Solved

Opening Ports in Server 2008 R2 without having Windows Firewall activated.

Posted on 2011-02-24
8
1,383 Views
Last Modified: 2012-05-11
Hello,

I am in desperate need of help on this. We use a product called Mediasite that requires FTP PASV ports 1025-65535 open.

Now I have made numerous Incoming and outgoing rules in the Windows Fire wall as well as our SONICwall PRO 2040... to allow this... but the Server seems to only have a set amoutn of ports open.
Please see attached.

Regardless if the Windows firewall is switch off and the access rules in Soinwall are disbaled.. I only see these ports..
Switch Firewall back on , Only These ports... Switch enable on the Sonicwall. access rules .. Only these Ports.



All I want is the server to allow me to open more ports... what do I have to do...
untitled.bmp
0
Comment
Question by:mgtaylor3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34976801
Does running the Security Configuration Wizard help you?


http://technet.microsoft.com/en-us/library/cc771492%28WS.10%29.aspx
0
 

Expert Comment

by:Coryvmcs1
ID: 34976828
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 34976999
so, is FTP configured and you just need to change the ephemeral port range on the server?

Microsoft Windows

As of Windows Vista and Windows Server 2008, Windows now uses a large range (49152-65535) by default, according to Microsoft Knowledgebase Article 929851. That same article also shows how you can change the range if desired, but the default range is now sufficient for most servers.

For older Windows operating systems (Windows XP and older), Windows uses the traditional BSD range of 1024 through 4999 for its ephemeral port range.  Unfortunately it appears that you can only set the upper bound of the ephemeral port range.  Here is information excerpted from Microsoft Knowledgebase Article 196271:

    * Start Registry Editor (Regedt32.exe).
    * Locate the following key in the registry:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    * On the Edit menu, click Add Value, and then add the following registry value:

      Value Name: MaxUserPort Data Type: REG_DWORD Value: 65534 <for example>

      Valid Range: 5000-65534 (decimal) Default: 0x1388 (5000 decimal)

      Description: This parameter controls the maximum port number used when an application requests any available user port from the system. Normally, ephemeral (that is, short-lived) ports are allocated between the values of 1024 and 5000 inclusive.
    * Quit Registry Editor.

Note: There is another relevant KB article (812873) which claims to allow you to set an exclusion range, which could mean that you could exclude ports 1024-9999 (for example) to have the ephemeral port range be 10000-65534. However, we have not been able to get this to work (as of October 2004).

ref: http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 7

Assisted Solution

by:Ned Ramsay
Ned Ramsay earned 250 total points
ID: 34979654
Hi,
The NETSTAT command that you have run, does not show all ports that are available for connection.
It only shows ports that are ACTIVELY LOOKING for connections (listening) or currently in use.

Passive FTP works on port 21 initially (which you can see is listening on your screenshot), it then self assigns a port between it and the remote client (which will be from within that range). If the windows firewall is off then all ports are enabled anyway, meaning that the issue is with the way your FTP server/Client is configured.

Here is a quick link explaining how the two types work http://slacksite.com/other/ftp.html
0
 

Author Comment

by:mgtaylor3
ID: 34993121
Hi Guys, Thanks for the quick response, I;ll go through all and whatever fixes this damned issues I'll award the points..

0
 

Author Comment

by:mgtaylor3
ID: 34993172
Corymccs1: Hi  , No I've been through your process as that was the first port of call, excuse the pun... but to no avail..

I'm going through Digitap's reply at the moment as that seemed to be the nearest and probable answer to my issue, but the proof is in the pudding... will get back to you on that.
0
 

Author Comment

by:mgtaylor3
ID: 35011187
Hello all, Ok no joy on any of the solutions put forward as yet.

Feel happier having gone through these so far but unfrotunatly still no resolution.

I am now stripping the Sonicwall Pro of all Access rules to the Mediasite Web/FTp server and re-applying., basically just to re-eliminate this...

Will keep you posted. A share of points may be the answer.
0
 
LVL 7

Expert Comment

by:Ned Ramsay
ID: 35068190
Did you get it working mqtaylor3?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question