How do I configure Windows Firewall for FTP Server
10,253
Depends on if you're using Active or Passive ftp. Here's the chart from this site which has a great explanation of the differences from a port perspective:
Active FTP :
command : client >1023 -> server 21
data : client >1023 <- server 20
Passive FTP :
command : client >1023 -> server 21
data : client >1023 -> server >1023
So:
- Active FTP - the firewall must allow incoming connections on TCP/21 and outgoing connections on TCP>1023.
- Passive FTP - the firewall must allow incoming connections on TCP/21 and TCP>1023
If you're going to use Passive ftp the best thing to do is to configure the ftp server to use a specific (limited) port range for the client to connect to for the data stream and then open that range on the firewall.
Related videos on Youtube
Author by
Mr. Flibble
Updated on September 17, 2022Comments
-
Mr. Flibble over 1 year
What ports do I need to open for me to be able to access Windows FTP server (running on Server 2008) for both active and passive FTP? Opening 21 on it's own is not enough.
-
Mr. Flibble over 14 yearsSo 20, 21 and 1023 will do it? All TCP?
-
squillman over 14 years20 and 21 are fixed for Active FTP. The other's are random ports greater than 1023.
-
senfo over 14 yearsThe random part is important. Most modern firewalls have special features specifically designed to handle active FTP connections.