Agramont.net

Coding, Hosting, Software + Services....and other stuff
Welcome to Agramont.net Sign in | Join | Help
in Search
Home Blogs Forums Photos Downloads

Conrad Agramont's Blog

Enabling Passive Mode FTP with Windows 2003 and Windows Firewall

If you have a Windows 2003 Server that has the FTP Service and you’re using Windows Firewall to protect the server, Passive Mode will not function property for the FTP Clients.   I ran into this with a Virtual Server that we have hosted and I couldn’t find an option to enable it.  That’s because Passive and Active modes are always enabled.  What you have to do is open a set of ports for Passive mode to work through the firewall.  The standard FTP port (21) is actually the control port and in Passive Mode, the server controls what port the data will be transmitted between the server and client.  This is something the server tells the client and then the client tries to connect to it.

I was using Filezilla to connect to the FTP server and it connection (lots of successful commands, including the username and password), but it would stop at the List function.

So here’s a site that explains all that you need to do to make Passive FTP connection work: http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html

Here are some other helpful sites on the matter:

Published Jul 28 2006, 06:55 PM by agramont
Filed under: , , ,

Comments

 

paul tidmarsh said:

thanks for the link!
April 26, 2007 4:16 PM
 

JPTH said:

This is how to enable Windows 2003 Internal Firewall support passive FTP Assumed FTP port 21 is in the exception list In the exception: Add Program --> Browse --> Inetinfo.exe --> OK Open FTP client program, make sure FTP Client program is enabled for passive FTP. Start the connection to the Windows 2003 Internal Firewall with IIS FTP, you will be able to connect! To prove the passive FTP will be disabled if no Inetinfo.exe add in exception list, remove Inetinfor.exe from exception list, try to connect by passive FTP, your FTP program will be haning up why trying to establishing passive FTP connection. Hope it helps for whoever trying to find how to enable passive FTP support in W2K3 with IIS FTP on the Windows 2003 box Thanks, Jake
May 12, 2007 1:14 PM
 

zfowler said:

JPTH's suggestion did the trick.  If anyone knows if there are side effects of this, posting would be appreciated.

January 8, 2008 10:19 AM
 

Latex said:

JPTH,

Your solution works best and it's a lot shorter, question is wot are the security implications of this?

January 18, 2008 10:56 AM
 

polobruce said:

Yippie it's working now.... Thank You!

May 6, 2008 6:27 AM
 

robert said:

This doesn't help I dont have IIS

June 11, 2008 8:59 PM
 

Alex said:

Quite strange that there is virtually zero info about the risks of opening a large number of ports on a web server.

July 19, 2008 11:54 PM
 

d-seo said:

Running this batch script will fix the issue -

clintm.esria.com/.../configuring-windows-2003-firewall-and-iis-6-for-pasv-ftp-port-range

Warning - this takes a long time (it opens about 50 high range ports).

August 24, 2008 8:04 PM
 

Advanced Technology Blog said:

Thanks for the post. I was having a trouble with passive mode on my IIS ftp server and your links put me on right way.

October 11, 2008 1:39 PM

Leave a Comment

(required) 
(optional)
(required) 
Submit

About agramont

Conrad Agramont is a Partner Technology Specialist (PTS) focused on the Microsoft Server product lines in the Small and Mid-Market Solutions and Partners (SMSP) area for the Mid-Atlantic district. Conrad was previously the Senior Architect for a Microsoft Gold Partner where he was responsible for product planning, software architecture, and technical evangelism focusing on Service Providers around the world. Agramont was previously a Program Manager at Microsoft driving hosting scenarios and architecting components for the Microsoft Provisioning System, Service Provisioning component in Microsoft Solutions for Hosted Messaging & Collaboration, Hosted Exchange 2003, and Windows based Hosting 3.0. Conrad has over 8 years of experience in the Microsoft automation and hosting space, speaking at public events, and publishing articles in magazines. Conrad Agramont is also an active blogger focusing on many Microsoft Hosting related topics. His blog can be found at http://agramont.net/

This Blog

Syndication

Community Tools
Copyright Agramont.net, 2006. all rights reserved