I have an application that runs as a service and contains an FTP client. It needs to connect to an FTP server that only supports Active FTP. When I attempt to get a list of files or download a file, Windows Firewall is dropping the incoming connection from the FTP server. (I don't believe we had this problem in Windows XP or Windows Vista.)
Active FTP is the protocol that requires the the server to open a connection to the client on a port that the client specified. (http://slacksite.com/other/ftp.html)
I know I could open up a large port range in Windows Firewall and force my FTP client to only use those ports, but I would have guessed that Windows Firewall would support Active FTP natively.
Is there some setting that needs to be made in order to have Windows Firewall automatically detect Active FTP and open up the necessary ports as needed? Can I change that setting programmatically?
Thanks.
Best Answer
Here's the thing: Whether in Active or Passive mode, the server always uses port 20 on it's side for the data connection and connects to the client on whatever port the client specified when it issued the FTP PORT command.
After looking at the Windows 7 firewall it looks like you can create a custom inbound rule that allows connections to any local port from a specific remote port (20) for a given protocol type (TCP). You can also specify the local and remote ip addresses that this rule applies to.
I have to admit that I've never monkeyed around with the Windows firewall but it looks to me like it might work for you.