Passive FTP on Windows Server 2008 R2 using the IIS7 FTP-Server
- by ntor
Hello serverFault-community!
During the last few days I have been setting up a Windows Server 2008 R2 in a VMware. I installed the standard FTP-Server on it by using the Webserver (IIS)-role.
Everything works fine with accessing my FTP-Site with ftp://localhost in Firefox. I can also get access to it via the local IP of my Server. Actually everything works fine in my LAN.
But here's my problem:
I want to get access "from outside", using the external IP or a dyndns-URL. I have a LinkSys-Router in front of my Server, therefore I'm forwarding all the important ports.
If you may now think "this idiot has probably forgotten some ports", I must dissappoint you. It even works getting access to my Server-Website and messing around in some WebInterfaces.
The problem is my passive FTP (active works for me). I always get a timeout, when e.g. FileZilla waits for a response to the LIST-command. The one big thing I don't get, is, why my Server sends a response to the PASV-command, naming a port like 40918, even if I have restricted the data port range for my passive FTP ( in the IIS-Manager) to e.g. [5000-5009].
I simply don't want to open and forward all possible data ports!
And another thing is, I can't specify a static external IP-adress for my server, since I don't own any.
I hope I have explained my problem in a comprehensible way. If not, simply ask by posting a comment!
LG ntor
PS: I have already mainly tried following articles:
Out Of Band FTP 7 shows "Operation timed out"
How to Configure Windows Firewall for a Passive Mode FTP Server
ServerFault --- Passive ftp on Server 2008
--- EDIT: ---
There is one idea rising up in my mind:
When I use FileZilla to connect by passive mode I always get something like this:
227 Entering Passive Mode (192,168,1,102,160,86)
According to a Rhinosof-article FZ tries to connect on port "160*256+86 = 41046", although I have restricted the data ports (as mentioned above). Could this be caused by the router, that doesn't forward out-ports directly, but uses different ones?
(-- The IP-Adress given is the local one, since I'm not able to define a static external in the IIS-Mgr)