Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Windows Server 2016 - can't access FTP (21) from server - need help!
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Windows Server 2016 - can't access FTP (21) from server - need help!

Just installed Windows Server 2016 on my OVH server. Used 2012 R2 a year+ on the same server.
After the installation I just discovered that something blocks outgoing port 21. I use FileZilla server on the server and incoming FTP traffic is going as normal. But not outgoing, can't use FileZilla client to connect to anything, or use ftp:// in a web browser.

I have not done any changes to Windows Firewall.

What can be the issue? I have tried to add FileZilla client to the firewall (like you have to do with FileZilla server) but it did not help.

Comments

  • AlexanderMAlexanderM Member, Top Host, Host Rep

    did you try just opening the port in the firewall?

  • myhkenmyhken Member
    edited June 2017

    @AlexanderM said:
    did you try just opening the port in the firewall?

    Tried this rule, applied to all firewall profiles:

  • raindog308raindog308 Administrator, Veteran

    The first, best answer is: stop using FTP. It's ancient, it's insecure, it's not encrypted, and it was known to be a lousy protocol 20 years ago.

    Use sftp instead.

    However, if you must...welcome to the FTP firewall hell.

    i.e.: http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html

    Also:

    "Using the File Transfer Protocol (FTP) service on a server behind a firewall creates a set of challenges because of the way FTP works. A standard mode FTP client initiates a session to a server by opening a “command channel” connection to TCP port number 21. A file transfer is requested by the client by sending a PORT command to the server. The server then attempts to initiate a “data channel” connection back to the client on TCP port number 20."

    https://technet.microsoft.com/en-us/library/dd421710(v=ws.10).aspx

  • myhkenmyhken Member

    raindog308 said: The first, best answer is: stop using FTP. It's ancient, it's insecure, it's not encrypted, and it was known to be a lousy protocol 20 years ago.

    But I need to download some software to my server from a FTP server (that's not mine).

    Can't see why this Windows Server 2016 installation blocks FTP, when my Windows Server 2016 installation on my Hetzner and/or my Kimsufi servers do not block outgoing FTP.

  • myhkenmyhken Member
    edited June 2017

    Ahh...this must be a Hyper-V issue or something, this Server is running Hyper-V and hosts serveral VM's and I'm using some internal network for my TestLAB. Looking in ipconfig, I can see that the host is getting IP's from the internal network, look here:
    So how can I set that Windows should prefer the network card highlighted in red?

    Edit: It's the same on my Hetzner Win2016 server, the DNSlookup. It also points to 192.168.1.150 on the internal network. But FTP is working fine there.

  • myhkenmyhken Member
    edited June 2017

    Found the solution here...

    you must update the Metric of each interface in the order you want. Goto Control Panel > Network and Internet > Network Connections Right click the desired connection (Higher Priority Connection) Click Properties > Internet Protocol Version 4 Click Properties > Advanced Uncheck 'Automatic Metric' Enter 10 in 'Interface Metric' Click OK
    Source answers.microsoft.com

    Changing this, fixed the FTP issue right away. No need for any firewall rule.

  • On some version of Windows Server, I swear it was 2016, I was able to use a predefined "FTP" service firewall rule and just click enable, not sure if that's still a thing or not.

Sign In or Register to comment.