While the Windows 2008 Firewall will let you setup a firewall rule
for FTP access, it lacks the ability to allow to you specify which ports
can be opened for Passive FTP connections. The downside of this is that
since there are no Passive FTP ports opened, all Passive FTP
connections to the server will fail. This article will explain how to
allow the Firewall to allow Passive FTP access for any FTP server
software you choose to run on your server.
Allowing Passive Access
- Log onto your Windows 2008 Server.
- Open a command prompt by clicking "Start" then typing "cmd" in the run prompt. You also can click on "Start and navigate to "All Programs", "Accessories" and access the "Command Prompt" option there a well.
- At the "Command Prompt" make sure that port 21 is active. Type the following:
netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21 - At the "Command Prompt" enable the "Passive" FTP ports by typing the following:
netsh advfirewall set global StatefulFtp enable
This may take some time as it is entering in the port state for the "Passive" FTP access. - Once this has completed Windows returns "Ok" signifying success.
No comments:
Post a Comment