Passive mode is somehing I always think about when having to deal with NAT’ed FTP servers. This article applies to IIS6 hosted on a Windows Server 2008 SP2.
Enable Direct Metabase Edit
Open IIS6 Microsoft Management Console (MMC), right-click on the Local Computer node, select Properties, and make sure the Enable Direct Metabase Edit checkbox is ticked.
Define Passive FTP Port Range
Open DOS command prompt as administrator and type the following:
C:\> \Inetpub\AdminScripts\adsutil.vbs set /MSFTPSVC/PassivePortRange "64000-65535" Microsoft (R) Windows Script Host Version 5.7 Copyright (C) Microsoft Corporation. All rights reserved. PassivePortRange : (STRING) "64000-65535"
Port range specified can be different.
Restart FTP Service and Verify
Stop FTP service:
C:\> net stop msftpsvc The FTP Publishing Service service is stopping. The FTP Publishing Service service was stopped successfully.
And start it back (the awesome way of restarting it, I know):
C:\> net start msftpsvc The FTP Publishing Service service is starting.. The FTP Publishing Service service was started successfully.
Verify the status to make sure it’s running:
C:\> sc query msftpsvc SERVICE_NAME: msftpsvc TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
Check Passive Port Range Manually
We can check the MetaBase.xml file to get the idea of the passive port range that’s in use:
C:\> type C:\Windows\System32\inetsrv\MetaBase.xml | findstr /L Passive PassivePortRange="64000-65535"
Habbits die hard, here’s a shorter version of the command we can use:
C:\> findstr /L Passive C:\Windows\System32\inetsrv\MetaBase.xml PassivePortRange="64000-65535"
Make sure the port range 64000-65535 is open on a firewall to allow passive mode connections.