Re: ftp throught windows 2003 firewall by Poutnik
Poutnik
Mon Apr 21 14:20:22 PDT 2008
In article <emjOdT8oIHA.3428@TK2MSFTNGP02.phx.gbl>, Mon, 21 Apr 2008
08:32:07 -0700 Jim says...
> I have a win 2003 SP2 server with IIS, FTP installed. I have unchecked the
> "Anonymous" authentication for FTP so users will be required to enter their
> id/pwd.
>
> This works fine without the firwall running. But as soon as I turn the
> firewall on, the user will be prompted for thier id/pwd and after a few
> seconds, it errors with:
>
> 425: Can't open data connection
>
> I have allowed exceptions on the firewall for ports 20 and 21.
>
> What other port(s) do I need to open?
>
> Thanks.
>
In both active and passive ftp modes you need incoming TCP port 21.
If clients are expected to enter active mode,
you need at server side allow outgoing TCP connections from any ( or
reserved range ) port to remote port 20 ( ftp data ).
Active mode is available only for those clients
with public IP or at least forwarded port 20.
In case of passive mode ( client is firewalled or behind NAT router )
you need to allow incoming TCP connection
from any remote port to any local port
( or better reserved range - most ftp server sw allows it )