FTP active/passive

Last post 01-19-2010 4:43 AM by deepa. 3 replies.

Page 1 of 1 (4 items)
	Sort Posts: Previous Next

01-07-2010 4:54 AM

kixtart
Joined on 11-10-2008
Posts 7

FTP active/passive

Reply Contact

Hi,

A tip regarding Windows 2003 with the firewall on and the FTP:

Set the following exceptions:
FTP TCP port 21
FTP TCP port 22
C:\WINDOWS\system32\inetsrv\inetinfo.exe

DO NOT USE THE ADVANCED -> SETTING -> FTP SERVER

Now active and passive FTP transfers will work!!!

Usefull post?

Yes (50%)
No (50%)

Total Votes: 2

Filed under: FTP active passive

01-08-2010 1:14 AM In reply to

Rubal
Joined on 03-16-2006
India
Posts 838

Re: FTP active/passive

Reply Contact

I'ld not suggest to put that executable under windows firewall as that is not just used with FTP but other services like SMTP etc.

Rubal Jain // Email - Rubal @ Rubal [dot] Net

Windows Server Setup, Configuration, Troubleshooting, Basic Security & Hardening
DotNetPanel - Helm Control Panel Setup, Installation, Configuration, Troubleshooting

Authorised DNP Reseller. Get 20% Discount on all DNP Licenses.
Authorised SmarterTools, Declude, SimpleDNS (JHSoft), Gene6 FTP, Helicon, Kayako, Icewarp Merak, MailEnable, Deerfield Reseller.

DotNetPanel & SmarterTools Monthly Leased Licenses available.

DotNetPanel Professional Server setup includes installation of PHP, Perl, Python, ASP.Net Frameworks, SQL Express, MySQL, SmarterMail, Stats etc and complete integration with control panel just $199/server. Contact for further details.

01-09-2010 7:58 AM In reply to

Taylex
Joined on 01-26-2007
Tega Cay, SC
Posts 231

Re: FTP active/passive

Reply Contact

Rather than opening the whole works just set 21 and 22 as you describe and a slew of port numbers for passive use.

This is straight from the docs and works fine.

To add a range of ports to Windows Firewall from the Command Line

Click Start, click Run, type cmd, and then click OK.
Type in the following where the range is specified in ( ) and the name of the firewall entry is in " ".
FOR /L %I IN (5001,1,5201) DO netsh firewall add portopening TCP %I "Passive FTP"%I
Each port in the range will be added with an "OK" confirmation.

and on Windows 2008+ Open 22 and 23 as above and the use netsh as described below.

To configure Windows Firewall to allow non-secure FTP traffic, use the following steps:

Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.
To open port 21 on the firewall, type the following syntax then hit enter:
netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21
To enable stateful FTP filtering that will dynamically open ports for data connections, type the following syntax then hit enter:
netsh advfirewall set global StatefulFtp enable

To configure Windows Firewall to allow secure FTP over SSL (FTPS) traffic, use the following steps:

Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.
To configure the firewall to allow the FTP service to listen on all ports that it opens, type the following syntax then hit enter:
netsh advfirewall firewall add rule name="FTP for IIS7" service=ftpsvc action=allow protocol=TCP dir=in
To disable stateful FTP filtering so that Windows Firewall will not block FTP traffic, type the following syntax then hit enter:
netsh advfirewall set global StatefulFtp disable

01-19-2010 4:43 AM In reply to

deepa
Joined on 08-08-2009
Posts 19

Re: FTP active/passive

Reply Contact

on windows 2008 WF has following steps to allow Passive mode FTPm with FTP 7.5

http://technet.microsoft.com/en-us/library/dd421710(WS.10).aspx - How to Configure Windows Firewall for a Passive Mode FTP Server

Page 1 of 1 (4 items)