2003 FTP with IIS

TheMSsForum.com: The Microsoft Software Forum

Guys,

I setup an FTP server inside of IIS. It works great on the network. I can
test by looking to the local server and try my accounts and everything is
great. I try it offsite and I get a error that says you may not have
permission to access these files. I have tried everything. I have rebuilt
the FTP several times. I have tried different FTP clients. I did find one
article that says something about log on locally but one of the accounts
that I am testing with is the domain admin and also in the administrators
group. I can see in the logs that an account login was attempted but
denied. I have set the router up to open the DMZ and proved that it is not
a firewall issue.

Next thing I did is VPN in and then go in remotely across the VPN and it
works great. Has anyone got any idea what is going on. Is it a log on
locally problem? If so how do I get past this. Thanks,

Brad Wilson
Top

Re: 2003 FTP with IIS by jeff

jeff
Mon Oct 18 15:49:32 CDT 2004

On Mon, 18 Oct 2004 15:50:09 -0400, "Brad Wilson"
<nctarheelfan@nospam.hotmail.com> wrote:

>Guys,
>
>I setup an FTP server inside of IIS. It works great on the network. I can
>test by looking to the local server and try my accounts and everything is
>great. I try it offsite and I get a error that says you may not have
>permission to access these files. I have tried everything. I have rebuilt
>the FTP several times. I have tried different FTP clients. I did find one
>article that says something about log on locally but one of the accounts
>that I am testing with is the domain admin and also in the administrators
>group. I can see in the logs that an account login was attempted but
>denied. I have set the router up to open the DMZ and proved that it is not
>a firewall issue.
>
>Next thing I did is VPN in and then go in remotely across the VPN and it
>works great. Has anyone got any idea what is going on. Is it a log on
>locally problem? If so how do I get past this. Thanks,

If it works across a VPN but not across the internet, then most likey
it's a firewall or routing issue.

Jeff
Top

Re: 2003 FTP with IIS by Brad

Brad
Mon Oct 18 17:00:43 CDT 2004

Well I have found out that the problem lies in IE6. I can ftp via the
command line but not via Internet explorer. What is up with that?>


Brad


"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:41812c3e.445439267@msnews.microsoft.com...
> On Mon, 18 Oct 2004 15:50:09 -0400, "Brad Wilson"
> <nctarheelfan@nospam.hotmail.com> wrote:
>
>>Guys,
>>
>>I setup an FTP server inside of IIS. It works great on the network. I
>>can
>>test by looking to the local server and try my accounts and everything is
>>great. I try it offsite and I get a error that says you may not have
>>permission to access these files. I have tried everything. I have
>>rebuilt
>>the FTP several times. I have tried different FTP clients. I did find
>>one
>>article that says something about log on locally but one of the accounts
>>that I am testing with is the domain admin and also in the administrators
>>group. I can see in the logs that an account login was attempted but
>>denied. I have set the router up to open the DMZ and proved that it is
>>not
>>a firewall issue.
>>
>>Next thing I did is VPN in and then go in remotely across the VPN and it
>>works great. Has anyone got any idea what is going on. Is it a log on
>>locally problem? If so how do I get past this. Thanks,
>
> If it works across a VPN but not across the internet, then most likey
> it's a firewall or routing issue.
>
> Jeff


Top

Re: 2003 FTP with IIS by Steve

Steve
Mon Oct 18 17:12:41 CDT 2004

If you have a firewall in front of this blocking port 20, check to see if
packets are being dropped. Not sure where I read but IE uses port 20 for
something.

steve


"Brad" <nctarheelfan@nospam.hotmail.com> wrote in message
news:ee%23mf2VtEHA.2668@TK2MSFTNGP12.phx.gbl...
> Well I have found out that the problem lies in IE6. I can ftp via the
> command line but not via Internet explorer. What is up with that?>
>
>
> Brad
>
>
> "Jeff Cochran" <jeff.nospam@zina.com> wrote in message
> news:41812c3e.445439267@msnews.microsoft.com...
>> On Mon, 18 Oct 2004 15:50:09 -0400, "Brad Wilson"
>> <nctarheelfan@nospam.hotmail.com> wrote:
>>
>>>Guys,
>>>
>>>I setup an FTP server inside of IIS. It works great on the network. I
>>>can
>>>test by looking to the local server and try my accounts and everything is
>>>great. I try it offsite and I get a error that says you may not have
>>>permission to access these files. I have tried everything. I have
>>>rebuilt
>>>the FTP several times. I have tried different FTP clients. I did find
>>>one
>>>article that says something about log on locally but one of the accounts
>>>that I am testing with is the domain admin and also in the administrators
>>>group. I can see in the logs that an account login was attempted but
>>>denied. I have set the router up to open the DMZ and proved that it is
>>>not
>>>a firewall issue.
>>>
>>>Next thing I did is VPN in and then go in remotely across the VPN and it
>>>works great. Has anyone got any idea what is going on. Is it a log on
>>>locally problem? If so how do I get past this. Thanks,
>>
>> If it works across a VPN but not across the internet, then most likey
>> it's a firewall or routing issue.
>>
>> Jeff
>
>


