• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1670
  • Last Modified:

Windows Server 2003 Passive FTP beyond (NAT/Firewall)


May I ask some help regarding configuration of Windows Server 2003 Passive FTP beyond (NAT/Firewall). My setup has only one public IP and the NAT/Firewall is enabled. DSL internet connection and port 21 is open in the firewall.

Internal network works fine but accessing the FTP outside also works only if you uncheck the "Use Passive FTP (for firewall and DSL modem compatibility)" option in the Internet Explorer.

Experts is there someting that I forgot to configure?

Thank you.

1 Solution
Hi marvelsoft,

Try opening port 20 on the firewall as well.  

Chris DentPowerShell DeveloperCommented:

Passive FTP only uses Port 21 for the initial connection, after that it shifts it onto a high-numbered port. Since you only have port 21 open it's very likely that there's no way for the traffic to get through. The default port range for this is really very large (just greater than 1023).

Fortunately things can be simplified considerably, if you're using IIS on there then it's possible to define the range of ports you want to use for FTP like using ADSUtil (Defaults to C:\InetPub\AdminScripts):

adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700"

Where 5500 to 5700 is the range you want to set.

Fully documented here:




Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now