Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 622
  • Last Modified:

Windows 2003 - tuning for internet activity especially FTP

I have some applications that use FTP to upload data to a windows 2003 server on the Internet (uses IIS6).

I am using the Indy 9 - idFTP component.

I am having frequent timeouts and some simple commands

idFTP.Connect(True);; // returns in a few moments
ifFTP.List(MyFileList,'*.xml',False); // get frequent timeouts here

I have a battlke with FTP services on this server, and while it could be the Indy components for whatever reason, what can I do to optimize my W2K3 server for internet use, especially FTP.

  • 2
  • 2
1 Solution
Hi he00273,

ms have a document that may help;en-us;816517&Product=winsvr2003

Hope This helps
Pete LongTechnical ConsultantCommented:
be aware of the active and passive modes of FTP :)

Passive and Active FTP

There are two types of FTP (File Transfer Protocol) these are Active and Passive

Active FTP

Pros (good for network administrators)
Cons (not so good for the client)

The FTP server will try and make a connection on a lot of high port numbers (these could well be blocked on the clients side Firewall)

Passive FTP

Pros (good for the client)
Cons (Not good for the network administrators)

The client makes the connection to the FTP server, and one will be a high port number that will almost certainly be blocked by the network firewall (server side)


To strike a happy medium, administrators can make their FTP servers available to many clients by supporting passive FTP; reserving a range of port numbers does this, in this way all other ports can be firewalled, thus decreasing the security risk

Luckily, there is somewhat of a compromise. Since administrators running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. Specifying a limited port range for the FTP server to use can minimize the exposure of high-level ports on the server. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously. See Appendix 1 for more information.

he00273Author Commented:
Thanks for the support so far, I have followed the tuning steps as per;en-us;816517&Product=winsvr2003

The problem still exists, I still get frequent timeouts and the
1. Server is not busy
2. Turning the W2K3 firewall off did not resolve the problem (so I turned it back on quick)
3. The clients reports 'connection lost'. The server system event log reports  client timeouts.
4. I have been told by the network administrators there is no network congestion and that there is plenty of spare bandwidth.

The upload always uses passive mode, the client can select between passive and active.

Do I have a dodgy OS install or a bad network card or something else?

he00273Author Commented:
From using a network packet analyser, it was found that the Checkpoint firewall was dropping some packets coming back in from the Interent server.

The Firewall administrator modified the rules and said to do all transfers in active not passive mode, so in making that change plus his firewall rule change, it appears to be working satisfactorily now.

As the active/passive feedback was the most correct PeteLong gets the points.
Pete LongTechnical ConsultantCommented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now