Can't Connect to my Windows IIS 8 FTP Server outside of network?

Discussion in 'Computer Networking and Servers' started by finsfree, Dec 30, 2016.

  1. finsfree

    finsfree Member

    Messages:
    232
    I'm connected...sort of. For some reason I can't see my directory. I have posted the log file below.

    I've also used other FTP clients like WinSCP and I am getting the same error message "Retrieving directory listing...". By the way, I running my FTP server on IIS 8 Windows Server 2012.

    Thanks,

    Connecting to (My Public IP Address)
    Status: Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Status: Logged in
    Status: Retrieving directory listing...
    Command: PWD
    Response: 257 "/" is current directory.
    Command: TYPE I
    Response: 200 Type set to I.
    Command: PASV
    Response: 227 Entering Passive Mode (My Public IP Address)
    Command: LIST
    Response: 150 Opening BINARY mode data connection.
    Error: Connection timed out after 20 seconds of inactivity
    Error: Failed to retrieve directory listing
    Status: Disconnected from server
    Status: Connecting to (My Public IP Address)
    Status: Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Status: Logged in
    Status: Retrieving directory listing...
     
  2. Agent Smith

    Agent Smith Well-Known Member

    Messages:
    2,463
    Not really sure. Try this. In WinSCP under connection increase the timeout.
     
  3. beers

    beers Moderator Staff Member

    Messages:
    7,077
    What kind of PASV config do you have on the FTP server? We have a couple boxes at work that require a separate listening IP to be defined when we SNAT on our network, otherwise it gives wonky behavior like what you listed.

    You may be able to add an entry for your public IP.
     
  4. finsfree

    finsfree Member

    Messages:
    232
    Yeah, in the IIS settings I click on firewall and put in my public IP address and a range of ports (example 5000-6000). I have used FTP apps before that work great, but I'm trying to use Windows Server 2012 built in IIS 8 FTP and I'm running into all kinds of issues.

    Actually, what I read on the internet is that FTP is old and it was meant for local use only. Reading some more I found out with passive mode to retrieve data, or to even see the data in my case, it uses a different port then 21 (the one you used to connect in the first place).
     
  5. finsfree

    finsfree Member

    Messages:
    232
  6. beers

    beers Moderator Staff Member

    Messages:
    7,077
    I like how that example gives you a private address.

    Did you also forward 990? I haven't done too many FTPS setups, always SFTP. Might be easier in your case since it just leverages SSH
     
  7. finsfree

    finsfree Member

    Messages:
    232
    Yeah, that had me scratching my head a bit at first

    I think we are on to something there with port 990. I can't seem to open port 990 (SSL). Under the server's firewall is said it was enabled, but when I run "netstat -an" it doesn't show up as an open port. I then created a "new rule" and explicitly opened port 990 and it still won't show up as an open port running "netstat -an".

    Any Ideas?
     
  8. Cromewell

    Cromewell Administrator Staff Member

    Messages:
    15,033
    Does it work internally? That is, on your private ip address or just from the Server to itself via loopback?
     
  9. finsfree

    finsfree Member

    Messages:
    232
    Yes, it works internally. I can access the FTP server using Filezilla client on another workstation.

    Why can't I open port 990? That is the real question?
     
  10. Cromewell

    Cromewell Administrator Staff Member

    Messages:
    15,033
    OK. So your FTP SSL settings are probably OK then.
    Maybe try (from cmd as admin):
    netsh advfirewall firewall add rule name=”FTP Service” action=allow service=ftpsvc protocol=TCP dir=in
    netsh advfirewall set global StatefulFTP disable
     
  11. finsfree

    finsfree Member

    Messages:
    232
    Sorry man, still didn't work.

    Tried Using Total Commander (file manager) on my android to connect using cellular signal and I get a message, "Getting directory 227 Entering Passive Mode (My Public IP address) ///FTP/home". It's the passive mode that is not working.

    I did configure the passive mode on the IIS 8 Server 2012.

    Why is this so damn difficult???
     
  12. Cromewell

    Cromewell Administrator Staff Member

    Messages:
    15,033
    I think maybe we got fixated on port 990. Can you make sure your public firewall (or router) has the passive port range open/forwarded to the server?
     
    beers likes this.
  13. finsfree

    finsfree Member

    Messages:
    232
    I did do the port forwarding on the router. I also did "port range forwarding" (although I don't think this is the issue. I did it anyways).

    The picture shows my router (left) with the "port forward range". On the right is my IIS Server 2012 running as a VM.

    I know I did not show the "port forwarding" tab, but I know it works because I can RDP into the host machine using the public IP plus port 3389. RDP works every time.

    BTW, thanks for hanging in there with me:)
    Untitled.jpg
     
  14. Cromewell

    Cromewell Administrator Staff Member

    Messages:
    15,033
    The only other thing I can find, that I'm sure you've probably tried by now is restarting the FTP service after the Windows Firewall powershell stuff we tried a bit ago.

    Looking at packet captures from the client, server and firewall/router might shed some light on what's happening and maybe be able to point in the right direction.
     
    beers likes this.

Share This Page