Firewall – How to configure Windows Firewall for FTP Server

firewallportwindows-firewall

What ports do I need to open for me to be able to access Windows FTP server (running on Server 2008) for both active and passive FTP? Opening 21 on it's own is not enough.

Best Answer

Depends on if you're using Active or Passive ftp. Here's the chart from this site which has a great explanation of the differences from a port perspective:

 Active FTP :
     command : client >1023 -> server 21
     data    : client >1023 <- server 20

 Passive FTP :
     command : client >1023 -> server 21
     data    : client >1023 -> server >1023

So:

Active FTP - the firewall must allow incoming connections on TCP/21 and outgoing connections on TCP>1023.
Passive FTP - the firewall must allow incoming connections on TCP/21 and TCP>1023

If you're going to use Passive ftp the best thing to do is to configure the ftp server to use a specific (limited) port range for the client to connect to for the data stream and then open that range on the firewall.

Best Answer

Related Solutions

FTP hangs on: 150 Opening ASCII mode data connection

Firewall – Windows Server 2003 Blocking Outgoing FTP Passive Mode

Related Topic