1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

NAT problem with IIS 6.0

Discussion in 'Networking Issues' started by iceman64b, Jan 17, 2007.

  1. iceman64b

    iceman64b LI Guru Member


    I run a RV042 router with a cable connexion. I have a IIS 6.0 server behind the router (W2K3) with FTP Service.

    All was running fine with the default port (21). For security reason, I have to change the port so I choose a number higher than 1023. Since that, my user which was behind a router (any mark) was unable to list their folder because the client (ftp.exe or gui client) return the following : Error 500 Invalid Port Command.

    The link with the router ? After some googling on the net, I found some article (Microsoft and others) that tell that the NAT translate of the router is the problem.

    Anybody have the same problem and what was your solution ? Is there a solution ? Some will tell me to use another ftp server, I will do it if I don't have the choice ...

    Any idea ?
  2. heidnerd

    heidnerd LI Guru Member

    ftp uses two ports... 21 & 22, one for commands and data, I assume you are also running IAS on the server... did you change rules for it also... and on your firewall? What to your logfiles say? And finally have you checked the MS knowledge base?
  3. iceman64b

    iceman64b LI Guru Member

    more infos

    I don't run IAS on the server. I don't have any software firewall and don't change rules in the router. I open (forward) 2 ports, one for command and the other one for data. But it doesn't work.

    The only thing I change is the port for another one than 21 and make the forwarding accordinly.

    But after that change, the only client which was able to connect without error are those who aren't behinf a router.
  4. HennieM

    HennieM Network Guru Member

    Try putting the FTP client into passive mode. This way, the client uses the server port in its ftp commands. The usual FTP way is that the client dictates the port, and your client is probably trying to use a port that is not open on your firewall/NAT device.

    With proper (Unix like) command line clients, just type:
    after a connection has been established.

    I don't know how an MS command line client can be put into passive mode.

    GUI clients usually has a "use passive FTP" option somewhere.
  5. iceman64b

    iceman64b LI Guru Member

    I try in passive mode and it doesn't work.

    Any idea ?
  6. HennieM

    HennieM Network Guru Member

    On my normal Linux box running kernel 2.4.20, I see a module ip_nat_ftp. Don't know what it is and how to use it, but maybe google around for that.

    In the old ipchains there was a module one could load to help with ftp/NAT - maybe the ip_nat_ftp does that with iptables. I assume the RVs use iptables for firewalling/NAT?

Share This Page