Re: IIS 5.1 Passive-Mode FTP Behind Linksys Router

From: Alun Jones [MS MVP] (alun_at_texis.invalid)
Date: 04/24/04

  • Next message: Jeff Cochran: "Re: IIS 5.1 Passive-Mode FTP Behind Linksys Router" 
    Date: Sat, 24 Apr 2004 22:33:08 GMT

    In article <408c8e55.188207678@msnews.microsoft.com>,
    jcochran.nospam@naplesgov.com (Jeff Cochran) wrote:
    >On Fri, 23 Apr 2004 15:01:03 -0700, "Steve A"
    ><anonymous@discussions.microsoft.com> wrote:
    >
    >>I am trying to support Passive-Mode FTP Behind a Linksys Router with no luck.
    > I want to give access to a few people who are behind a NAT firewall on their
    > client end. Do I need to set any settings in the ftp service itself, and
    > exactly what ports do I need to open on the linksys router which the server is
    > behind? Do the Clients have to do anything besides set their internet browser
    > for Passive-Mode FTP?
    >
    >Passive mode should just require ports 20 and 21 open on the Linksys.

    Nononononono.

    Once again, when you're opening firewall ports, particularly on
    Linksys-quality firewalls / routers, you are opening for inbound
    connections. Port 20 is never used as a destination for inbound
    connections, only as a source for outbound data connections in active mode
    (i.e. non-passive). Firewalls like the Linksys are generally open for all
    outbound connections.

    Supporting PASV mode on IIS 5.x requires that you open up a range of ports
    for incoming connections from the client to the server.
    http://support.microsoft.com/?id=810639 will tell you how to define that
    range for IIS.

    Alun.
    ~~~~

    [Please don't email posters, if a Usenet response is appropriate.] 

    -- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@texis.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
  • Next message: Jeff Cochran: "Re: IIS 5.1 Passive-Mode FTP Behind Linksys Router"

    Relevant Pages

    • Re: Port 135
      ... The patch doesn't disable DCOM / RPC, so connections can still be made. ... That's why you need a firewall. ... the patch is not the thing to control ... control over your TCP/IP ports and services, ...
      (microsoft.public.security)
    • Re: IIS 5.1 Passive-Mode FTP Behind Linksys Router
      ... >> I want to give access to a few people who are behind a NAT firewall on their ... >> exactly what ports do I need to open on the linksys router which the server is ... >connections, only as a source for outbound data connections in active mode ... >for incoming connections from the client to the server. ...
      (microsoft.public.inetserver.iis.ftp)
    • Re: Got Active Ports, now what?
      ... have services running and ports open does not in ANY way shape or form mean ... vulnerabilities and links to plenty of other ... Why do I need 23 connections to the ... > You should get a 'Application' Filtering Firewall for your XP box. ...
      (comp.security.firewalls)
    • Re: Exchange ports through firewall?
      ... I take there are too many ports to open if we use the full client method? ... in this case if you want to provide clients RPC/MAPI access across a firewall, you can restrict clients and server to a narrower range of ports, or alternatively open a lot more ports on the firewall. ...
      (microsoft.public.exchange.admin)
    • Re: Client End Firewalls
      ... depending on the firewall's configuration). ... Even if a client side firewall was to block just one ... Using a firewall with password protection is a must. ... >> connections. ...
      (Security-Basics)