ftp works for internal network but not from then internet

G

GoodMayonnaise

Ports are forwarded and firewalls for the ports are down. I'm using the
ftp software IIS with winXP pro. I have a http:// server running just
fine from this same computer. I tried to do the same thing with ftp://
and it only works from inside the network. Login is annonymous for now.
Is it not possible to have one computer be doing two services like
that? I don't think so.
The issue is that it works inside the network but not outside it. Tips?
 
R

Ron Lowe

GoodMayonnaise said:
Ports are forwarded and firewalls for the ports are down. I'm using the
ftp software IIS with winXP pro. I have a http:// server running just
fine from this same computer. I tried to do the same thing with ftp://
and it only works from inside the network. Login is annonymous for now.
Is it not possible to have one computer be doing two services like
that? I don't think so.
The issue is that it works inside the network but not outside it. Tips?
Click to expand...


This is a case of the classic active vs. passive mode problem.
FTP uses 2 connections, a controll connection and a data connection.

Essentially, a server-side NAT blocks Passive mode FTP.
A Client-side NAT blocks Active mode FTP
NAT on both sides precludes FTP totally, unless special arrangements are
made.

In your case, I guess you have a NAT router at your server side, and have
forwarded port 21 to the FTP server.

In this case, external clients will only be able to connect using Active (
or Port ) mode FTP.
If they in turn are also behind NAT routers, then you may struggle to get
this to work unless their routers provide special handling for Active mode
FTP. ( Many do, so the simplest workaround may be simply to tell your
external clients they must use Active, not Passive mode. )


The best solution is for you to modify your server set up to enable both
Active and Passive mode.
What you need to do is to restrict the passive port range on your FTP
server:
http://support.microsoft.com/?id=555022
Then also forward that port-range on your router to the FTP server.

For background reading, read these references...
http://slacksite.com/other/ftp.html
http://www.ncftpd.com/ncftpd/doc/misc/ftp_and_firewalls.html
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IIS works on network but not outside internet 6
FTP Help!!! 1
Windows firewall ftp error 500 'EPSV': command not understood 0
FTP, localhost issues 1
IIS FTP Server and SP2 Firewall 6
setting up ftp server in dmz 1
FTP Server setup... I'm so close! 2
Error adding Network Place - FTP site 1

Top