Passive FTP Server Port Configuration Troubles Win2003

Question

Win2003

Ports 20 & 21 are open

IIS6 - Direct Metabase Edit enabled

Configured FTP service passive range to 5500-5550

5500-5550 added to windows firewall

iisreset and double checked by restarting ftp service

nothing has changed, when I connect and enter passive, it still hangs when ever I try to LIST or transfer files. Active is just as useless.

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\user>ftp
ftp> open x.x.x.x
Connected to x.x.x.x.
220-Microsoft FTP Service
    xxxxxxxxxxxxxxxxxx
220 xxxxxxxxxxxxxxxxxx
User (x.x.x.x:(none)): user
331 Password required for user.
Password:
230-YOUR ACTIVITY IS BEING RECORDED TO THE FULLEST EXTENT
230 User user logged in.
ftp> QUOTE PASV
227 Entering Passive Mode (82,19,25,134,21,124)
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.

and it hangs..

Now I can see from microsooft documentation that on newer windows releases, additional steps such as these are suggested, but they dont work on 2003...

netsh advfirewall firewall add rule name=”FTP Service” action=allow service=ftpsvc protocol=TCP dir=in
netsh advfirewall set global StatefulFTP disable

is there anything I am missing, what is this StatefulFTP malarkey at the end

EDIT

I can connect and transfer binary files using WinSCP client - Therefore the problem must be with my ftp commands no? Can anyone see anything wrong with my windows ftp client example? why would it hang on ls, i tried QUOTE LIST as well, and that just hangs, and the windows ftp client doesnt work in active, it hangs if I try to go "binary" then put - This worked before I added 5500-5550 on the router. I have since added this range to the router but no difference to the windows ftp client.

WinSCP and FTP have exactly nothing in common. WinSCP essentially connects via SSH. — glglgl, Nov 02 '11 at 17:51

aleroot · Answer 1 · 2011-11-02T17:16:49.100

1

Maybe it is the firewall that block...

To correct this issue and allow FTP state tracking on Windows Firewall, run this command from a command prompt :

netsh advfirewall set global StatefulFtp enable

or put inetsrv.exe in the trusted program of the firewall .

EDIT

Script to configure firewall on windows server 2003 :

C:\Inetpub\AdminScripts\adsutil.vbs set /MSFTPSVC/PassivePortRange “ 5500-5550″
FOR /L %I IN (5500,1,5550) DO netsh firewall add portopening TCP %I “Passive FTP Port “%I

edited Nov 02 '11 at 17:16

answered Nov 02 '11 at 17:10

aleroot

3,160
5
28
37

C:\Documents and Settings\Chris>netsh advfirewall set global StatefulFtp enable The following command was not found: advfirewall set global StatefulFtp enable. – Chris Nov 02 '11 at 17:11
ok, yes i'm sorry work only in 2008 and above, try putting inetsrv.exe in the trusted program of the firewall. – aleroot Nov 02 '11 at 17:12
adding inetsrv didnt help - I think it maybe not the windows firewall, but router configuration for ports 5500-5550 - my college is in the process of checking this for me now so I can test again. – Chris Nov 02 '11 at 17:19
Watch the edit, i've inserted a script that should work also in Windows Server 2003. – aleroot Nov 02 '11 at 17:19
As mentioned in the question, I already used that script, set the iis6 passive port range and added to the firewall - see my previous comment I check else where ;-) – Chris Nov 02 '11 at 17:20
when you get blocked in the list of the files most likely is a problem with the firewall ... – aleroot Nov 02 '11 at 17:21

score 0 · Answer 2 · answered Nov 03 '11 at 14:45

0

Turns out windows ftp client needed adding to the firewall LOL

answered Nov 03 '11 at 14:45

Chris

299
2
4
9

Glad you resolved this issue. Please be sure to mark your answer as "accepted" when you are able. – jscott Jul 14 '12 at 17:27

Passive FTP Server Port Configuration Troubles Win2003

2 Answers2