Firewall – IIS FTP Not Working Remotely Windows Server 2012 R2

azurefirewallftpiiswindows-server-2012-r2

We are attempting to duplicate our server in the Azure cloud. Both are Windows 2012 R2 servers. FTP works on the original server but not on the duplicate server. Additionally, the duplicate server supports localhost FTP access, but not remote access. Interestingly, it recognizes bad credentials with a 530, but good credentials lead to a "connection reset" page. We're using IIS to manage the server website.

I know what you're thinking. This smells of some firewall rule issue. And I've done a fair share of research into it, without avail. Specifically, this question on ServerFault seemed to address the issue directly, but the fix did not work.

The only other clue I can muster is that when attempting to connect via FileZilla, the connection is always aborted right after the command PASV. This has something to do with passive FTP, I believe, but proper firewall rules seem to be in place for that.

We are not using SSL. Am I missing something in IIS? What can I do to make FTP work remotely? Thanks in advance.

Best Answer

Passive FTP requires that the FTP server have ports opened to it from the external network. Azure VM's use NAT, and thus needs extra configuration in order to support passive FTP.

The (rough) checklist:

  • Set the external VIP in the IIS FTP manager
  • Set the port range to use (you might wanna show some moderation here - configuring thousands of ports are not necessary unless this is a very, very busy FTP server with lots of concurrent sessions)
  • Configuring the VM firewall to allow the FTP traffic (remember the custom port range you defined in the previous step)
  • Add the remote endpoints (the same port range as previous steps) in Azure to the VM so that the ports will be forwarded

Here is a blog post from Microsoft that guides you through it.

Related Topic