these solutions:
--- EDIT: ---
There is one idea rising up in my mind:
When I use FileZilla to connect by passive mode I always get something like this:
According to a Rhinosof-article FZ tries to connect on port '160*256+86 = 41046', although I have restricted the data ports (as mentioned above). Could this be caused by the router, that doesn't forward out-ports directly, but uses different ones?
(--> The IP-Adress given is the local one, since I'm not able to define a static external in the IIS-Mgr)
When I use FileZilla to connect by passive mode I always get something like this:
227 Entering Passive Mode (192,168,1,102,160,86)
According to a Rhinosof-article FZ tries to connect on port '160*256+86 = 41046', although I have restricted the data ports (as mentioned above). Could this be caused by the router, that doesn't forward out-ports directly, but uses different ones?
(--> The IP-Adress given is the local one, since I'm not able to define a static external in the IIS-Mgr)
--- EDIT 2: ---
I have had an idea about changing the
Conclusion: Hello freeware, bye 'costs, but simply works'-Windows * cough *.
dynamicportrange
via netsh interface
, but not even the examples given by the help-text itself worked. I think I'll give it up with the IIS-FTP und then use the FileZilla-Server.Conclusion: Hello freeware, bye 'costs, but simply works'-Windows * cough *.
Community♦
Peter WildemannPeter Wildemann
4 Answers
Changing the dynamic port range in windows will not help. The only thing it does is limit what port will be used for the client side of a socket connection.
What you need to do is limit the port range used by IIS's FTP server. There is a pretty good blog post about that on MSDN but here are the high points:
- If you're using the built-in FTP server, you need to first install the 'IIS 6 metabase compatibility' role service (as well as the associated scriting tools) and then use the following command to set the proper metabase property:adsutil.vbs set /MSFTPSVC/PassivePortRange '5500-5525'
- If you're using the IIS 7.5 downloadable FTP module (the one you get from this page) then all you need it open the server's configuration editor and edit the 'data channel port range' property under 'FTP Firewall Support > Data Channel Port Range' in applicationHost.config.
Regardless of the above, you will still need to port forward the whole range on your NAT gateway device for external connections to work. Most descent Firewall/NAT devices have protocol helpers included for FTP that will allow them to identify the PASV command and react accordingly, but not all do (and it usually won't work if you're using non-standard port for the FTP command channel).
P.S. You should consider using a different protocol than FTP if you're behind NAT: you can't make it work without ugly - and risky - workarounds. I suggest you investigate SFTP or WebDAV.
StephaneStephane5,78933 gold badges2222 silver badges4646 bronze badges
Have you tried putting the FTP Server in your router's DMZ just to see if its the router that is dropping the packets? Try that.
Windows Server 2008 R2 Ftp Passive Mode
Also, turn on the windows firewall logging (Control Panel -> Admin Tools -> Windows Firewall and Advance Security, right click 'Windows Firewall and Advance Security' in the console, go to Properties, then enable Logging there for dropped packets) just to see if your computer outside the network was able to ask for the correct ports.
Falcon Momot22.9k1010 gold badges5252 silver badges8080 bronze badges
cflyercflyer
netsh advfirewall set global StatefulFtp enable
netsh advfirewall firewall add rule name='FTP for IIS' service=ftpsvc action=allow protocol=TCP dir=in
MugurelMugurel74311 gold badge66 silver badges1616 bronze badges
For those of you that are using a Windows server hosted using Microsoft's Azure Cloud Service, if you are using a Network Security Group, you will also need to create an inbound rule there that matches the port range that you setup inf the FTP Firewall Support section in IIS.
Josh BarnesJosh Barnes