Passive mode is somehing I always think about when having to deal with NAT’ed FTP servers. This article applies to IIS6 hosted on a Windows Server 2008 SP2.
Enable Direct Metabase Edit
Open IIS6 Microsoft Management Console (MMC), right-click on the Local Computer node, select Properties, and make sure the Enable Direct Metabase Edit checkbox is ticked.
Define Passive FTP Port Range
Open DOS command prompt as administrator and type the following:
C:\> \Inetpub\AdminScripts\adsutil.vbs set /MSFTPSVC/PassivePortRange "64000-65535" Microsoft (R) Windows Script Host Version 5.7 Copyright (C) Microsoft Corporation. All rights reserved. PassivePortRange : (STRING) "64000-65535"
Port range specified can be different.
Restart FTP Service and Verify
Stop FTP service:
C:\> net stop msftpsvc The FTP Publishing Service service is stopping. The FTP Publishing Service service was stopped successfully.
And start it back (the awesome way of restarting it, I know):
C:\> net start msftpsvc The FTP Publishing Service service is starting.. The FTP Publishing Service service was started successfully.
Verify the status to make sure it’s running:
C:\> sc query msftpsvc
SERVICE_NAME: msftpsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
Check Passive Port Range Manually
We can check the MetaBase.xml file to get the idea of the passive port range that’s in use:
C:\> type C:\Windows\System32\inetsrv\MetaBase.xml | findstr /L Passive PassivePortRange="64000-65535"
Habbits die hard, here’s a shorter version of the command we can use:
C:\> findstr /L Passive C:\Windows\System32\inetsrv\MetaBase.xml PassivePortRange="64000-65535"
Ending Note
Make sure the port range 64000-65535 is open on a firewall to allow passive mode connections.
Perfect! Well done Tomas..
I’m surprised people still use IIS6… Anyhow, I’m glad you found it helpful!