I want to run an FTP site on IIS on Windows Server 2012. I know I have to open port 21 but I read this on one of the AWS pages which suggests that I need to also open a bunch of ports in the upper range.
"If you are using the AWS web console, just select the "Custom…" option and then specify 21 as the "From Port" and the "To Port". Note, however, that FTP is a funky old protocol. In order to make it work, you will need to tell your FTP client to use passive mode and then you will need to open up a range of other ports on your instance (usually something very high in the public space like 65000-65535) and then tell your FTP server software to use that range. Basically, when an FTP client connects on port 21, they are immediately told to reconnect on one of the available ports and the rest of the session happens over that port number."
Isn't it dangerous to open so may ports? Am I right in assuming I also need to open all these ports on Windows Firewall as well?
Best Answer
Don't use FTP
FTP by itself is not secure. Passwords and data are transmitted in plain text. Also, due to the way it negotiates ports (explanation here), it can be difficult to set up a firewall or NAT router to work reliably with all clients.
Use SCP, SFTP or FTPS instead.
These more modern protocols allow easier firewall config, offer in-motion encryption, and are supported by many typical FTP clients anyway.