Solved

Windows 2000 TCP/IP Filtering blocks FTP!

Posted on 2004-09-08
5
322 Views
Last Modified: 2012-05-05
Hi,

I have enabled TCP/IP Filtering feature of Windows 2000. I did following setting:

1. Permit all UDP Traffic
2. Permit all IP Traffic
3. Permit TCP Traffic on port 80, 20, 21, 25, 110, 53, 443

With this setup, everything works nicely except FTP. The customers are unable to ftp to their accounts. The can ftp to port 21 but when ftp client connect to random data port after login then the socket error pops-up which is obviously because that random port number is a disallowed ftp port.

My qeustions is, how do I configure tcp/ip filtering to allow FTP also.

Thank you.
0
Comment
Question by:azizparacha
  • 4
5 Comments
 
LVL 15

Expert Comment

by:adamdrayer
Comment Utility
It seems your FTP server is setup in passive mode.  This requires the server to have random ports about 1024 open.  You need to change that to active mode to accomplish what you want:
http://slacksite.com/other/ftp.html
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 500 total points
Comment Utility
you can also change the passiveftp range on IIS like so:
http://support.microsoft.com/?id=555022

0
 
LVL 15

Expert Comment

by:adamdrayer
Comment Utility
some more info:
http://www.informit.com/articles/article.asp?p=101750&seqNum=8


It seems that this has to be set on the client side:

How to Change the Internet Explorer FTP Client Mode
------------------------------------------------------------------------------------
Start Internet Explorer.
On the Tools menu, click Internet Options.
Click the Advanced tab.
Under Browsing, click to clear the Enable folder view for FTP sites check box.
Click to select the Use Passive FTP (for firewall and DSL modem compatibility) check box.
Click OK.

and here:
http://www.informit.com/articles/article.asp?p=101750&seqNum=8
excerpt-
You can't configure IIS to switch off passive FTP port support, but in IIS 6 you can configure the port range used, which makes it easier to select a port range and configure your firewall service to pass through the passive FTP traffic.
0
 

Author Comment

by:azizparacha
Comment Utility
Great help adamdrayer. I have limited passive port range, opened the range in tcp/ip filtering and everything now works just great.. Thanks a lot :+)
0
 
LVL 15

Expert Comment

by:adamdrayer
Comment Utility
no problem.  thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This video discusses moving either the default database or any database to a new volume.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now