Top

Re: 2003 FTP with IIS by jeff

jeff
Mon Oct 18 20:49:26 CDT 2004

On Mon, 18 Oct 2004 18:00:43 -0400, "Brad"
<nctarheelfan@nospam.hotmail.com> wrote:

>Well I have found out that the problem lies in IE6. I can ftp via the
>command line but not via Internet explorer. What is up with that?

Nothing in IIS I'm afraid. But IE has a tough time with firewalls,
see:

How To Configure Internet Explorer to Use Both the FTP PORT Mode and
the FTP PASV Mode in the Windows Server 2003 Family:
http://support.microsoft.com/default.aspx?scid=kb;en-us;323446

Jeff


>"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
>news:41812c3e.445439267@msnews.microsoft.com...
>> On Mon, 18 Oct 2004 15:50:09 -0400, "Brad Wilson"
>> <nctarheelfan@nospam.hotmail.com> wrote:
>>
>>>Guys,
>>>
>>>I setup an FTP server inside of IIS. It works great on the network. I
>>>can
>>>test by looking to the local server and try my accounts and everything is
>>>great. I try it offsite and I get a error that says you may not have
>>>permission to access these files. I have tried everything. I have
>>>rebuilt
>>>the FTP several times. I have tried different FTP clients. I did find
>>>one
>>>article that says something about log on locally but one of the accounts
>>>that I am testing with is the domain admin and also in the administrators
>>>group. I can see in the logs that an account login was attempted but
>>>denied. I have set the router up to open the DMZ and proved that it is
>>>not
>>>a firewall issue.
>>>
>>>Next thing I did is VPN in and then go in remotely across the VPN and it
>>>works great. Has anyone got any idea what is going on. Is it a log on
>>>locally problem? If so how do I get past this. Thanks,
>>
>> If it works across a VPN but not across the internet, then most likey
>> it's a firewall or routing issue.
>>
>> Jeff
>

Top

Re: 2003 FTP with IIS by Alun

Alun
Tue Oct 19 10:52:13 CDT 2004

"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:41777240.463359165@msnews.microsoft.com...
> On Mon, 18 Oct 2004 18:00:43 -0400, "Brad"
> <nctarheelfan@nospam.hotmail.com> wrote:
>
>>Well I have found out that the problem lies in IE6. I can ftp via the
>>command line but not via Internet explorer. What is up with that?
>
> Nothing in IIS I'm afraid. But IE has a tough time with firewalls,
> see:

FTP in general has a tough time with firewalls - or perhaps I should say,
firewall administrators have a tough time with FTP, largely because there's
a lot of confusion about the range of ports used by FTP, and because FTP can
open connections in both directions.

I continually have ideas to pursue in avoiding this problem, but so far none
of them have panned out. We'll see what the future brings.

Alun.
~~~~


Top

Re: 2003 FTP with IIS by Paul

Paul
Tue Oct 19 15:34:41 CDT 2004

Alun,

Passive FTP is compatible with the Windows XP Service Pack 2 firewall.
However, the default in Windows XP is active FTP and installing Service Pack
2 preserves the setting. Therefore the Service Pack 2 firewall breaks FTP in
Internet Explorer by default.

Does the FTP command uses that setting?

However, the default for Windows Server 2003 in Internet Explorer is already
passive.

But either way, someone has to open a random port.

What are you suggested solutions? I would like to hear them.

Paul

"Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
news:%23UMczhhtEHA.2800@tk2msftngp13.phx.gbl...
> "Jeff Cochran" <jeff.nospam@zina.com> wrote in message
> news:41777240.463359165@msnews.microsoft.com...
> > On Mon, 18 Oct 2004 18:00:43 -0400, "Brad"
> > <nctarheelfan@nospam.hotmail.com> wrote:
> >
> >>Well I have found out that the problem lies in IE6. I can ftp via the
> >>command line but not via Internet explorer. What is up with that?
> >
> > Nothing in IIS I'm afraid. But IE has a tough time with firewalls,
> > see:
>
> FTP in general has a tough time with firewalls - or perhaps I should say,
> firewall administrators have a tough time with FTP, largely because
there's
> a lot of confusion about the range of ports used by FTP, and because FTP
can
> open connections in both directions.
>
> I continually have ideas to pursue in avoiding this problem, but so far
none
> of them have panned out. We'll see what the future brings.
>
> Alun.
> ~~~~
>
>


Top

Re: 2003 FTP with IIS by Alun

Alun
Tue Oct 19 16:28:18 CDT 2004

"Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote in
message news:%23e7PRshtEHA.3984@TK2MSFTNGP09.phx.gbl...
> Passive FTP is compatible with the Windows XP Service Pack 2 firewall.
> However, the default in Windows XP is active FTP and installing Service
> Pack
> 2 preserves the setting. Therefore the Service Pack 2 firewall breaks FTP
> in
> Internet Explorer by default.

This is by design on the firewall's part - after all, you'd hate to have all
those ports open for incoming traffic unless you actually used them, yes?
Secure by Default is one of the goals we're working hard on keeping to - and
that means that the firewall generally isn't opened up for everything that
could be running on the machine. It is the work of moments to tell the
firewall to allow Internet Explorer to open up whatever ports it likes, or
(more secure) to switch Internet Explorer into using PASV mode.

I can't comment on the defaults for Internet Explorer in different versions
of Windows XP - I don't have a fresh install handy to check right now.

> Does the FTP command uses that setting?

The command line ftp.exe tool only supports active mode FTP.

> But either way, someone has to open a random port.
>
> What are you suggested solutions? I would like to hear them.

My suggested solutions at present are not suitable for publication.

Alun.
~~~~



