azizparacha
asked on
Windows 2000 TCP/IP Filtering blocks FTP!
Hi,
I have enabled TCP/IP Filtering feature of Windows 2000. I did following setting:
1. Permit all UDP Traffic
2. Permit all IP Traffic
3. Permit TCP Traffic on port 80, 20, 21, 25, 110, 53, 443
With this setup, everything works nicely except FTP. The customers are unable to ftp to their accounts. The can ftp to port 21 but when ftp client connect to random data port after login then the socket error pops-up which is obviously because that random port number is a disallowed ftp port.
My qeustions is, how do I configure tcp/ip filtering to allow FTP also.
Thank you.
I have enabled TCP/IP Filtering feature of Windows 2000. I did following setting:
1. Permit all UDP Traffic
2. Permit all IP Traffic
3. Permit TCP Traffic on port 80, 20, 21, 25, 110, 53, 443
With this setup, everything works nicely except FTP. The customers are unable to ftp to their accounts. The can ftp to port 21 but when ftp client connect to random data port after login then the socket error pops-up which is obviously because that random port number is a disallowed ftp port.
My qeustions is, how do I configure tcp/ip filtering to allow FTP also.
Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
some more info:
http://www.informit.com/articles/article.asp?p=101750&seqNum=8
It seems that this has to be set on the client side:
How to Change the Internet Explorer FTP Client Mode
-------------------------- ---------- ---------- ---------- ---------- ---------- --------
Start Internet Explorer.
On the Tools menu, click Internet Options.
Click the Advanced tab.
Under Browsing, click to clear the Enable folder view for FTP sites check box.
Click to select the Use Passive FTP (for firewall and DSL modem compatibility) check box.
Click OK.
and here:
http://www.informit.com/articles/article.asp?p=101750&seqNum=8
excerpt-
You can't configure IIS to switch off passive FTP port support, but in IIS 6 you can configure the port range used, which makes it easier to select a port range and configure your firewall service to pass through the passive FTP traffic.
http://www.informit.com/articles/article.asp?p=101750&seqNum=8
It seems that this has to be set on the client side:
How to Change the Internet Explorer FTP Client Mode
--------------------------
Start Internet Explorer.
On the Tools menu, click Internet Options.
Click the Advanced tab.
Under Browsing, click to clear the Enable folder view for FTP sites check box.
Click to select the Use Passive FTP (for firewall and DSL modem compatibility) check box.
Click OK.
and here:
http://www.informit.com/articles/article.asp?p=101750&seqNum=8
excerpt-
You can't configure IIS to switch off passive FTP port support, but in IIS 6 you can configure the port range used, which makes it easier to select a port range and configure your firewall service to pass through the passive FTP traffic.
ASKER
Great help adamdrayer. I have limited passive port range, opened the range in tcp/ip filtering and everything now works just great.. Thanks a lot :+)
no problem. thanks
http://slacksite.com/other/ftp.html