Opening Ports in Server 2008 R2 without having Windows Firewall activated.

Hello,

I am in desperate need of help on this. We use a product called Mediasite that requires FTP PASV ports 1025-65535 open.

Now I have made numerous Incoming and outgoing rules in the Windows Fire wall as well as our SONICwall PRO 2040... to allow this... but the Server seems to only have a set amoutn of ports open.
Please see attached.

Regardless if the Windows firewall is switch off and the access rules in Soinwall are disbaled.. I only see these ports..
Switch Firewall back on , Only These ports... Switch enable on the Sonicwall. access rules .. Only these Ports.



All I want is the server to allow me to open more ports... what do I have to do...
untitled.bmp
mgtaylor3Asked:
Who is Participating?
 
digitapConnect With a Mentor Commented:
so, is FTP configured and you just need to change the ephemeral port range on the server?

Microsoft Windows

As of Windows Vista and Windows Server 2008, Windows now uses a large range (49152-65535) by default, according to Microsoft Knowledgebase Article 929851. That same article also shows how you can change the range if desired, but the default range is now sufficient for most servers.

For older Windows operating systems (Windows XP and older), Windows uses the traditional BSD range of 1024 through 4999 for its ephemeral port range.  Unfortunately it appears that you can only set the upper bound of the ephemeral port range.  Here is information excerpted from Microsoft Knowledgebase Article 196271:

    * Start Registry Editor (Regedt32.exe).
    * Locate the following key in the registry:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    * On the Edit menu, click Add Value, and then add the following registry value:

      Value Name: MaxUserPort Data Type: REG_DWORD Value: 65534 <for example>

      Valid Range: 5000-65534 (decimal) Default: 0x1388 (5000 decimal)

      Description: This parameter controls the maximum port number used when an application requests any available user port from the system. Normally, ephemeral (that is, short-lived) ports are allocated between the values of 1024 and 5000 inclusive.
    * Quit Registry Editor.

Note: There is another relevant KB article (812873) which claims to allow you to set an exclusion range, which could mean that you could exclude ports 1024-9999 (for example) to have the ephemeral port range be 10000-65534. However, we have not been able to get this to work (as of October 2004).

ref: http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
0
 
DonNetwork AdministratorCommented:
Does running the Security Configuration Wizard help you?


http://technet.microsoft.com/en-us/library/cc771492%28WS.10%29.aspx
0
 
Coryvmcs1Commented:
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Ned RamsayConnect With a Mentor Network Operations ManagerCommented:
Hi,
The NETSTAT command that you have run, does not show all ports that are available for connection.
It only shows ports that are ACTIVELY LOOKING for connections (listening) or currently in use.

Passive FTP works on port 21 initially (which you can see is listening on your screenshot), it then self assigns a port between it and the remote client (which will be from within that range). If the windows firewall is off then all ports are enabled anyway, meaning that the issue is with the way your FTP server/Client is configured.

Here is a quick link explaining how the two types work http://slacksite.com/other/ftp.html
0
 
mgtaylor3Author Commented:
Hi Guys, Thanks for the quick response, I;ll go through all and whatever fixes this damned issues I'll award the points..

0
 
mgtaylor3Author Commented:
Corymccs1: Hi  , No I've been through your process as that was the first port of call, excuse the pun... but to no avail..

I'm going through Digitap's reply at the moment as that seemed to be the nearest and probable answer to my issue, but the proof is in the pudding... will get back to you on that.
0
 
mgtaylor3Author Commented:
Hello all, Ok no joy on any of the solutions put forward as yet.

Feel happier having gone through these so far but unfrotunatly still no resolution.

I am now stripping the Sonicwall Pro of all Access rules to the Mediasite Web/FTp server and re-applying., basically just to re-eliminate this...

Will keep you posted. A share of points may be the answer.
0
 
Ned RamsayNetwork Operations ManagerCommented:
Did you get it working mqtaylor3?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.