Top

Re: 2003 FTP with IIS by Paul

Paul
Wed Oct 20 11:18:19 CDT 2004

Alun,

I agree that the behaviour of the firewall is appropriate. I meant only to
document it for those who are wondering.

Perhaps the FTP command line tool should support PASV FTP. Command line FTP
is useful in debugging tricky FTP servers and available to a Telnet session,
and so I believe it warrants further development if appropriate and is not
just a "there for backwards compatibility only and obsolete" thing. I am not
sure if it would use the Internet Options setting or something else. Some
users probably percieve this as an Internet Explorer only setting and would
be puzzled by its used in the FTP command line tool, whereas others would
probably expect it to be system wide, especially those who use other
applications that implement FTP using WinInet. If it used something else, it
would probably be nice to go the same route as with Telnet in Windows 2000.
That is, implement commands to set the local options.

Keep up the good work!

Paul

"Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
news:eZ3gPKitEHA.1296@TK2MSFTNGP10.phx.gbl...
> "Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote in
> message news:%23e7PRshtEHA.3984@TK2MSFTNGP09.phx.gbl...
> > Passive FTP is compatible with the Windows XP Service Pack 2 firewall.
> > However, the default in Windows XP is active FTP and installing Service
> > Pack
> > 2 preserves the setting. Therefore the Service Pack 2 firewall breaks
FTP
> > in
> > Internet Explorer by default.
>
> This is by design on the firewall's part - after all, you'd hate to have
all
> those ports open for incoming traffic unless you actually used them, yes?
> Secure by Default is one of the goals we're working hard on keeping to -
and
> that means that the firewall generally isn't opened up for everything that
> could be running on the machine. It is the work of moments to tell the
> firewall to allow Internet Explorer to open up whatever ports it likes, or
> (more secure) to switch Internet Explorer into using PASV mode.
>
> I can't comment on the defaults for Internet Explorer in different
versions
> of Windows XP - I don't have a fresh install handy to check right now.
>
> > Does the FTP command uses that setting?
>
> The command line ftp.exe tool only supports active mode FTP.
>
> > But either way, someone has to open a random port.
> >
> > What are you suggested solutions? I would like to hear them.
>
> My suggested solutions at present are not suitable for publication.
>
> Alun.
> ~~~~
>
>
>


