I've been trying to set up a ftp server using IIS from windows 7. I've been succesfull on my local network but now I want to make it public. I portforwarded port 21, but now when I open up my ftp server externally (ftp://myexternalip) I do get prompted for a username and password, but when I log in I get this log:
Command: OPTS UTF8 ON
Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (192,168,178,14,57,219).
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: Connection timed out
Error: Failed to retrieve directory listing
Consequently I get to see none of the data/files in my ftp server.. I've got no clue what the issue is here nor how to solve this. I'm also certain that my firewall isn't blocking the ftp server, because I turned it off. Anyone with more knowledge that can enlighten me?
Best Answer
The FTP protocol is different to other protocols, in that it uses not only a dedicated port (21) over which the commands go (this is why you can login etc.) but uses spontaneous other ports for the transmission of the data payload.
This was not a problem, when FTP was designed and client and server typically saw themself directly (and firewalls were exotic), but NAT changes the game: The address your server sees (192.168.178.14) is not visible from the internet.
The only way to fix it is on the NAT: A connection tracking module there will actually intercept and manipulate the command channel to translate NATed addresses/ports into public addresses/ports. Most firewall appliances know how to do this.
In your firewall look for "trigger applications" or "FTP forwarding".