Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 733
  • Last Modified:

Cannot connect to FTP while Windows Firewall is on

We are setting up FTP for Server1 (Win 2008). Windows Firewall needs to be on, as other programs depend on it.

When testing:
When Windows Firewall is on, the connection times out; but when the Firewall is off it tries to connect.
We added all default FTP rules, as well as allow port 21-23 on TCP and UDP, but still times out when trying to connect.

Has anyone ran into this and a fix for it?
0
jjwolven
Asked:
jjwolven
1 Solution
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Creating port exceptions won't work if the server is in active mode. You can try passive mode or, better yet, create a program firewall exception. That way any ports the program uses will automatically be allowed when it's listening on them.
0
 
Dave BaldwinFixer of ProblemsCommented:
You need to add the FTP program as an application to the firewall rules.  FTP uses ports 21 and 20 plus 'ephemeral' ports above port 1024.  The ephemeral ports change with every connection and/or data transfer.  See if this page helps: http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7
0
 
jjwolvenAuthor Commented:
So, if we are using Filezilla, we should setup an exception on the server's firewall for that program?

I thought that Filezilla was just making an FTP request to the server and that the filezilla program was not identifiable as the program being used.
What if I am just trying to FTP through Windows Explorer?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
comfortjeaniusCommented:
Did you allow "Host Process for Windows Services"?

Windows key + r

Type: firewall.cpl

Click on "Allow a program or feature through Windows Firewall"

Make sure you have the appropriate boxes checked on "FTP Server"

Now check to see if you have "Host Process for Windows Services" allowed through the firewall.

If not click on "Allow another Program" ----> Browse to the C:\\Windows\System32 -------> svchost.exe ------> click "Open" -----> Click to "Add" "Host Process for Windows Services"

Now check the appropriate boxes and test the results.
0
 
Dave BaldwinFixer of ProblemsCommented:
You will need to provide the firewall exception for the FTP server program that is on the server.  Filezilla client from another computer generally doesn't have a problem unless the server side isn't working.
0
 
chanderpal singh rathoreMicrosoft Exchange EngineerCommented:
Hi,

Windows Firewall can prevent an FTP connection. You can adjust the setting to allow FTP connections by doing the following:

Go to your Control Panel by clicking on the Windows Orb and clicking on "Control Panel". Click on "Network and Internet".  Click on "Windows Firewall". Click on "Change Setting" and then click on the "Exceptions" tab. Under that tab, put a check mark next to the FTP port 43. This should allow connections to FTP sites. Click "OK" on the Firewall settings and close the other windows. I would then restart your computer and try to connect to the FTP site again.
0
 
jjwolvenAuthor Commented:
The FTP server program is the built in FTP in Windows.

We have allowed ports 20, 21, 22, and 43 without success, though the FTP is internal.
0
 
Dave BaldwinFixer of ProblemsCommented:
FTP also uses 'ephemeral' ports above 1024.  You can't just set a group of ports like that because FTP uses many others in it's normal operation.  You have to make the exception for the FTP Program, not just ports.  Did you read this article from Microsoft: http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now