I have an application using Wininet.dll for all its FTP operations.
OS is Windows Server 2003.
FTP mode is Active FTP.
Unfortunately the port that the FTP server listens on is non-standard (i.e. it's not 21).
This means that the Sonicwall firewall between me and the FTP server is not clever enough to automatically recognise Active FTP sessions on source port 20 and allow the data connection to connect back through.
I must explicitly list the inbound ports I wish to open so that the data connection from the FTP server can get back to the client application.
How do I control the range of ports that Wininet listens on for an active FTP connection – as opening all ports (or an unnecessarily large range) from this destination is not an option.
I'm sure this setting is buried in the registry somewhere – but google is not helping me find this.
Many thanks,
David.
Best Answer
Both ports 20 and 21 are FTP ports. 21 is the first port that initiates the connection. The actual xfer of the files is done on port 20. You can read more of it here. You might double check your sonicwall and see how it's setup, see if you have port 20 assigned to anything. Otherwise create a Group Rule for both ports 20 and 21, and use that Group rule for your NAT rather than just using port 21.