We help IT Professionals succeed at work.

I canot Use anyport for ftp other than Port 21

I have a windows 2008 server, I have 2 companies that they need to upload/ download data on my server.

I need to create two ftp servers, the one that have port 21, it works fine and no problem. the other ftp server, I need to put port number other than 21. for example I put 5075. but when I try to connect to it from out side, it fail to retrieve directory listing with the following error

Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (192,168,1,44,224,217).
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: Connection timed out
Error: Failed to retrieve directory listing

I tried to use many programs other than Filezilla, and also I changed the mode to Active, but Still the same problem.

If I try to connect internally with the same port number it will work fine.
on the firewall the same way how port 21 is opened the other port number is opened.

Thanks in Advance.
Watch Question

systechSenior Technical Lead

You need to set FTP port range, please read this article for step by step procedure

"Good Luck"
the FTP protocol uses 2 ports , one for transfer and other for control,
also you need to set the firewall in the server to accept inbound from the assigned ports

in general if you have different access/security policies for FTP you don't have to make 2 servers, and you can assign different security for each directory


In Passive Mode, the client requests that the server make a port available for a data channel and then the server responds and tells the client where to connect.  The server is giving the client a bad address.  Some FTP Server software allows you to configure an external address to be sent with the PASV response.  I don't know if your FTP Server software allows that, but thats the first thing I would look for.  I would look near the place where you specify the Passive Port Range.

Also, some firewalls can do this for you.  They do it by snooping the FTP control channel and replacing internal addresses with external addresses on the fly.  Then they do port forwarding from that external address back to the internal address.

Actually, before doing any of this I would test the client using Active Mode for the data channel.  In Active Mode the client tells the server which address to connect to and then the server initiates the outbound connection back to the client.  You might think "well the client's firewall will block that" and you might be right, but is an easy thing to try and it might work for you.