?
Solved

How can I get Windows Server 2008 Web Edition to open up additional ports?

Posted on 2009-12-22
5
Medium Priority
?
931 Views
Last Modified: 2013-12-02
Hi all,

I've got a dedicated server with 1&1 that currently runs Windows Server 2008 Web Edition. I'm having trouble getting the system to open up any ports outside of RDP, FTP, and HTTP. I've disabled the firewall on the server itself and added firewall rules allowing SSH traffic inbound on the 1&1 admin panel. After allowing all of that to apply, however, an nmap scan of the server doesn't show that port 22 is open and I'm not able to SSH into the server from an outside location. I can, however, SSH in from the server console itself.

Here's the netstat:

 Proto  Local Address          Foreign Address        State           Offload Sta

 TCP    0.0.0.0:21             0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:22             0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:4207           0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:49179          0.0.0.0:0              LISTENING       InHost
 TCP    0.0.0.0:49181          0.0.0.0:0              LISTENING       InHost

And here's the nmap scan:

nmap -sV MYHOST

Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-22 07:58 EST
Interesting ports on MYHOST:
Not shown: 997 filtered ports
PORT     STATE SERVICE       VERSION
21/tcp   open  ftp           FileZilla ftpd 0.9.31 beta
80/tcp   open  http          Microsoft IIS webserver 7.0
3389/tcp open  microsoft-rdp Microsoft Terminal Service
Service Info: OS: Windows

Additionally, I can't seem to get anything other than Active FTP sessions to work; passive doesn't seem to work properly using IIS7 FTP or Filezilla FTP Server. I'm currently attempting to use FreeSSHd daemon for the SFTP/SSH access but not able to connect to it.

Is there some other place that a firewall or filtering function may be occurring on this OS?
0
Comment
Question by:cpgtechsupport
  • 3
5 Comments
 
LVL 1

Author Comment

by:cpgtechsupport
ID: 26104389
Ok... Looks like it has something to do with the Windows Filtering Platform. When I disable the Base Filtering Engine service everything works fine (including passive ftp).
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 26113029
I have you tried using the Windows Firewall with Advanced Security snap-in?

or

netsh -c firewall
set portopening tcp <port #>
0
 
LVL 1

Author Comment

by:cpgtechsupport
ID: 26115186
Hi there,

Thank you for your response. I went into the Advanced Firewall configuration and set the default policy on all the profiles to be Allow. I've also enabled stateful packet filtering for the FTP ports and allowed FTP access through the Advanced Firewall snap-in. I also disabled the firewall using the Windows Control Panel but I've had the same issues.

I have used that command line option as well.

Thanks,
Ryan
0
 
LVL 1

Accepted Solution

by:
RussellA earned 2000 total points
ID: 26172476
Windows Server 2008 Web Edition has a packet filter security policy that blocks all ports by default.

Hit Start
Administrative Tools
Local Security Policy
Left click on IP Security Policies on Local Computer
Right click on Packet Filter in right pane and choose properties
Scroll down and you'll see a 'Block All' filter action near the bottom of the list, Edit, Remove or Uncheck as appropriate and hit OK.
0
 
LVL 1

Author Comment

by:cpgtechsupport
ID: 26172816
Thank you!

That appears to have fixed it!
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses
Course of the Month15 days, 3 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question