A
Arjan Gijsberts
I am using RRAS as a router for my small network. The same box is used as an
FTP server (IIS 6.0), for which I set the service in the NAT configuration
of the public internet connection. However, I am having difficulties when I
try to connect to the FTP server using passive FTP.
I traced the problem to the firewall, apparantly the FTP client can not
connect to the FTP server for a data connection ('227 Entering Passive Mode'
command). As far as I know, an internal part of the NAT proxy should open
the corresponding port on the server dynamically. It appears that this is
not done properly. Besides that, I really can't find a lot of information
regarding this functionality of RRAS.
Disabling the RRAS firewall on the network connection resolves the problem.
This is far from a permanent solution to me however. Another solution would
be to determine the range of ports used by IIS and open them correspondingly
in the RRAS firewall. This implies however that I need to script some of
these actions, since the RRAS firewall/services pane does not give me the
opportunity to open a range of ports at once.
I would like to know how I can debug this problem further or how I can
resolve it completely. Besides that I would like to have some more
information about this FTP functionality of the NAT proxy of RRAS in Server
2003.
Thanks in advance and greetings,
Arjan Gijsberts
FTP server (IIS 6.0), for which I set the service in the NAT configuration
of the public internet connection. However, I am having difficulties when I
try to connect to the FTP server using passive FTP.
I traced the problem to the firewall, apparantly the FTP client can not
connect to the FTP server for a data connection ('227 Entering Passive Mode'
command). As far as I know, an internal part of the NAT proxy should open
the corresponding port on the server dynamically. It appears that this is
not done properly. Besides that, I really can't find a lot of information
regarding this functionality of RRAS.
Disabling the RRAS firewall on the network connection resolves the problem.
This is far from a permanent solution to me however. Another solution would
be to determine the range of ports used by IIS and open them correspondingly
in the RRAS firewall. This implies however that I need to script some of
these actions, since the RRAS firewall/services pane does not give me the
opportunity to open a range of ports at once.
I would like to know how I can debug this problem further or how I can
resolve it completely. Besides that I would like to have some more
information about this FTP functionality of the NAT proxy of RRAS in Server
2003.
Thanks in advance and greetings,
Arjan Gijsberts