Top

Re: 2003 FTP with IIS by Bernard

Bernard
Wed Oct 20 23:47:50 CDT 2004

you can do this in command line ftp.exe

> quote pasv


--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/



"Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote in
message news:uVYqqBstEHA.2116@TK2MSFTNGP14.phx.gbl...
> Alun,
>
> I agree that the behaviour of the firewall is appropriate. I meant only to
> document it for those who are wondering.
>
> Perhaps the FTP command line tool should support PASV FTP. Command line
FTP
> is useful in debugging tricky FTP servers and available to a Telnet
session,
> and so I believe it warrants further development if appropriate and is not
> just a "there for backwards compatibility only and obsolete" thing. I am
not
> sure if it would use the Internet Options setting or something else. Some
> users probably percieve this as an Internet Explorer only setting and
would
> be puzzled by its used in the FTP command line tool, whereas others would
> probably expect it to be system wide, especially those who use other
> applications that implement FTP using WinInet. If it used something else,
it
> would probably be nice to go the same route as with Telnet in Windows
2000.
> That is, implement commands to set the local options.
>
> Keep up the good work!
>
> Paul
>
> "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
> news:eZ3gPKitEHA.1296@TK2MSFTNGP10.phx.gbl...
> > "Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote
in
> > message news:%23e7PRshtEHA.3984@TK2MSFTNGP09.phx.gbl...
> > > Passive FTP is compatible with the Windows XP Service Pack 2 firewall.
> > > However, the default in Windows XP is active FTP and installing
Service
> > > Pack
> > > 2 preserves the setting. Therefore the Service Pack 2 firewall breaks
> FTP
> > > in
> > > Internet Explorer by default.
> >
> > This is by design on the firewall's part - after all, you'd hate to have
> all
> > those ports open for incoming traffic unless you actually used them,
yes?
> > Secure by Default is one of the goals we're working hard on keeping to -
> and
> > that means that the firewall generally isn't opened up for everything
that
> > could be running on the machine. It is the work of moments to tell the
> > firewall to allow Internet Explorer to open up whatever ports it likes,
or
> > (more secure) to switch Internet Explorer into using PASV mode.
> >
> > I can't comment on the defaults for Internet Explorer in different
> versions
> > of Windows XP - I don't have a fresh install handy to check right now.
> >
> > > Does the FTP command uses that setting?
> >
> > The command line ftp.exe tool only supports active mode FTP.
> >
> > > But either way, someone has to open a random port.
> > >
> > > What are you suggested solutions? I would like to hear them.
> >
> > My suggested solutions at present are not suitable for publication.
> >
> > Alun.
> > ~~~~
> >
> >
> >
>
>


Top

Re: 2003 FTP with IIS by Alun

Alun
Thu Oct 21 10:28:28 CDT 2004

"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:eZZngkytEHA.904@TK2MSFTNGP11.phx.gbl...
> you can do this in command line ftp.exe
>
>> quote pasv

That's hardly useful. All it does is tell the server to open up a listening
socket. It doesn't tell the client to connect to that listening socket when
it makes its next transfer. Passive transfers are not supported in the
command-line FTP client - but there are numerous third-party clients that
are available which do support passive mode file transfers.

Alun.
~~~~


Top

Re: 2003 FTP with IIS by Bernard

Bernard
Thu Oct 21 21:30:32 CDT 2004

At least it does try to connect as passive mode and see if the socket can be
open, right ?

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/



"Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
news:#zKnqS4tEHA.2808@TK2MSFTNGP14.phx.gbl...
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:eZZngkytEHA.904@TK2MSFTNGP11.phx.gbl...
> > you can do this in command line ftp.exe
> >
> >> quote pasv
>
> That's hardly useful. All it does is tell the server to open up a
listening
> socket. It doesn't tell the client to connect to that listening socket
when
> it makes its next transfer. Passive transfers are not supported in the
> command-line FTP client - but there are numerous third-party clients that
> are available which do support passive mode file transfers.
>
> Alun.
> ~~~~
>
>


Top

Re: 2003 FTP with IIS by Paul

Paul
Fri Oct 22 08:26:36 CDT 2004

Bernard,

I agree with Alun. It's useless. What does it achieve?

Paul

"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:%23Lb4d89tEHA.3476@TK2MSFTNGP14.phx.gbl...
> At least it does try to connect as passive mode and see if the socket can
be
> open, right ?
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
> news:#zKnqS4tEHA.2808@TK2MSFTNGP14.phx.gbl...
> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> > news:eZZngkytEHA.904@TK2MSFTNGP11.phx.gbl...
> > > you can do this in command line ftp.exe
> > >
> > >> quote pasv
> >
> > That's hardly useful. All it does is tell the server to open up a
> listening
> > socket. It doesn't tell the client to connect to that listening socket
> when
> > it makes its next transfer. Passive transfers are not supported in the
> > command-line FTP client - but there are numerous third-party clients
that
> > are available which do support passive mode file transfers.
> >
> > Alun.
> > ~~~~
> >
> >
>
>


Top

Re: 2003 FTP with IIS by Alun

Alun
Fri Oct 22 11:15:03 CDT 2004

There are some uses to "quote pasv".

First, to reassure people that the server you're connected to really _does_
support PASV.

Second, to eyeball the numbers returned, to see if the intervening NAT is
correctly translating the IP address and port.

It's certainly not enough on its own, though, for you to be able to test
that PASV connectivity works.

You can use "quote PASV" and a telnet command in another window to
accomplish the test, if you're reasonably quick.

You enter the "quote PASV" line at the FTP client, and quickly take the last
two numbers quoted back, and turn them into a single port by multiplying the
first by 256 and adding on the second. Then you take the first four numbers
as the IP address, and supply that with the port as your arguments to
telnet. Once connected, you can enter "quote LIST" back at the FTP client
(don't use "dir", that will send a PORT command and blow away your PASV
connection), to get a file listing, demonstrating that all is well. [The
telnet will close immediately after the file listing is over.]

But that's really an awful lot of effort, compared to finding an FTP client
that you really like, and which will do PASV FTP transfers.

Alun.
~~~~
"Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote in
message news:%23Z0rCrDuEHA.4040@TK2MSFTNGP09.phx.gbl...
> Bernard,
>
> I agree with Alun. It's useless. What does it achieve?
>
> Paul
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:%23Lb4d89tEHA.3476@TK2MSFTNGP14.phx.gbl...
>> At least it does try to connect as passive mode and see if the socket can
> be
>> open, right ?
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.tryiis.com/
>> http://support.microsoft.com/
>> http://www.msmvps.com/bernard/
>>
>>
>>
>> "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
>> news:#zKnqS4tEHA.2808@TK2MSFTNGP14.phx.gbl...
>> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
>> > news:eZZngkytEHA.904@TK2MSFTNGP11.phx.gbl...
>> > > you can do this in command line ftp.exe
>> > >
>> > >> quote pasv
>> >
>> > That's hardly useful. All it does is tell the server to open up a
>> listening
>> > socket. It doesn't tell the client to connect to that listening socket
>> when
>> > it makes its next transfer. Passive transfers are not supported in the
>> > command-line FTP client - but there are numerous third-party clients
> that
>> > are available which do support passive mode file transfers.
>> >
>> > Alun.
>> > ~~~~
>> >
>> >
>>
>>
>
>


