Solved

Cannot connect to FTP while Windows Firewall is on

Posted on 2013-12-27
8
608 Views
Last Modified: 2014-01-20
We are setting up FTP for Server1 (Win 2008). Windows Firewall needs to be on, as other programs depend on it.

When testing:
When Windows Firewall is on, the connection times out; but when the Firewall is off it tries to connect.
We added all default FTP rules, as well as allow port 21-23 on TCP and UDP, but still times out when trying to connect.

Has anyone ran into this and a fix for it?
0
Comment
Question by:jjwolven
8 Comments
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 39742451
Creating port exceptions won't work if the server is in active mode. You can try passive mode or, better yet, create a program firewall exception. That way any ports the program uses will automatically be allowed when it's listening on them.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39742456
You need to add the FTP program as an application to the firewall rules.  FTP uses ports 21 and 20 plus 'ephemeral' ports above port 1024.  The ephemeral ports change with every connection and/or data transfer.  See if this page helps: http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7
0
 

Author Comment

by:jjwolven
ID: 39742483
So, if we are using Filezilla, we should setup an exception on the server's firewall for that program?

I thought that Filezilla was just making an FTP request to the server and that the filezilla program was not identifiable as the program being used.
What if I am just trying to FTP through Windows Explorer?
0
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39742495
Did you allow "Host Process for Windows Services"?

Windows key + r

Type: firewall.cpl

Click on "Allow a program or feature through Windows Firewall"

Make sure you have the appropriate boxes checked on "FTP Server"

Now check to see if you have "Host Process for Windows Services" allowed through the firewall.

If not click on "Allow another Program" ----> Browse to the C:\\Windows\System32 -------> svchost.exe ------> click "Open" -----> Click to "Add" "Host Process for Windows Services"

Now check the appropriate boxes and test the results.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39742841
You will need to provide the firewall exception for the FTP server program that is on the server.  Filezilla client from another computer generally doesn't have a problem unless the server side isn't working.
0
 
LVL 5

Expert Comment

by:chanderpal singh rathore
ID: 39748009
Hi,

Windows Firewall can prevent an FTP connection. You can adjust the setting to allow FTP connections by doing the following:

Go to your Control Panel by clicking on the Windows Orb and clicking on "Control Panel". Click on "Network and Internet".  Click on "Windows Firewall". Click on "Change Setting" and then click on the "Exceptions" tab. Under that tab, put a check mark next to the FTP port 43. This should allow connections to FTP sites. Click "OK" on the Firewall settings and close the other windows. I would then restart your computer and try to connect to the FTP site again.
0
 

Author Comment

by:jjwolven
ID: 39748911
The FTP server program is the built in FTP in Windows.

We have allowed ports 20, 21, 22, and 43 without success, though the FTP is internal.
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39749062
FTP also uses 'ephemeral' ports above 1024.  You can't just set a group of ports like that because FTP uses many others in it's normal operation.  You have to make the exception for the FTP Program, not just ports.  Did you read this article from Microsoft: http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

With the withdrawal of support for Windows Server 2003 this summer, many clients face the issue of moving away from their 2003 installs. There are a few options out there that many people/companies are selling. But the clients I have, haven't wanted…
Cloud file services can fill many different roles for your business. Often, the use of cloud file services begins with employees using consumer products, like Dropbox, to share files with customers and each other. While sync-and-share can be an effe…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now