FTP on W2K setup problems

  • Thread starter Thread starter Ed Walters
  • Start date Start date
E

Ed Walters

I have set up an FTP server on a W2K server. The path locally is
c:\inetpub\.....

If I connect to the FTP site on a browser local to that machine using
the ftp://217.204.160.180
it connects immediately, it also works fine if I use ftp://localhost.

I have run the permissions wizard for the FTP site and chose the
default recommended settings.

From a remote machine if I use a command line, I get the following

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\ed>ftp
ftp> open 217.204.160.180 21
Connected to 217.204.160.180.
220 FTPServer Microsoft FTP Service (Version 5.0).
User (217.204.160.180:(none)): rob
331 Password required for rob.
Password:
230-You're connected to the FTP server
230 User rob logged in.
ftp> dir
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.

It gets this far and just hangs, from a browser I do not get as far as
logging in before it give me errors
as below

An error occur erred opening that FTP folder on the FTP server. Make
sure you have permission to access that folder

Details

200 Type set to A
227 Entering passive mode
425 Can't open data connection


Regards

Ed
 
FTP is subject to the machines NTFS permissions which overrides any
permissions specific to the FTP service.

First, get it off the C drive. If it gets hacked, that last place to whant
someone creating folders and uploading files is the C drive. Set it to a
different partition.

Second, recreate the FTP at its new location on another partition. It is
best to have a dedicated partition for FTP so it can always be reformated to
correct hacker damage without losing anything else. Create the site with
mostly default FTP settings until you are confident about what other
"non-default" settings will do and what they effect. Make sure the NTFS
permissions on the files/folders "agree" with what you expect the user
account logging in to be able to do. The NTFS permissions will be your
*primary* security defense.
 
Thanks for the info.
It was more to do with the setup of ISA than anything else, the
permissions were all done properly and the machine is only accessible
by one external IP address. Once I knew how to configure ISA server
for an FTP server it was all plain sailing.

Ed
 
Back
Top