0

I have a Windows 2003 64bit Data Center Edition, with IIS/FTP 6 installed. The FTP Site is the default site that was created when I installed IIS/FTP. I have setup FTP so that it won't allow Anonymous connections. The home folder is C:\Inetpub\ftproot, with Read and Write permission. The ACL for the ftproot follows:

Administrators: Full Control
CREATOR OWNER: Full Control
SYSTEM: Full Control
Users: Read

I have created a Virtual Directory called VirtualDir, that points to C:\Inetpub\wwwroot\VirtualDir, with Read and Write permission, and the ACL for the folder VirtualDir follows:

Administrators: Full Control
virtualdir: Modify (Read/Write)
IIS_WPG: Read
InternetGuest: Deny Write
SYSTEM: Full Control
Users: Read

I created a local User with the name virtualdir that belongs to the Users group and, as you can see above, has Read/Write permissions on the VirtualDir folder inside wwwroot. I can only list the contents of the Virtual Directory VirtualDir using Active connection mode. With Passive Mode, it's impossible. I've tried turning off the server's firewall, and I've added Exceptions for port 21 AND for the C:\WINDOWS\system32\inetsrv\inetinfo.exe file, with no effect. I'm sure it's not a client firewall issue, because I can connect with any other FTP site, in active or passive mode, without a problem. Below is the log for FileZilla client when using Passive Mode:

Status: Connecting to 187.xxx.xxx.204:21...
Status: Connection established, waiting for welcome message...
Response:   220 Microsoft FTP Service
Command:    USER virtualdir
Response:   331 Password required for virtualdir.
Command:    PASS ************
Response:   230 User virtualdir logged in.
Status: Connected
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/virtualdir" is current directory.
Command:    TYPE I
Response:   200 Type set to I.
Command:    PASV
Response:   227 Entering Passive Mode (187,xxx,xxx,204,19,139).
Command:    LIST
Response:   425 Can't open data connection.
Error:  Failed to retrieve directory listing

When using Active mode, all goes well. Have I forgotten anything? Have I done something wrong? I don't think it's permission, since in Active Mode, everything goes fine.
Tks

Pascal
  • 133
  • 1
  • 5
  • 11
  • is the server behind another level of firewall? That could be be blocking the passive FTP ports. – MattB Dec 08 '10 at 15:51
  • @MattB maybe... I'll check with the ISP. I concentrated on me doing something wrong with the configuration, that I forgot about the ISP – Pascal Dec 08 '10 at 16:11
  • @MattB, you were rigth! Post it as an answer, so I can give up the credit! http://ajuda.uolhost.com.br/index.php?ind=106&p=resposta&res=1075 – Pascal Dec 08 '10 at 17:50

1 Answers1

1

Passive FTP ports are being blocked by a firewall on the server side. There is a metabase property called PassivePortRange that allows you to specify the range of ports used for passive FTP, to match what is allowed through your firewall.

See these references:

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/0d2a9b2e-b697-4bb3-8a61-0fad73a1fa08.mspx?mfr=true

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/d2405f36-06c3-4468-a8b0-eb0442ed1889.mspx?mfr=true

MattB
  • 11,194
  • 1
  • 30
  • 36
  • Beware of this bug also... wasted an hour to figure it out... http://stackoverflow.com/questions/1009506/passiveportrange-problem-in-iis6-ftp – Pascal Dec 09 '10 at 12:40