In the details pane, double-click FTP Firewall Support.Įnter the range of port numbers that you want the FTP service to use. In the IIS 7.0 Manager, in the Connections pane, click the top node for your server. Configure the FTP service to only use a limited number of ports for passive mode FTP For more information, see the IIS documentation. Configuring support for SSL is beyond the scope of this topic. If you are using a different FTP service, then consult that product’s documentation for appropriate steps. The following procedure shows the steps for configuring the FTP service on Internet Information Services (IIS) version 7.0. To better secure the server, you can restrict the port range used by the FTP service, and then create a firewall rule that allows FTP traffic on only those allowed port numbers.Ĭonfigure the FTP service to only use a limited number of ports for passive mode FTPĬonfigure an inbound firewall rule to allow inbound FTP connections on only the allowed ports By default, the server uses an available port in the ephemeral range (1025 through 5000). The server responds with the TCP port number to which the client should connect to establish the data channel. Instead of using the PORT command, the client sends a PASV command on the command channel.
To avoid this issue, FTP also supports a “passive” operational mode in which the client initiates the data channel connection. However, if you use FTP over SSL to encrypt and secure the FTP traffic, then the firewall can no longer inspect the inbound connection requests from the server, and they are blocked.
#Passive ftp ports to open 65024 65535 windows
Windows Firewall with Advanced Security in Windows Vista and Windows Server 2008 support stateful FTP, which allows it match inbound connection requests on port 20 with previous outbound PORT commands from the client. A typical firewall running on the client sees this data channel connection request from the server as unsolicited and drops the packets, causing the file transfer to fail. The server then attempts to initiate a “data channel” connection back to the client on TCP port number 20. A file transfer is requested by the client by sending a PORT command to the server. A standard mode FTP client initiates a session to a server by opening a “command channel” connection to TCP port number 21. Using the File Transfer Protocol (FTP) service on a server behind a firewall creates a set of challenges because of the way FTP works. Applies To: Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Vista
0 kommentar(er)