Top

Re: 2003 FTP with IIS by Paul

Paul
Fri Oct 22 11:30:11 CDT 2004

Alun,

My thought process was that, since the FTP standard would seem to imply that
the PASV command is required to be supported, there would be no point in
testing if it is supported, because it is :) But maybe it is not on some
servers?
ftp://ftp.rfc-editor.org/in-notes/std/std9.txt

It occured to me that I could use telnet in the way you describe, and I have
done so in the past. My thought process was that if you're going to all that
trouble, you may as well just use telnet for the whole thing or else use any
number of alternative FTP clients, as you say.

Anyway, I think we all agree that it does not have the effect of making the
FTP command line tool use passive FTP all by itself which is where this
thread started off, I think.

Paul

"Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
news:uvWXfLFuEHA.4040@TK2MSFTNGP09.phx.gbl...
> There are some uses to "quote pasv".
>
> First, to reassure people that the server you're connected to really
_does_
> support PASV.
>
> Second, to eyeball the numbers returned, to see if the intervening NAT is
> correctly translating the IP address and port.
>
> It's certainly not enough on its own, though, for you to be able to test
> that PASV connectivity works.
>
> You can use "quote PASV" and a telnet command in another window to
> accomplish the test, if you're reasonably quick.
>
> You enter the "quote PASV" line at the FTP client, and quickly take the
last
> two numbers quoted back, and turn them into a single port by multiplying
the
> first by 256 and adding on the second. Then you take the first four
numbers
> as the IP address, and supply that with the port as your arguments to
> telnet. Once connected, you can enter "quote LIST" back at the FTP client
> (don't use "dir", that will send a PORT command and blow away your PASV
> connection), to get a file listing, demonstrating that all is well. [The
> telnet will close immediately after the file listing is over.]
>
> But that's really an awful lot of effort, compared to finding an FTP
client
> that you really like, and which will do PASV FTP transfers.
>
> Alun.
> ~~~~
> "Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote in
> message news:%23Z0rCrDuEHA.4040@TK2MSFTNGP09.phx.gbl...
> > Bernard,
> >
> > I agree with Alun. It's useless. What does it achieve?
> >
> > Paul
> >
> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> > news:%23Lb4d89tEHA.3476@TK2MSFTNGP14.phx.gbl...
> >> At least it does try to connect as passive mode and see if the socket
can
> > be
> >> open, right ?
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.tryiis.com/
> >> http://support.microsoft.com/
> >> http://www.msmvps.com/bernard/
> >>
> >>
> >>
> >> "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
> >> news:#zKnqS4tEHA.2808@TK2MSFTNGP14.phx.gbl...
> >> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> >> > news:eZZngkytEHA.904@TK2MSFTNGP11.phx.gbl...
> >> > > you can do this in command line ftp.exe
> >> > >
> >> > >> quote pasv
> >> >
> >> > That's hardly useful. All it does is tell the server to open up a
> >> listening
> >> > socket. It doesn't tell the client to connect to that listening
socket
> >> when
> >> > it makes its next transfer. Passive transfers are not supported in
the
> >> > command-line FTP client - but there are numerous third-party clients
> > that
> >> > are available which do support passive mode file transfers.
> >> >
> >> > Alun.
> >> > ~~~~
> >> >
> >> >
> >>
> >>
> >
> >
>
>


Top

Re: 2003 FTP with IIS by Paul

Paul
Sat Oct 23 10:37:06 CDT 2004

Sorry, I was being dumb. Section 5.1 of RCF 959 makes it clear that PASV is
not required in a minimal implementation.

