Windows Firewall Issue

G

Guest

I have setup a Windows 2003 Server SP1 to be used as a Web server. I have
installed and configured IIS6.

This is going to be live on the internet so I setup windows firewall which
comes with 2003 Server SP1. I have it setup to allow web traffic (port 80),
ftp traffic (ports 20,21) and RDP (port 3389) to pass through. Everything
works fine from the outside you can browse web pages and access ftp sites as
well as use RDP, but for our internal subnet everything works except ftp. It
keeps failing with "the connection with the server was reset". If I disable
the firewall it works fine.

This is where it gets weird I tryed accessing the ftp site thought a command
prompt internally and it worked, but everytime I try with IE or an ftp client
it fails. So is there another port that I have to allow in order to get the
FTP to work correctly internally? Or is this another issue that I am not
aware of. If anyone has any ideas that would be great. Thanks.
 
R

Robert L [MS-MVP]

We have seen many cases like this one. assuming you have two NICs on the server and enabled the NAT, you may reset NAT pointing to the private IP. this case study may help,

Cannot access ftp after 2003 sp1 Case Study - Can't access FTP after installing Server 2003 SP1. Situation: the client has FTP on a Windows Server 2003 that comes with two NICs. ...
www.howtonetworking.com/casestudy/2003sp1&ftp.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I have setup a Windows 2003 Server SP1 to be used as a Web server. I have
installed and configured IIS6.

This is going to be live on the internet so I setup windows firewall which
comes with 2003 Server SP1. I have it setup to allow web traffic (port 80),
ftp traffic (ports 20,21) and RDP (port 3389) to pass through. Everything
works fine from the outside you can browse web pages and access ftp sites as
well as use RDP, but for our internal subnet everything works except ftp. It
keeps failing with "the connection with the server was reset". If I disable
the firewall it works fine.

This is where it gets weird I tryed accessing the ftp site thought a command
prompt internally and it worked, but everytime I try with IE or an ftp client
it fails. So is there another port that I have to allow in order to get the
FTP to work correctly internally? Or is this another issue that I am not
aware of. If anyone has any ideas that would be great. Thanks.
 
G

Guest

I appreciate your response, but I don't have dual nics and I'm not running
nat so that issue doesn't pertain to me. I do have windows firewall enabled
with exceptions to allow certain ports to pass through. Ftp will work for
users on the internet, but for local users it will not, it will only work
internally when I turn the firewall off, but that is unacceptable since this
is a live production server. If you have any other thoughts I would
appreicate it. Thanks
 
J

John Wunderlich

This is where it gets weird I tryed accessing the ftp site through
a command prompt internally and it worked, but everytime I try
with IE or an ftp client it fails. So is there another port that
I have to allow in order to get the FTP to work correctly
internally? Or is this another issue that I am not aware of. If
anyone has any ideas that would be great. Thanks.
Click to expand...

One difference between the command prompt FTP and most other FTP
clients is that the command prompt FTP uses active-mode FTP while
most everything else uses passive-mode FTP. There is an Tools-->
Internet Options-->Advanced-->"Use Passive FTP" setting on Internet
Explorer to select Active or Passive mode FTP. You might try playing
with this setting and see if it makes a difference.

The following articles may be of some help:
"How to configure Internet Explorer to use both the FTP PORT mode and
the FTP PASV mode in the Windows Server 2003 Family"
<http://support.microsoft.com/?kbid=323446>

"Active FTP vs. Passive FTP, a Definitive Explanation"
<http://slacksite.com/other/ftp.html>

HTH,
John
 
G

Guest

That did the trick. Thanks.

John Wunderlich said:
One difference between the command prompt FTP and most other FTP
clients is that the command prompt FTP uses active-mode FTP while
most everything else uses passive-mode FTP. There is an Tools-->
Internet Options-->Advanced-->"Use Passive FTP" setting on Internet
Explorer to select Active or Passive mode FTP. You might try playing
with this setting and see if it makes a difference.

The following articles may be of some help:
"How to configure Internet Explorer to use both the FTP PORT mode and
the FTP PASV mode in the Windows Server 2003 Family"
<http://support.microsoft.com/?kbid=323446>

"Active FTP vs. Passive FTP, a Definitive Explanation"
<http://slacksite.com/other/ftp.html>

HTH,
John
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Internal Vs. External IP Addresses : Cannot Use External Addresses Internally 2
after a ftp put command it just says "200 PORT command successful." and hangs forever. What could be 1
Questions about passive FTP, firewalls and Routers 4
External IP problem? 1
Best way to setup remote access for my network 17
Installing FTP without IIS on Win2k3 & Domino Web Server 1
how to assign 2 IPs to server + using 2 isp ? 8
Windows firewall blocking FTP sites 14

Top