Solved

Opening Ports in Server 2008 R2 without having Windows Firewall activated.

Posted on 2011-02-24
8
1,381 Views
Last Modified: 2012-05-11
Hello,

I am in desperate need of help on this. We use a product called Mediasite that requires FTP PASV ports 1025-65535 open.

Now I have made numerous Incoming and outgoing rules in the Windows Fire wall as well as our SONICwall PRO 2040... to allow this... but the Server seems to only have a set amoutn of ports open.
Please see attached.

Regardless if the Windows firewall is switch off and the access rules in Soinwall are disbaled.. I only see these ports..
Switch Firewall back on , Only These ports... Switch enable on the Sonicwall. access rules .. Only these Ports.



All I want is the server to allow me to open more ports... what do I have to do...
untitled.bmp
0
Comment
Question by:mgtaylor3
8 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34976801
Does running the Security Configuration Wizard help you?


http://technet.microsoft.com/en-us/library/cc771492%28WS.10%29.aspx
0
 

Expert Comment

by:Coryvmcs1
ID: 34976828
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 34976999
so, is FTP configured and you just need to change the ephemeral port range on the server?

Microsoft Windows

As of Windows Vista and Windows Server 2008, Windows now uses a large range (49152-65535) by default, according to Microsoft Knowledgebase Article 929851. That same article also shows how you can change the range if desired, but the default range is now sufficient for most servers.

For older Windows operating systems (Windows XP and older), Windows uses the traditional BSD range of 1024 through 4999 for its ephemeral port range.  Unfortunately it appears that you can only set the upper bound of the ephemeral port range.  Here is information excerpted from Microsoft Knowledgebase Article 196271:

    * Start Registry Editor (Regedt32.exe).
    * Locate the following key in the registry:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    * On the Edit menu, click Add Value, and then add the following registry value:

      Value Name: MaxUserPort Data Type: REG_DWORD Value: 65534 <for example>

      Valid Range: 5000-65534 (decimal) Default: 0x1388 (5000 decimal)

      Description: This parameter controls the maximum port number used when an application requests any available user port from the system. Normally, ephemeral (that is, short-lived) ports are allocated between the values of 1024 and 5000 inclusive.
    * Quit Registry Editor.

Note: There is another relevant KB article (812873) which claims to allow you to set an exclusion range, which could mean that you could exclude ports 1024-9999 (for example) to have the ephemeral port range be 10000-65534. However, we have not been able to get this to work (as of October 2004).

ref: http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 7

Assisted Solution

by:Ned Ramsay
Ned Ramsay earned 250 total points
ID: 34979654
Hi,
The NETSTAT command that you have run, does not show all ports that are available for connection.
It only shows ports that are ACTIVELY LOOKING for connections (listening) or currently in use.

Passive FTP works on port 21 initially (which you can see is listening on your screenshot), it then self assigns a port between it and the remote client (which will be from within that range). If the windows firewall is off then all ports are enabled anyway, meaning that the issue is with the way your FTP server/Client is configured.

Here is a quick link explaining how the two types work http://slacksite.com/other/ftp.html
0
 

Author Comment

by:mgtaylor3
ID: 34993121
Hi Guys, Thanks for the quick response, I;ll go through all and whatever fixes this damned issues I'll award the points..

0
 

Author Comment

by:mgtaylor3
ID: 34993172
Corymccs1: Hi  , No I've been through your process as that was the first port of call, excuse the pun... but to no avail..

I'm going through Digitap's reply at the moment as that seemed to be the nearest and probable answer to my issue, but the proof is in the pudding... will get back to you on that.
0
 

Author Comment

by:mgtaylor3
ID: 35011187
Hello all, Ok no joy on any of the solutions put forward as yet.

Feel happier having gone through these so far but unfrotunatly still no resolution.

I am now stripping the Sonicwall Pro of all Access rules to the Mediasite Web/FTp server and re-applying., basically just to re-eliminate this...

Will keep you posted. A share of points may be the answer.
0
 
LVL 7

Expert Comment

by:Ned Ramsay
ID: 35068190
Did you get it working mqtaylor3?
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question