Paul

"Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote in
message news:eNPCoRFuEHA.224@TK2MSFTNGP15.phx.gbl...
> Alun,
>
> My thought process was that, since the FTP standard would seem to imply
that
> the PASV command is required to be supported, there would be no point in
> testing if it is supported, because it is :) But maybe it is not on some
> servers?
> ftp://ftp.rfc-editor.org/in-notes/std/std9.txt
>
> It occured to me that I could use telnet in the way you describe, and I
have
> done so in the past. My thought process was that if you're going to all
that
> trouble, you may as well just use telnet for the whole thing or else use
any
> number of alternative FTP clients, as you say.
>
> Anyway, I think we all agree that it does not have the effect of making
the
> FTP command line tool use passive FTP all by itself which is where this
> thread started off, I think.
>
> Paul
>
> "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
> news:uvWXfLFuEHA.4040@TK2MSFTNGP09.phx.gbl...
> > There are some uses to "quote pasv".
> >
> > First, to reassure people that the server you're connected to really
> _does_
> > support PASV.
> >
> > Second, to eyeball the numbers returned, to see if the intervening NAT
is
> > correctly translating the IP address and port.
> >
> > It's certainly not enough on its own, though, for you to be able to test
> > that PASV connectivity works.
> >
> > You can use "quote PASV" and a telnet command in another window to
> > accomplish the test, if you're reasonably quick.
> >
> > You enter the "quote PASV" line at the FTP client, and quickly take the
> last
> > two numbers quoted back, and turn them into a single port by multiplying
> the
> > first by 256 and adding on the second. Then you take the first four
> numbers
> > as the IP address, and supply that with the port as your arguments to
> > telnet. Once connected, you can enter "quote LIST" back at the FTP
client
> > (don't use "dir", that will send a PORT command and blow away your PASV
> > connection), to get a file listing, demonstrating that all is well.
[The
> > telnet will close immediately after the file listing is over.]
> >
> > But that's really an awful lot of effort, compared to finding an FTP
> client
> > that you really like, and which will do PASV FTP transfers.
> >
> > Alun.
> > ~~~~
> > "Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote
in
> > message news:%23Z0rCrDuEHA.4040@TK2MSFTNGP09.phx.gbl...
> > > Bernard,
> > >
> > > I agree with Alun. It's useless. What does it achieve?
> > >
> > > Paul
> > >
> > > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> > > news:%23Lb4d89tEHA.3476@TK2MSFTNGP14.phx.gbl...
> > >> At least it does try to connect as passive mode and see if the socket
> can
> > > be
> > >> open, right ?
> > >>
> > >> --
> > >> Regards,
> > >> Bernard Cheah
> > >> http://www.tryiis.com/
> > >> http://support.microsoft.com/
> > >> http://www.msmvps.com/bernard/
> > >>
> > >>
> > >>
> > >> "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
> > >> news:#zKnqS4tEHA.2808@TK2MSFTNGP14.phx.gbl...
> > >> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> > >> > news:eZZngkytEHA.904@TK2MSFTNGP11.phx.gbl...
> > >> > > you can do this in command line ftp.exe
> > >> > >
> > >> > >> quote pasv
> > >> >
> > >> > That's hardly useful. All it does is tell the server to open up a
> > >> listening
> > >> > socket. It doesn't tell the client to connect to that listening
> socket
> > >> when
> > >> > it makes its next transfer. Passive transfers are not supported in
> the
> > >> > command-line FTP client - but there are numerous third-party
clients
> > > that
> > >> > are available which do support passive mode file transfers.
> > >> >
> > >> > Alun.
> > >> > ~~~~
> > >> >
> > >> >
> > >>
> > >>
> > >
> > >
> >
> >
>
>


Top

Re: 2003 FTP with IIS by Bernard

Bernard
Sun Oct 24 22:32:25 CDT 2004

:) even it is MS may not follow it.
anyway, reason I brought is this command line tool allow you to do a quick
test (if you can't get hold of a decent ftp client app), just like what Alun
has pointed out.

