It's going to depend on how the vpn tunnel is configured as well. If the firewall where the ftp server sits senses an internal connection remote or otherwise, it will have problems making the handshake. On Apr 23, 2014 3:56 AM, "Melvin Backus" <[email protected]> wrote:
> You might be able to address that by setting up a route on the remote FW > to force that specific IP traffic out over the Internet instead of through > the tunnel. It depends on the FW and what it’s specific capabilities are. > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *J- P > *Sent:* Tuesday, April 22, 2014 7:36 PM > *To:* [email protected] > *Subject:* RE: [NTSysADM] iis7 Enter PASS command-Solvd > > > > So it turned out that the firewall was accepting the ftp command despite > having remote management disabled, I guess that even using the external > address the firewall was still considering it an internal connection. > > On a separate but related note, I still had to close the tunnel between > sites for the FTP to work using the external address. > > thanks for the guidance, > > Jean-Paul Natola > > > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: RE: [NTSysADM] iis7 Enter PASS command > Date: Tue, 22 Apr 2014 16:53:50 +0000 > > Even assuming resume works, if you haven’t already done so I’d strongly > recommend you scan your network for FTP servers, as it certainly appears > that you’ve got more than one. That could also be the result of > conditional headers based on some client response, etc., but I think I’d > want to confirm that rather than assume it. > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *J- P > *Sent:* Tuesday, April 22, 2014 12:13 PM > *To:* [email protected] > *Subject:* RE: [NTSysADM] iis7 Enter PASS command > > > > Got disconnected twice since this morning and was able to "resume" > > (hope I don't jinx myself) > Jean-Paul Natola > > > > ------------------------------ > > Date: Tue, 22 Apr 2014 12:01:29 -0400 > Subject: Re: [NTSysADM] iis7 Enter PASS command > From: [email protected] > To: [email protected] > > That has to be supported by the server too, IIRC. And I don't think the > IIS FTP server does. I could be wrong... > > > > On Tue, Apr 22, 2014 at 11:58 AM, J- P <[email protected]> wrote: > > I've got it running now using the internal address (till the tunnel drops) > but at least the ftp app allows "resume upload" > > > Jean-Paul Natola > > > > ------------------------------ > > Date: Tue, 22 Apr 2014 08:51:23 -0700 > > > Subject: RE: [NTSysADM] iis7 Enter PASS command > > From: [email protected] > To: [email protected] > > > > Then your tunnel address on the remote site better be different from the > NAT or PAT address on the remote side or you'll still confuse the firewall > routing rules. > > On Apr 22, 2014 8:17 AM, "J- P" <[email protected]> wrote: > > I have a field office connected VPN'd via a satlink, and the tunnel drops > a few times a day. > They have a 1.5 GB file I need to get to HQ , that is why I wanted to > setup FTP using the external IP because using the internal one will > disconnect every time that tunnel drops. > > > > > Jean-Paul Natola > > > > ------------------------------ > > Date: Tue, 22 Apr 2014 10:28:38 -0400 > Subject: Re: [NTSysADM] iis7 Enter PASS command > From: [email protected] > To: [email protected] > > "Both these test were performed from the same box " > > > > I missed that the first time around. What are you trying to accomplish > here? > > > > On Tue, Apr 22, 2014 at 10:25 AM, Don Ely <[email protected]> wrote: > > Most firewalls aren't a fan of you trying to access an external service > that lives on your internal network by default. Confusion ensues because it > already knows you're on the internal network. You'd have to get creative > with your NAT rules and it just isn't worth it. > > On Apr 22, 2014 7:05 AM, "J- P" <[email protected]> wrote: > > Hammer > Nail > head LOL > you got it right on the head, but I guess the question is WHY isn't it > working ? > > any thoughts, would be appreciated > > > > > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: RE: [NTSysADM] iis7 Enter PASS command > Date: Mon, 21 Apr 2014 23:46:48 +0000 > > Did you try from an outside, non-related network to see if you get the > same error? > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *J- P > *Sent:* Monday, April 21, 2014 2:28 PM > *To:* [email protected] > *Subject:* [NTSysADM] iis7 Enter PASS command > > > > Hi all, > > I must be losing it , but I cant figure out why my ftp server (2008r2) is > asking for this PASS command when using the external IP/URL- > > It doesnt seem to be the firewall as I am getting promted for credentials, > > Here's internal IP connection > > ftp> open > To 192.168.1.4 > Connected to 192.168.1.4. > 220 Microsoft FTP Service > User (192.168.1.4:(none)): test_user > 331 Password required for test_user. > Password: > 230 User logged in. > ftp> > > Here's external IP > > ftp> open > To 71.X.X.X > Connected to 71.X.X.X. > 220 FTP version 1.0 > User (71.X.X.X.:(none)): test_user > 331 Enter PASS command > Password: > 550 Permission denied > Login failed. > > > Both these test were performed from the same box > > Thanks > > > > >
