Recently I found something rather irritating with regards to Windows Server 2003 and 2008. I noticed that FTP connections didn’t work properly when the FTP client is behind a firewall that is really restrictive. Now typically this wouldn’t be an issue for most people but I like to keep my corporate firewalls secure with specific outgoing connection rules. As a result all FTP client connections normally use passive (PASV) mode hence not requiring the server to connect back to the client and avoiding all the associated NAT (network address translation) headaches.
Anyway, recently I found a problem connecting as an FTP client to some of our customer servers as well as the new SA Developer .NET server. Using my favourite Windows FTP client, FileZilla, I was noticing the connections stall on the LIST command as follows:
Its been puzzling me for a while so I started digging around and found that if the Windows Firewall was enabled on the server then connections would fail even though the firewall specifically had a rule defined to allow connections to the FTP service on TCP port 21. After some further hunting I found a really useful post that solved my problems. Open up a Command Prompt (as an Administrator of course) and type in the following:
netsh advfirewall set global StatefulFtp enable
All of a sudden all of my FTP transfer issues were gone. Its definitely a much better alternative to disabling the Windows Firewall on a server.
In PASV mode your ftp data can be transfered over any one of your ports > 1023. The command goes on 21. I’d say it probably better to have your client connect in Active mode and open port 20 and 20 on your firewall.