--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/



"Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote in
message news:OWD7nYRuEHA.2972@TK2MSFTNGP10.phx.gbl...
> Sorry, I was being dumb. Section 5.1 of RCF 959 makes it clear that PASV
is
> not required in a minimal implementation.
>
> Paul
>
> "Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote in
> message news:eNPCoRFuEHA.224@TK2MSFTNGP15.phx.gbl...
> > Alun,
> >
> > My thought process was that, since the FTP standard would seem to imply
> that
> > the PASV command is required to be supported, there would be no point in
> > testing if it is supported, because it is :) But maybe it is not on some
> > servers?
> > ftp://ftp.rfc-editor.org/in-notes/std/std9.txt
> >
> > It occured to me that I could use telnet in the way you describe, and I
> have
> > done so in the past. My thought process was that if you're going to all
> that
> > trouble, you may as well just use telnet for the whole thing or else use
> any
> > number of alternative FTP clients, as you say.
> >
> > Anyway, I think we all agree that it does not have the effect of making
> the
> > FTP command line tool use passive FTP all by itself which is where this
> > thread started off, I think.
> >
> > Paul
> >
> > "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
> > news:uvWXfLFuEHA.4040@TK2MSFTNGP09.phx.gbl...
> > > There are some uses to "quote pasv".
> > >
> > > First, to reassure people that the server you're connected to really
> > _does_
> > > support PASV.
> > >
> > > Second, to eyeball the numbers returned, to see if the intervening NAT
> is
> > > correctly translating the IP address and port.
> > >
> > > It's certainly not enough on its own, though, for you to be able to
test
> > > that PASV connectivity works.
> > >
> > > You can use "quote PASV" and a telnet command in another window to
> > > accomplish the test, if you're reasonably quick.
> > >
> > > You enter the "quote PASV" line at the FTP client, and quickly take
the
> > last
> > > two numbers quoted back, and turn them into a single port by
multiplying
> > the
> > > first by 256 and adding on the second. Then you take the first four
> > numbers
> > > as the IP address, and supply that with the port as your arguments to
> > > telnet. Once connected, you can enter "quote LIST" back at the FTP
> client
> > > (don't use "dir", that will send a PORT command and blow away your
PASV
> > > connection), to get a file listing, demonstrating that all is well.
> [The
> > > telnet will close immediately after the file listing is over.]
> > >
> > > But that's really an awful lot of effort, compared to finding an FTP
> > client
> > > that you really like, and which will do PASV FTP transfers.
> > >
> > > Alun.
> > > ~~~~
> > > "Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com>
wrote
> in
> > > message news:%23Z0rCrDuEHA.4040@TK2MSFTNGP09.phx.gbl...
> > > > Bernard,
> > > >
> > > > I agree with Alun. It's useless. What does it achieve?
> > > >
> > > > Paul
> > > >
> > > > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> > > > news:%23Lb4d89tEHA.3476@TK2MSFTNGP14.phx.gbl...
> > > >> At least it does try to connect as passive mode and see if the
socket
> > can
> > > > be
> > > >> open, right ?
> > > >>
> > > >> --
> > > >> Regards,
> > > >> Bernard Cheah
> > > >> http://www.tryiis.com/
> > > >> http://support.microsoft.com/
> > > >> http://www.msmvps.com/bernard/
> > > >>
> > > >>
> > > >>
> > > >> "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
> > > >> news:#zKnqS4tEHA.2808@TK2MSFTNGP14.phx.gbl...
> > > >> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> > > >> > news:eZZngkytEHA.904@TK2MSFTNGP11.phx.gbl...
> > > >> > > you can do this in command line ftp.exe
> > > >> > >
> > > >> > >> quote pasv
> > > >> >
> > > >> > That's hardly useful. All it does is tell the server to open up
a
> > > >> listening
> > > >> > socket. It doesn't tell the client to connect to that listening
> > socket
> > > >> when
> > > >> > it makes its next transfer. Passive transfers are not supported
in
> > the
> > > >> > command-line FTP client - but there are numerous third-party
> clients
> > > > that
> > > >> > are available which do support passive mode file transfers.
> > > >> >
> > > >> > Alun.
> > > >> > ~~~~
> > > >> >
> > > >> >
> > > >>
> > > >>
> > > >
> > > >
> > >
> > >
> >
> >
>
>


Top

Re: 2003 FTP with IIS by Alun

Alun
Sun Oct 24 22:43:42 CDT 2004

Thanks for noting that - I hadn't yet gotten around to responding, or doing
the research, and so I was thinking to myself "damn, I can't believe I
forgot that..." - thank you for pointing out that I didn't. :-)

Of course, you do have a point in noting that there is a good chance that
any particular implementation might not choose to support even 'mandatory'
features - what was absolutely necessary only a few years ago, is now
completely outdated. You'll be hard-pressed, for instance, to find block or
compressed mode in an FTP implementation. There isn't a need for those
features, and they are relatively flakey when you do try them.

