Solved

Cannot connect to FTP while Windows Firewall is on

Posted on 2013-12-27
8
622 Views
Last Modified: 2014-01-20
We are setting up FTP for Server1 (Win 2008). Windows Firewall needs to be on, as other programs depend on it.

When testing:
When Windows Firewall is on, the connection times out; but when the Firewall is off it tries to connect.
We added all default FTP rules, as well as allow port 21-23 on TCP and UDP, but still times out when trying to connect.

Has anyone ran into this and a fix for it?
0
Comment
Question by:jjwolven
8 Comments
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 39742451
Creating port exceptions won't work if the server is in active mode. You can try passive mode or, better yet, create a program firewall exception. That way any ports the program uses will automatically be allowed when it's listening on them.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39742456
You need to add the FTP program as an application to the firewall rules.  FTP uses ports 21 and 20 plus 'ephemeral' ports above port 1024.  The ephemeral ports change with every connection and/or data transfer.  See if this page helps: http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7
0
 

Author Comment

by:jjwolven
ID: 39742483
So, if we are using Filezilla, we should setup an exception on the server's firewall for that program?

I thought that Filezilla was just making an FTP request to the server and that the filezilla program was not identifiable as the program being used.
What if I am just trying to FTP through Windows Explorer?
0
 
LVL 14

Expert Comment

by:comfortjeanius
ID: 39742495
Did you allow "Host Process for Windows Services"?

Windows key + r

Type: firewall.cpl

Click on "Allow a program or feature through Windows Firewall"

Make sure you have the appropriate boxes checked on "FTP Server"

Now check to see if you have "Host Process for Windows Services" allowed through the firewall.

If not click on "Allow another Program" ----> Browse to the C:\\Windows\System32 -------> svchost.exe ------> click "Open" -----> Click to "Add" "Host Process for Windows Services"

Now check the appropriate boxes and test the results.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39742841
You will need to provide the firewall exception for the FTP server program that is on the server.  Filezilla client from another computer generally doesn't have a problem unless the server side isn't working.
0
 
LVL 5

Expert Comment

by:chanderpal singh rathore
ID: 39748009
Hi,

Windows Firewall can prevent an FTP connection. You can adjust the setting to allow FTP connections by doing the following:

Go to your Control Panel by clicking on the Windows Orb and clicking on "Control Panel". Click on "Network and Internet".  Click on "Windows Firewall". Click on "Change Setting" and then click on the "Exceptions" tab. Under that tab, put a check mark next to the FTP port 43. This should allow connections to FTP sites. Click "OK" on the Firewall settings and close the other windows. I would then restart your computer and try to connect to the FTP site again.
0
 

Author Comment

by:jjwolven
ID: 39748911
The FTP server program is the built in FTP in Windows.

We have allowed ports 20, 21, 22, and 43 without success, though the FTP is internal.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39749062
FTP also uses 'ephemeral' ports above 1024.  You can't just set a group of ports like that because FTP uses many others in it's normal operation.  You have to make the exception for the FTP Program, not just ports.  Did you read this article from Microsoft: http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PCAnywhere 2 97
SSH over http/https 8 107
IIS Server infected with Ransomware - Postmortem investigation 12 133
Sweet32 Vulnerability in Microsoft IIS7.5 6 39
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now