Filezilla and secure ftp questions

I am trying to setup a simple secure ftp server so that we can transfer large files between a few customers.  I have a Windows XP machine running filezilla.  I have it setup for ftps, and we are able to transfer files with no problem.  However, I have it sitting directly on the internet, with no firewall.  I tried to enable the windows firewall, and I added port 990 and port 21 as exception ports, but then we could no longer transfer files with the firewall enabled.

My two questions are:

1)  I know that people are going to say how bad it is to have a Windows computer sitting on the internet without being behind a firewall, but what is an acceptable setup for a small time ftp computer like this?  Should I go out and buy a little Netgear type of firewall for $30 and just open up some ports to allow the ftp service?  Is the windows firewall sufficient?

2)  Once I get a firewall, (whether it be the windows firewall service or a hardware firewall), what do I need to do to enable filezilla to work properly behind a firewall?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1. I wold not trust only the windows firewall
2. also check the passive mode ports and open them

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
You should definitely put your ftp server behind a firewall. Once it's there, you simply open the ports you need on the firewall itself.
Don't put a windows pc on the internet.  It will be attacked.
Unless you keep it patched up with all MS and software patches as soon as they come out it will be taken over.

So step 1 - you need a firewall.  You need one that will allow you to forward the requests to a machine inside the firewall.  

Do you use this insternet connection for other things or is it JUST for that ftp box ?  I'm guessing it also does your internet / emal etc.  I'm guessing YES.

Step 2.  You need a DMZ.  This is where you split the network into 2.  There is a safe area where your workstations and servers live and their is a dangerous section called the DMZ where public facing servers live.  If someone took over one of these servers (which they will do) then they should not be able to jump from there to the safe area so it has to be firewalled again.

Does this sound too complex ?

What about buying shared hosting and installing an SFTP server on that (it probably already has it setup ready to go).  It will be outside your office so no attack path back in.  Both you and your external people just go to the web address and SFTP the files into and out of that box.
One point to note from experience in setting up secure FTP through a hardware firewall, FTPS can a really difficult because the control channel is encrypted, application inspection cannot monitor the control channel to dynamically open ports as required.

I have managed to get FTPeS working through this by opening up a range of data ports for the file transfers. SFTP will be easier to setup through a firewall as this is a subset of the SSH protocol. This will give command line access, so check the implementation carefully for security implications.
jbobstAuthor Commented:
Thanks for the answers!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
File Sharing Software

From novice to tech pro — start learning today.