Alun.
~~~~

"Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote in
message news:OWD7nYRuEHA.2972@TK2MSFTNGP10.phx.gbl...
> Sorry, I was being dumb. Section 5.1 of RCF 959 makes it clear that PASV
> is
> not required in a minimal implementation.
>
> Paul
>
> "Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote in
> message news:eNPCoRFuEHA.224@TK2MSFTNGP15.phx.gbl...
>> Alun,
>>
>> My thought process was that, since the FTP standard would seem to imply
> that
>> the PASV command is required to be supported, there would be no point in
>> testing if it is supported, because it is :) But maybe it is not on some
>> servers?
>> ftp://ftp.rfc-editor.org/in-notes/std/std9.txt
>>
>> It occured to me that I could use telnet in the way you describe, and I
> have
>> done so in the past. My thought process was that if you're going to all
> that
>> trouble, you may as well just use telnet for the whole thing or else use
> any
>> number of alternative FTP clients, as you say.
>>
>> Anyway, I think we all agree that it does not have the effect of making
> the
>> FTP command line tool use passive FTP all by itself which is where this
>> thread started off, I think.
>>
>> Paul
>>
>> "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
>> news:uvWXfLFuEHA.4040@TK2MSFTNGP09.phx.gbl...
>> > There are some uses to "quote pasv".
>> >
>> > First, to reassure people that the server you're connected to really
>> _does_
>> > support PASV.
>> >
>> > Second, to eyeball the numbers returned, to see if the intervening NAT
> is
>> > correctly translating the IP address and port.
>> >
>> > It's certainly not enough on its own, though, for you to be able to
>> > test
>> > that PASV connectivity works.
>> >
>> > You can use "quote PASV" and a telnet command in another window to
>> > accomplish the test, if you're reasonably quick.
>> >
>> > You enter the "quote PASV" line at the FTP client, and quickly take the
>> last
>> > two numbers quoted back, and turn them into a single port by
>> > multiplying
>> the
>> > first by 256 and adding on the second. Then you take the first four
>> numbers
>> > as the IP address, and supply that with the port as your arguments to
>> > telnet. Once connected, you can enter "quote LIST" back at the FTP
> client
>> > (don't use "dir", that will send a PORT command and blow away your PASV
>> > connection), to get a file listing, demonstrating that all is well.
> [The
>> > telnet will close immediately after the file listing is over.]
>> >
>> > But that's really an awful lot of effort, compared to finding an FTP
>> client
>> > that you really like, and which will do PASV FTP transfers.
>> >
>> > Alun.
>> > ~~~~
>> > "Paul Baker [MVP, Windows - SDK]" <paulb@online.rochester.rr.com> wrote
> in
>> > message news:%23Z0rCrDuEHA.4040@TK2MSFTNGP09.phx.gbl...
>> > > Bernard,
>> > >
>> > > I agree with Alun. It's useless. What does it achieve?
>> > >
>> > > Paul
>> > >
>> > > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
>> > > news:%23Lb4d89tEHA.3476@TK2MSFTNGP14.phx.gbl...
>> > >> At least it does try to connect as passive mode and see if the
>> > >> socket
>> can
>> > > be
>> > >> open, right ?
>> > >>
>> > >> --
>> > >> Regards,
>> > >> Bernard Cheah
>> > >> http://www.tryiis.com/
>> > >> http://support.microsoft.com/
>> > >> http://www.msmvps.com/bernard/
>> > >>
>> > >>
>> > >>
>> > >> "Alun Jones [MSFT]" <alunj@online.microsoft.com> wrote in message
>> > >> news:#zKnqS4tEHA.2808@TK2MSFTNGP14.phx.gbl...
>> > >> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
>> > >> > news:eZZngkytEHA.904@TK2MSFTNGP11.phx.gbl...
>> > >> > > you can do this in command line ftp.exe
>> > >> > >
>> > >> > >> quote pasv
>> > >> >
>> > >> > That's hardly useful. All it does is tell the server to open up a
>> > >> listening
>> > >> > socket. It doesn't tell the client to connect to that listening
>> socket
>> > >> when
>> > >> > it makes its next transfer. Passive transfers are not supported
>> > >> > in
>> the
>> > >> > command-line FTP client - but there are numerous third-party
> clients
>> > > that
>> > >> > are available which do support passive mode file transfers.
>> > >> >
>> > >> > Alun.
>> > >> > ~~~~
>> > >> >
>> > >> >
>> > >>
>> > >>
>> > >
>> > >
>> >
>> >
>>
>>
>
>


Top