I am trying to setup a simple secure ftp server so that we can transfer large files between a few customers. I have a Windows XP machine running filezilla. I have it setup for ftps, and we are able to transfer files with no problem. However, I have it sitting directly on the internet, with no firewall. I tried to enable the windows firewall, and I added port 990 and port 21 as exception ports, but then we could no longer transfer files with the firewall enabled.
My two questions are:
1) I know that people are going to say how bad it is to have a Windows computer sitting on the internet without being behind a firewall, but what is an acceptable setup for a small time ftp computer like this? Should I go out and buy a little Netgear type of firewall for $30 and just open up some ports to allow the ftp service? Is the windows firewall sufficient?
2) Once I get a firewall, (whether it be the windows firewall service or a hardware firewall), what do I need to do to enable filezilla to work properly behind a firewall?