Questions

Cannot access IIS FTP server from outside ( error 426 )

+
0 Votes
Locked

Cannot access IIS FTP server from outside ( error 426 )

DownRightTired
was wondering if anyone could help me out. Im trying to set up a corporate ftp server. Im able to connect no problem through the servers local IP address. Whenever I try to log on from the outside i get the login window but then when i log in i get a message saying ther was an error logging on with the following details :
200 Type set to A
227 Entering passive mode
426 Connection Closed; Transfer Aborted

Im running a mail server on the same machine and have no problems connecting from the outside. ANY help or suggestions would be appreciated.
  • +
    0 Votes
    Brooklyns Finest

    you have to set permissions in the default website of IIS...i assume you are using IIS6.0 (r)click the the default website and go to security and make sure that there are no address for deny permissions...i can go on if need be....let me know

    +
    0 Votes
    DownRightTired

    No there is no resriction. It seems Im able to establish a connection from the outside because i get the login screen. I shouldnt be able to get that far if was an issue of ip filtering right? It seems even to authenticate the login as a proper login is required to get as far as the 436 error...

    +
    0 Votes
    DownRightTired

    No there is no resriction. It seems Im able to establish a connection from the outside because i get the login screen. I shouldnt be able to get that far if was an issue of ip filtering right? It seems even to authenticate the login as a proper login is required to get as far as the 436 error...

    +
    0 Votes
    Brooklyns Finest

    make sure that the passwords in both of the users in AD (active directory) are the same as in your the permmission settings in IIS

    +
    0 Votes
    DownRightTired

    i have no problems authenticating the users when i connect locally. could it have something to do with NAT translation? im able to run other services w/ port forwarding but not sure if it effects the ftp protocol in anyway?

    +
    0 Votes
    Brooklyns Finest

    I'm guessing that you have the correct ports opened on the firewall correct.

    +
    0 Votes
    Brooklyns Finest

    I'm also assuming your using IIS6 and server 03 correct

    +
    0 Votes
    DownRightTired

    i was finally able to connect today using filezilla, i believe its an issue of active and passive ports wich im not real familiar with setting. the error i kept recieving was whenever the ftp server tries to set the transmission to pasv. ive tried different methods of manually setting a passive port range without success. Is there a direct way to set these inside the IIS MMC? Ive seen the option in third party ftp servers but cant find it in IIS. however like i said i was able to connect with filezilla, but id like the users to be able to connect easily without having to set this in their ftp client. I appreciate the help........

    +
    0 Votes
    mike.walker

    http://slacksite.com/other/ftp.html
    "A reader, Maarten Sjouw, pointed out that active FTP will not function when used in conjunction with a client-side NAT (Network Address Translation) device which is not smart enough to alter the IP address info in FTP packets."

    http://support.microsoft.com/kb/323446

    +
    0 Votes
    DownRightTired

    So I downloaded a fresh copy of filezill to my laptop, set the settings all the same and nothing, same error. For some reason im able to connect with filezilla 3.0 Beta-4 set to either passive or active yet UNABLE to connect with either setting using filezilla 2.2 or any other client for that matter.

    +
    0 Votes
    cheneymon

    I fought with this for about a week...I have a w2k3 r2 64bit server running exch & we needed an FTP site enabled on this server...Our watchguard was enabled for FTP & still couldn't get the FTP site to authenticate...After speaking to WG support they said it was MS issue...I searched & searched & finally found KB933717...It is a hotfix, but after applying the hotfix, FTP worked successfully...Just thought I would give some closure to this issue. Call 800-936-4900 for hotfix.

  • +
    0 Votes
    Brooklyns Finest

    you have to set permissions in the default website of IIS...i assume you are using IIS6.0 (r)click the the default website and go to security and make sure that there are no address for deny permissions...i can go on if need be....let me know

    +
    0 Votes
    DownRightTired

    No there is no resriction. It seems Im able to establish a connection from the outside because i get the login screen. I shouldnt be able to get that far if was an issue of ip filtering right? It seems even to authenticate the login as a proper login is required to get as far as the 436 error...

    +
    0 Votes
    DownRightTired

    No there is no resriction. It seems Im able to establish a connection from the outside because i get the login screen. I shouldnt be able to get that far if was an issue of ip filtering right? It seems even to authenticate the login as a proper login is required to get as far as the 436 error...

    +
    0 Votes
    Brooklyns Finest

    make sure that the passwords in both of the users in AD (active directory) are the same as in your the permmission settings in IIS

    +
    0 Votes
    DownRightTired

    i have no problems authenticating the users when i connect locally. could it have something to do with NAT translation? im able to run other services w/ port forwarding but not sure if it effects the ftp protocol in anyway?

    +
    0 Votes
    Brooklyns Finest

    I'm guessing that you have the correct ports opened on the firewall correct.

    +
    0 Votes
    Brooklyns Finest

    I'm also assuming your using IIS6 and server 03 correct

    +
    0 Votes
    DownRightTired

    i was finally able to connect today using filezilla, i believe its an issue of active and passive ports wich im not real familiar with setting. the error i kept recieving was whenever the ftp server tries to set the transmission to pasv. ive tried different methods of manually setting a passive port range without success. Is there a direct way to set these inside the IIS MMC? Ive seen the option in third party ftp servers but cant find it in IIS. however like i said i was able to connect with filezilla, but id like the users to be able to connect easily without having to set this in their ftp client. I appreciate the help........

    +
    0 Votes
    mike.walker

    http://slacksite.com/other/ftp.html
    "A reader, Maarten Sjouw, pointed out that active FTP will not function when used in conjunction with a client-side NAT (Network Address Translation) device which is not smart enough to alter the IP address info in FTP packets."

    http://support.microsoft.com/kb/323446

    +
    0 Votes
    DownRightTired

    So I downloaded a fresh copy of filezill to my laptop, set the settings all the same and nothing, same error. For some reason im able to connect with filezilla 3.0 Beta-4 set to either passive or active yet UNABLE to connect with either setting using filezilla 2.2 or any other client for that matter.

    +
    0 Votes
    cheneymon

    I fought with this for about a week...I have a w2k3 r2 64bit server running exch & we needed an FTP site enabled on this server...Our watchguard was enabled for FTP & still couldn't get the FTP site to authenticate...After speaking to WG support they said it was MS issue...I searched & searched & finally found KB933717...It is a hotfix, but after applying the hotfix, FTP worked successfully...Just thought I would give some closure to this issue. Call 800-936-4900 for hotfix.