6

I am trying to setup a second FTP server on a computer running Windows Server 2008 and IIS 8.0. I already have an FTP server accessible with one port, and this one will be accessible on a different port and point to the same directory.

I forwarded the port on the router and allowed an exception in the Windows Firewall for the new port, after setting it up with Basic Authentication.

Now, I am able to access the FTP server from the local machine using localhost:2020 (pretending that 2020 is my port). When I try using ftp://mydomain.biz:2020, I am still prompted for a login screen, but upon entering the same login information used with localhost, which worked, I receive this error:

Error

How can I fix this error?

Jake
  • 602
  • 1
  • 9
  • 16
  • Are you using `ftp://mydomain.biz:2020/` from the same server? Another computer on the network? or another computer on a different network through the port forwarding on the router? The generic error message you got says your client is attempting to connect to 192.168.1.165 port 50297 due to the server's `PASV` response – DerfK Oct 07 '14 at 19:13

2 Answers2

2

This sounds like the stereotypical problem that neither the firewall, nor your router, recognise that you're running the FTP protocol, probably because you're using a non-standard port for the control connection.

When the data connection is announced (the PASV port) that port is possibly not opened by the Windows firewall, making connecting impossible.
Even if the Windows firewall does open the port in the systems firewall, because you're using port-forwarding without specifying the FTP helper module, your router doesn't inspect the responses from the FTP server over the control connection. Then it won't rewrite the internal IP-address of the Windows server to the public IP-address of the router in the PASV response, nor will the router dynamically create the correct port forwarding rule for the data connection.

Grief all around.

check the functioning of the non-standard FTP port from another host within the same network to confirm if the Windows firewall works correctly.

Then check the configuration of your NAT router.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
1

The FTP protocol uses a plethora of ports: port 21 for the control connection, port 20 for the data connection in active mode, and a variable number of usually high ports for passive data connections.

In this case the FTP client is likely informing you that passive data connection to IP 192.168.1.165 on port 50297 failed. Almost always, when this happens, it's a firewall (or NAT) configuration problem.

In your case I think we can exclude the NAT issue, because you're connecting to an IP on your same LAN (192.168.1.0/24) therefore it must be a Windows Firewall issue.

Easy (but less secure) solution is to configure the Windows Firewall exceptions to trust the FTP Server process (it's EXE). That way it will be able to accept incoming connections on any port. More elegant (and safer) solution, is to configure the exact port range to be used by the FTP server for passive connections, and then open only those ports (plus port 2020) on your Windows Firewall.

FjodrSo
  • 294
  • 1
  • 6