We help IT Professionals succeed at work.

Windows Server 2003 Passive FTP beyond (NAT/Firewall)

marvelsoft asked
Medium Priority
Last Modified: 2012-08-14

May I ask some help regarding configuration of Windows Server 2003 Passive FTP beyond (NAT/Firewall). My setup has only one public IP and the NAT/Firewall is enabled. DSL internet connection and port 21 is open in the firewall.

Internal network works fine but accessing the FTP outside also works only if you uncheck the "Use Passive FTP (for firewall and DSL modem compatibility)" option in the Internet Explorer.

Experts is there someting that I forgot to configure?

Thank you.

Watch Question

Hi marvelsoft,

Try opening port 20 on the firewall as well.  

PowerShell Developer
Top Expert 2010

Passive FTP only uses Port 21 for the initial connection, after that it shifts it onto a high-numbered port. Since you only have port 21 open it's very likely that there's no way for the traffic to get through. The default port range for this is really very large (just greater than 1023).

Fortunately things can be simplified considerably, if you're using IIS on there then it's possible to define the range of ports you want to use for FTP like using ADSUtil (Defaults to C:\InetPub\AdminScripts):

adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700"

Where 5500 to 5700 is the range you want to set.

Fully documented here:




Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.